Eliminar Trojan.Agent.DYXY


#1

Hola, buenas.

Di con ese foro buscando cómo eliminar lo que parece ser un troyano que no hay manera de eliminar de forma definitiva.

El antivirus Bitdefender (versión gratuita) y Windows Defender, desde hace unos días no paran de notificarme que han detectado una amenaza y la han bloqueado. La notificicación aparece constantemente, a cada segundo. Supuestamente me la eliminan, pero siguen apareciendo las notificaciones.

He seguido las instrucciones de vuestra guia para eliminar malware del 2018: le he pasado Malwerbytes, ESET y CCleaner y me detectan cosas y supuestamente me las eliminan o ponen en cuarentena, pero me siguen saliendo las molestas notificaciones de que han bloqueado a este troyano. y Rkill me dice que no encuentra nada.

Los avisos que me salen son los siguientes:

Bitdefender; Item was blocked. Threat name: Trojan.Agent.DYXY. Path: \Device\HarddiskVolume3\Windows\Temp\tmp000001b8\tmp00002c7c

Windows Defender:

VirTool:Win32/CeeInject Nivel de alerta: Grave Estado: en cuarentena Fecha: 31/12/2018 (aunque la notificación es la ultima que me ha salido hoy, me sale esta fecha)

Acción recomendada: eliminar la amenaza ahora Categoría: herramienta

Elementos afectados: file: C:\Windows\Temp\tmp0000040d\tmp0000002d

Mi pc es un portátil Asus con Wndows 10.

Gracias por vuestra atención.


#2

Hola

Pega los logs de las herramientas que usaste y estos ademas:

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#3

Ok, gracias. Para pegar los logs de las herramientas que usé supongo que debo volver a pasarlas de nuevo, ¿no? así que me va a llevar un rato largo tenerlos todos. en cuanto los tenga los subo :slight_smile:


#4

No, deberías poner los que ya realizaste en su momento, si los tienes, porque si los haces de nuevo, en teoria saldrán limpios


#5

Me había puesto ya a realizarlos de nuevo porque no los tenía antes de leer tu mensaje, lo siento. He encontrado el antiguo de Malwerbytes de cuando me detectó cosas (ahora me sale limpio porque lo pasé varias veces estos días.). Los demás, menos el Rkill, no me salen limpios:

Bitdefender:

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="ondemand.xsl"?>
<ScanSession creator="Bitdefender Antivirus Free" name="Full Scan" installPath="C:\Program Files\Bitdefender Antivirus Free\" creationDate="jueves, 17 de enero de 2019 16:30:17" originalPath="C:\Program Files\Bitdefender Antivirus Free\Logs\system\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1547729401_1_02.xml" >
	<ScanSettings 
		statisticsRefreshInterval="500"
		scanSpeed="1.000000"
		lowPriority="0"
		enableExclusions="1"
		enableTaskExclusions="0"
		scanAdware="1"
		scanSpyware="1"
		scanApplications="1"
		scanDialers="1"
		scanKeyloggers="1"
		scanFiles="1"
		scanAllFiles="0"
		scanProgramsOnly="0"
		useCustomPrograms="0"
		customPrograms=""
		scanUserDefined="0"
		scanPacked="0"
		scanArchives="0"
		useSmartScan="1"
		scanEmails="1"
		scanRootkits="0"
		scanAllRootkits="0"
		scanBoot="0"
		scanMemory="0"
		scanRegistry="0"
		quickScan="0"
		quickScanMemory="0"
		quickScanAutoruns="0"
		quickScanPlugins="0"
		scanCookies="0"
		shutdownAfter="0"
		passwordPrompt="0"
		onlyAllowedActions="0"
		deepArchiveScan="0"
		maxArchiveLevel="0"
		maxArchiveSize="0"
		infectedAction1="1"
		infectedAction2="1"
		suspectAction1="1"
		suspectAction2="1"
		rootkitAction="3"
		userDefinedExtensions=""
		scanPua="1"
		computeSha256Hash="0"
		computeMd5Hash="0"
		disableIndexer="0"
		enableCertReport="0"
		paranoidAction="1"
	>

		<Paranoid>
		</Paranoid>

		<ScanPaths>
			<path>C:\</path>
		</ScanPaths>

		<ExcludedPaths>
		</ExcludedPaths>

		<ExcludedExtensions>
		</ExcludedExtensions>

	</ScanSettings>

	<EngineSummary
		totalSignatures="12394918"
		/>

	<ScanSummary
		scannedArchives="12"
		scannedPacked="0"
		startTime="1547729401"
		duration="9104156"
		userDefinedExtensions="">

		<TypeSummary type="1"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="4"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="0"
			scanned="537799"
			infected="95"
			suspicious="0"
			disinfected="0"
			deleted="94"
			moved="0"
			moved_reboot="0"
			delete_reboot="1"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="5"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="2"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="3"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="6"
			scanned="0"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

		<TypeSummary type="7"
			scanned="182"
			infected="0"
			suspicious="0"
			disinfected="0"
			deleted="0"
			moved="0"
			moved_reboot="0"
			delete_reboot="0"
			renamed="0"
			hidden="0"
		/>

	</ScanSummary>

	<ScanDetails>
		<UnresolvedDetails>
		</UnresolvedDetails>

		<ResolvedDetails>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b3e8" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001ffc" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001fee" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b41d" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910e6" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000e1e" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000044af" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp000000f4" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp0000014e" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b41c" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00000099" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001fed" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910ef" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001fc8" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00005209" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001f71" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000149" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00000029" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090ef3" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910ec" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001ffd" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000524e" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910f0" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910b4" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001fec" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002fb7" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001f80" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001f83" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090ef4" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000523d" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001f69" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000001f" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp000000ed" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000cc" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000001" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b424" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000448c" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090ebd" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0009107f" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b3ea" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000044b0" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002fb5" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002fbd" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002e0f" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000012a7" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp000000ee" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000cd" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000cb" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00000001" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000154" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000be" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000e2b" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp0000006d" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp0000014a" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000136" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp000000ef" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp0000003e" threatType="0" threatName="Trojan.Agent.DIXY" action="3" allActions="1 7 1 5 1 3" initialStatus="3" finalStatus="9" quarId="" failReason="1" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001fcb" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00091081" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00002009" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090ebf" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910e7" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b452" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000524f" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b41a" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00002da5" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00004507" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002e14" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002fc3" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000cf" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp000000c7" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00000096" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000155" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp0000014b" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp00000086" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000e59" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000910b2" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001414" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001feb" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0007b3b5" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090e81" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp000051f1" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002c7c" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00000097" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000014c\tmp0000014c" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000eb8" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp0000142a" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp000001b8\tmp00002c95" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000ebb" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00090e83" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000445\tmp00001434" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp00000153\tmp00000ebc" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000522d" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp0000522e" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
			<Item type="0" objectType="0" path="C:\Windows\Temp\tmp0000027c\tmp00005238" threatType="0" threatName="Trojan.Agent.DIXY" action="5" allActions="1 7 1 5" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""><FileInfo itemMd5Hash="no_hash" chainMd5Hash="no_hash" fileSize="1812663" certIssuer="" certSubject="" certSerial="" certTimestamp="0"/></Item>
		</ResolvedDetails>

		<IgnoredDetails>
		</IgnoredDetails>

		<QuickScanDetails>
		</QuickScanDetails>
		<NotScannedDetails
			skipped="75088"
			ioerrors="31"
			archiveBombs="0"
			passwordProtected="3"
		>

			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Temp\wct410.tmp" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\client\AppvIsvStream32.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Temp\wctC20.tmp" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Temp\wct78FA.tmp" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Temp\wct6AA1.tmp" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\client\AppvIsvStream64.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\eSupport\eDriver\Software\ASUS\eManual\1.0.7\2223\0418_RO10691_NB_User&apos;s_Guide_A.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\swapfile.sys" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190115-173809-00000003-ffffffff.bin" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AppvIsvStream32.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\EQUATION\AppvIsvStream32.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\Office16\AppvIsvStream64.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\Users\Usuario\Documents\MAs GD\Leiriu I_ La rebelion - Valeria Gonzalez Lozano Ebook Tours.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\hiberfil.sys" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
			<Item type="0" objectType="0" path="C:\eSupport\Manual\0418_RO10691_NB_User&apos;s_Guide_A.pdf" threatType="0" threatName="" action="1" allActions="" initialStatus="10" finalStatus="10" failReason="5" />
			<Item type="0" objectType="0" path="C:\pagefile.sys" threatType="0" threatName="" action="1" allActions="" initialStatus="0" finalStatus="0" failReason="9" />
		</NotScannedDetails>
	</ScanDetails>

</ScanSession>

RKill:

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2019 05:13:57 PM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 01/17/2019 05:23:36 PM
Execution time: 0 hours(s), 9 minute(s), and 39 seconds(s)

Malwerbytes (hoy):

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 17/1/19
Hora del análisis: 16:37
Archivo de registro: d534da1c-1a6d-11e9-9161-94e9792a4296.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8830
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.523)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-9PO1SCK\Usuario

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 356470
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 10 min, 33 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Malwerbytes (anterior):

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 11/1/19
Hora del análisis: 13:23
Archivo de registro: b5c8e172-159b-11e9-8d59-94e9792a4296.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8690
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.523)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-9PO1SCK\Usuario

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 357119
Amenazas detectadas: 11
Amenazas en cuarentena: 11
Tiempo transcurrido: 9 min, 52 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
Trojan.Agent.Generic, HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fded6d7a, En cuarentena, [3690], [597397],1.0.8690

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\fded6d7a, En cuarentena, [3690], [597397],1.0.8690

Archivo: 9
Trojan.Agent.Generic, C:\PROGRAMDATA\fded6d7a\test.au3, En cuarentena, [3690], [597397],1.0.8690
Trojan.Agent.Generic, C:\ProgramData\fded6d7a\fded6d7a.exe, En cuarentena, [3690], [597397],1.0.8690
Trojan.Agent.Generic, C:\ProgramData\fded6d7a\fded6d7atest.au3, En cuarentena, [3690], [597397],1.0.8690
Trojan.Agent.Generic, C:\ProgramData\fded6d7a\PE.bin, En cuarentena, [3690], [597397],1.0.8690
Trojan.Agent.Generic, C:\ProgramData\fded6d7a\shell.txt, En cuarentena, [3690], [597397],1.0.8690
PUP.Optional.InstallCore.Generic, C:\USERS\USUARIO\DOWNLOADS\ATUBE_CATCHER_1086283817.EXE, En cuarentena, [526], [621110],1.0.8690
PUP.Optional.InstallCore.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\aTube Catcher.lnk, En cuarentena, [526], [621110],1.0.8690
PUP.Optional.InstallCore.Generic, C:\USERS\PUBLIC\DESKTOP\aTube Catcher.lnk, En cuarentena, [526], [621110],1.0.8690
PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\ATUBE CATCHER 2.0\YCT.EXE, En cuarentena, [526], [621110],1.0.8690

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

ESET:

17/01/2019 20:24:55
Files scanned: 486127
Infected files: 1
Cleaned threats: 1
Total scan time 03:01:40
Scan status: Finished
C:\Users\Usuario\Downloads\ccsetup551.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting

Me falta el CC Cleaner y hacer lo de desactivar el antivirus y pasar el Fabar,¡ahora me pongo a ello!


#6

Del CCCleaner no sé cómo poner el log porque solo me da una lista muy resumida de cosas que borró.

Del Fabar:

Frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by Usuario (administrator) on DESKTOP-9PO1SCK (17-01-2019 21:04:43)
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario & _ashbackuppb_ (Available Profiles: Usuario & _ashbackuppb_)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupService-abpb.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\oxHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
() C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\oxHelper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Ashampoo Backup PB] => C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe [323504 2017-03-28] ()
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4050752 2019-01-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Run: [Discord] => C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc.)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-20] (GOG.com)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\MountPoints2: {eb6aba74-525a-11e8-ade6-704d7b34c45b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-607596156-44945795-2337355111-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [vidc.x264] => C:\Program Files\VEGAS\VEGAS Pro 14.0\x264vfw64.dll [3502080 2014-07-22] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-10-06]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{3ca91a8d-c447-4591-966b-3248523a9e52}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{8ab6c985-395a-49e4-bb8f-c520c0cdb20a}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-607596156-44945795-2337355111-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-05] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-05] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems)

Chrome: 
=======
CHR NewTab: Default ->  Not-active:"chrome-extension://hchlgfaicmddilenlflajnmomalehbom/popup.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-01-17]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-05]
CHR Extension: (uBlock Origin) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-12-11]
CHR Extension: (Typio Form Recovery) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkbihbnjhkjahbhjaadbepppbpoedaa [2018-12-11]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (CSSViewer) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2018-04-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Color Tab) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchlgfaicmddilenlflajnmomalehbom [2018-07-04]
CHR Extension: (Peaky Blinders) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieidoflnncenoifehbmmijebmfhacod [2017-11-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-05]
CHR Extension: (Office Online) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-12-11]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-17]
CHR HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-06-07] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [125144 2016-02-15] (Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619616 2019-01-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-08] (Dropbox, Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] ()
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG.com)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [799656 2018-08-16] (ICEpower)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp.)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2017-05-05] ()
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2581864 2017-01-25] (LULU Software)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [931176 2017-01-25] (LULU Software)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-15] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-15] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-15] (Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [220288 2018-04-16] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ashbackuppb; "c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupService-abpb.exe" "--controlFolder=c:\ProgramData\Ashampoo Backup PB\control" "--id=ashbackuppb" daemon
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [94712 2016-04-01] (ASUS Corporation)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-09-22] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2018-12-17] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-12] (Bitdefender)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack System Inc. )
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-24] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R1 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [359584 2018-10-24] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [193184 2018-07-04] (BitDefender LLC)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-17] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_9b1341e92276ee7c\nvlddmkm.sys [17213616 2018-10-15] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corporation )
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610128 2018-11-15] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-17 21:04 - 2019-01-17 21:06 - 000029903 _____ C:\Users\Usuario\Desktop\FRST.txt
2019-01-17 21:03 - 2019-01-17 21:04 - 000000000 ____D C:\FRST
2019-01-17 20:57 - 2019-01-17 20:57 - 002427904 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2019-01-17 17:18 - 2019-01-17 17:18 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Usuario\Desktop\esetonlinescanner_enu.exe
2019-01-17 16:54 - 2019-01-17 16:54 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-17 16:54 - 2019-01-17 16:54 - 000004608 ___RH C:\farstone_pe.letter
2019-01-17 16:20 - 2019-01-17 20:54 - 000000000 ____D C:\Users\Usuario\Desktop\vvv
2019-01-17 13:54 - 2019-01-17 13:54 - 002427904 _____ (Farbar) C:\Users\Usuario\Desktop\Sin confirmar 166548.crdownload
2019-01-16 23:20 - 2019-01-16 23:20 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-16 23:20 - 2019-01-16 23:20 - 000002892 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-16 23:20 - 2019-01-16 23:20 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-16 23:20 - 2019-01-16 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-01-16 23:20 - 2019-01-16 23:20 - 000000000 ____D C:\Program Files\CCleaner
2019-01-16 23:15 - 2019-01-17 20:55 - 000003380 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-01-16 23:15 - 2019-01-17 20:55 - 000003374 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-01-16 16:47 - 2019-01-16 16:47 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Usuario\Downloads\esetonlinescanner_enu.exe
2019-01-16 16:47 - 2019-01-16 16:47 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2019-01-16 16:46 - 2019-01-17 17:23 - 000002592 _____ C:\Users\Usuario\Desktop\Rkill.txt
2019-01-16 16:46 - 2019-01-16 16:46 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Usuario\Downloads\iExplore64.exe
2019-01-16 16:45 - 2019-01-16 16:46 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Usuario\Downloads\iExplore.exe
2019-01-13 17:30 - 2019-01-13 17:30 - 022694243 _____ C:\Users\Usuario\Downloads\TubeMate.AppxBundle
2019-01-13 16:57 - 2019-01-17 12:57 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2019-01-12 00:39 - 2019-01-12 00:39 - 004678412 _____ C:\Users\Usuario\Downloads\TORMENTAS_PELIGROS_US.pdf
2019-01-12 00:38 - 2019-01-12 00:38 - 005357042 _____ C:\Users\Usuario\Downloads\MOVIMIENTOS_BASICOS_SU.pdf
2019-01-12 00:37 - 2019-01-12 00:38 - 006054291 _____ C:\Users\Usuario\Downloads\MC_URBAN_SHADOWS.pdf
2019-01-12 00:36 - 2019-01-12 00:39 - 000000000 ____D C:\Users\Usuario\Desktop\Sombras urbanas
2019-01-11 14:30 - 2019-01-11 14:35 - 000000000 ____D C:\AdwCleaner
2019-01-11 14:30 - 2019-01-11 14:30 - 007320272 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_7.2.6.0.exe
2019-01-11 14:08 - 2019-01-11 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-01-09 21:01 - 2019-01-02 20:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-09 21:01 - 2019-01-02 20:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 17:48 - 2019-01-09 17:48 - 000057049 _____ C:\Users\Usuario\Downloads\PRUEBA FINAL_Antropología de la Educación_07012019.pdf
2019-01-09 15:02 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:02 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 15:02 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 15:02 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 15:01 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 15:01 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 15:01 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 15:01 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 15:01 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 15:01 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 15:01 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 15:01 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 15:01 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 15:01 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 15:01 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 15:01 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 15:01 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 15:01 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 15:01 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 15:01 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 15:01 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 15:01 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 15:01 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 15:01 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 15:01 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 15:01 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 15:01 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 15:01 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 15:01 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 15:01 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 15:01 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 15:01 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 15:01 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 15:01 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 15:01 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 15:01 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 15:01 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:01 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 15:01 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 15:01 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 15:01 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 15:01 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 15:01 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 15:01 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 15:01 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:01 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 15:01 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 15:01 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 15:01 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 15:01 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 15:01 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 15:01 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 15:01 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 15:01 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 15:01 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 15:01 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 15:01 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 15:01 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 15:01 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 15:01 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 15:01 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 15:01 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 15:01 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 15:01 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 15:01 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 15:01 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 15:01 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-09 15:00 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 15:00 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 15:00 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 15:00 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 15:00 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 15:00 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 15:00 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 15:00 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 15:00 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 15:00 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 15:00 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 15:00 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 15:00 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 15:00 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 15:00 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 15:00 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 15:00 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 15:00 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 15:00 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 15:00 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 16:12 - 2019-01-08 16:12 - 000076636 _____ C:\ProgramData\agent.update.1546960330.bdinstall.v2.bin
2019-01-08 14:07 - 2019-01-08 14:07 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-01-08 14:07 - 2019-01-08 14:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-01-08 14:07 - 2019-01-08 14:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-01-08 14:07 - 2019-01-08 14:07 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-12-30 18:47 - 2018-12-30 18:47 - 000049594 _____ C:\Users\Usuario\Documents\el_profeta.epub
2018-12-29 19:41 - 2018-12-29 19:41 - 000102954 _____ C:\Users\Usuario\Documents\michel_foucault_heterotopias_y_cuerpo_utopico.pdf
2018-12-19 21:21 - 2018-12-14 08:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-19 21:21 - 2018-12-14 08:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-19 21:21 - 2018-12-14 08:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-19 21:21 - 2018-12-14 08:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-19 21:21 - 2018-12-14 08:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-19 21:21 - 2018-12-14 08:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-19 21:21 - 2018-12-14 07:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-19 21:21 - 2018-12-14 07:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-19 21:21 - 2018-12-14 07:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-19 21:21 - 2018-12-14 07:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-19 21:21 - 2018-12-14 07:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-19 21:20 - 2018-12-14 08:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-19 21:20 - 2018-12-14 08:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-19 21:20 - 2018-12-14 08:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-19 21:20 - 2018-12-14 07:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-19 21:20 - 2018-12-14 07:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-19 21:20 - 2018-12-14 07:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-18 20:49 - 2018-12-18 20:49 - 005271440 _____ C:\Users\Usuario\Downloads\Copia de Copia de Copia de Copia de Copia de 9. MADELAINE II.pdf
2018-12-18 16:07 - 2018-12-18 16:07 - 002011389 _____ C:\Users\Usuario\Downloads\Copia de 9. MADELAINE II.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-17 21:06 - 2018-01-25 16:40 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-01-17 21:06 - 2016-12-31 23:48 - 000000206 _____ C:\Users\Usuario\AppData\Roaming\sp_data.sys
2019-01-17 21:04 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-17 17:58 - 2018-04-11 22:04 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2019-01-17 17:12 - 2018-04-19 22:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\discord
2019-01-17 17:07 - 2018-04-19 22:16 - 000000000 ____D C:\Users\Usuario\AppData\Local\Discord
2019-01-17 17:06 - 2018-04-19 22:16 - 000002241 _____ C:\Users\Usuario\Desktop\Discord.lnk
2019-01-17 17:06 - 2018-04-19 22:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-01-17 17:04 - 2016-12-31 23:51 - 000000000 ___RD C:\Users\Usuario\OneDrive
2019-01-17 16:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-17 16:56 - 2016-12-31 23:46 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2019-01-17 16:54 - 2018-06-07 16:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-17 16:54 - 2017-07-24 23:27 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-17 16:53 - 2018-06-07 15:59 - 000000000 ____D C:\Users\_ashbackuppb_
2019-01-17 16:53 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-01-17 16:17 - 2018-06-07 15:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-17 12:57 - 2018-06-07 16:36 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2019-01-16 23:44 - 2017-05-05 22:25 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-16 23:42 - 2018-05-23 00:06 - 000000000 ___DC C:\WINDOWS\Panther
2019-01-16 23:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-16 23:42 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-16 23:42 - 2017-01-20 19:02 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2019-01-16 21:31 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-16 19:17 - 2017-05-05 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2019-01-16 17:19 - 2017-12-07 03:45 - 000000000 ____D C:\Users\Usuario\Downloads\Telegram Desktop
2019-01-15 23:19 - 2018-11-22 16:38 - 000000000 ____D C:\Users\Usuario\Biblioteca de calibre
2019-01-15 17:30 - 2017-12-04 18:53 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Telegram Desktop
2019-01-15 17:16 - 2018-06-07 15:59 - 000000000 ____D C:\Users\Usuario
2019-01-13 17:31 - 2017-12-04 22:48 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2019-01-13 17:22 - 2017-05-08 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2019-01-12 15:40 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-12 15:39 - 2016-10-06 09:33 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-11 14:21 - 2016-03-28 12:17 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-01-11 12:49 - 2018-10-14 15:29 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\b0ba1f17121cc10d56f919726dfc8982
2019-01-11 12:48 - 2018-10-14 15:29 - 000000000 ___HD C:\DESKTOP-9PO1SCK
2019-01-09 22:59 - 2018-11-09 16:51 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2019-01-09 20:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 20:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 20:48 - 2018-06-07 16:18 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-09 20:48 - 2018-04-12 17:18 - 000789180 _____ C:\WINDOWS\system32\perfh00A.dat
2019-01-09 20:48 - 2018-04-12 17:18 - 000155760 _____ C:\WINDOWS\system32\perfc00A.dat
2019-01-09 15:40 - 2017-05-05 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 15:22 - 2017-05-05 22:41 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-09 15:21 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-09 01:37 - 2018-06-07 16:36 - 000004630 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-01-09 01:36 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-01-09 01:36 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-08 23:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-08 16:12 - 2018-01-25 16:39 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-01-07 01:45 - 2017-05-06 01:30 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2019-01-04 01:51 - 2018-11-15 01:21 - 000000000 ____D C:\Users\Usuario\Desktop\Accesos directos
2019-01-04 01:22 - 2017-05-06 01:35 - 000000000 ____D C:\Users\Usuario\Downloads\Peliculas
2019-01-04 01:14 - 2017-05-05 20:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2018-12-31 01:31 - 2018-06-07 16:36 - 000003722 _____ C:\WINDOWS\System32\Tasks\[email protected]
2018-12-31 01:06 - 2018-06-07 15:51 - 005351992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-31 01:01 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-31 01:01 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-31 01:01 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-28 18:56 - 2017-05-05 22:17 - 000000000 ____D C:\Users\Usuario\Documents\Léiriú
2018-12-19 20:08 - 2018-06-07 16:36 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-19 20:08 - 2018-06-07 16:36 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-18 03:32 - 2017-05-05 20:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-12-31 23:48 - 2019-01-17 21:06 - 000000206 _____ () C:\Users\Usuario\AppData\Roaming\sp_data.sys
2018-09-28 21:05 - 2018-09-28 21:05 - 000000000 _____ () C:\Users\Usuario\AppData\Local\oobelibMkey.log
2018-01-24 03:06 - 2018-01-24 03:06 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{620D58C4-587C-4EE1-AAFB-F3346D0361C3}
2018-02-16 15:00 - 2018-02-16 15:00 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{F9CDF0AE-2EA6-48D0-A587-2DAC629A0FBE}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 15:51

==================== End of FRST.txt ============================

#7

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Usuario (17-01-2019 21:07:38)
Running from C:\Users\Usuario\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-07 15:37:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-607596156-44945795-2337355111-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-607596156-44945795-2337355111-503 - Limited - Disabled)
Invitado (S-1-5-21-607596156-44945795-2337355111-501 - Limited - Disabled)
Usuario (S-1-5-21-607596156-44945795-2337355111-1001 - Administrator - Enabled) => C:\Users\Usuario
WDAGUtilityAccount (S-1-5-21-607596156-44945795-2337355111-504 - Limited - Disabled)
_ashbackuppb_ (S-1-5-21-607596156-44945795-2337355111-1002 - Administrator - Enabled) => C:\Users\_ashbackuppb_

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Disabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\uTorrent) (Version: 3.5.5.44954 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_2) (Version: 18.2 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop CS6 versión 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Backup Pro 11 (HKLM\...\{DF972766-3CEA-0FEC-AD7D-0A1791430C35}_is1) (Version: 11.07 - Ashampoo GmbH & Co. KG)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.15.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.161 - ICEpower a/s)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.278.3 - AVAST Software)
AXIS Companion 3.44 (HKLM\...\{A6FE3FFD-BD70-4FD6-A436-62417F0A81EB}_is1) (Version: 3.44.009 - Axis Communications AB)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.10.12 - Bitdefender)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{A9CFF5B2-9CF6-4903-ACD1-CE9CFDFD6206}) (Version: 3.34.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Discord) (Version: 0.0.304 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 64.4.141 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{F0915BBA-A86F-4672-807D-30F38DFC2B44}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11126.20196 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
NewBlue Vegas Pro Suite Complete (HKLM-x32\...\NewBlue Vegas Pro Suite Complete) (Version: 1.0 - NewBlue)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA Controlador de gráficos 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11126.20196 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice 4.1.3 Language Pack (Spanish) (HKLM-x32\...\{789DA182-44AA-4DA9-9FA4-F087E4F8B6E9}) (Version: 4.13.9783 - Apache Software Foundation)
Panel de control de NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Popcorn-Time (HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.470.1 - proDAD GmbH)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.886.030716 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.27054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8514 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.38.31816 - LULU Software)
Soda PDF Desktop View Module (HKLM\...\{CAF75E2A-9CD6-49CC-962D-BFF08DBE5EEB}) (Version: 9.0.38.31757 - LULU Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Telegram Desktop version 1.5.4 (HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.4 - Telegram Messenger LLP)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Trapcode Suite 64-bit (HKLM\...\{5210717F-CAFD-4F21-8DF7-6ED3862725C4}) (Version: 12.1.0 - Red Giant Software) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{5210717F-CAFD-4F21-8DF7-6ED3862725C4}) (Version: 12.1.0 - Red Giant Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\1207659240_is1) (Version: 1.2 (UP 10.0) - GOG.com)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4D911470-79F9-11E6-9145-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (03/18/2016 11.0.0.9) (HKLM\...\689E9F7827C3AF1059D6C80D6C7F4EF89E2D7E72) (Version: 03/18/2016 11.0.0.9 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.2.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WPS Office (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.6020 - Kingsoft Corp.)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-607596156-44945795-2337355111-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.6020\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-607596156-44945795-2337355111-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-03-08] ()
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-12-10] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-607596156-44945795-2337355111-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.6020\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-04-16] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {088585A8-AD61-4DDD-AFF5-47E0179EFA3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {14A03490-A495-4191-93AD-302400E81860} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-11-15] (Bitdefender)
Task: {1B1AEFB9-56AB-4085-AC95-23190E5746F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-05] (Google Inc.)
Task: {1B33ECC5-DCD5-4347-BA1D-B0A906265937} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {1D05C37E-790A-410B-ADEE-7BE5A79BF64E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {26A9A12C-9B2C-4116-99FC-D82455400E9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {26CA703B-6931-465C-868C-B5C47420D11C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {32F877AB-E19E-43AE-AEA4-81C4CB2C6DE5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-05] (Dropbox, Inc.)
Task: {36125A00-1404-4B97-AA3F-882DF83717F0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Usuario\Desktop\esetonlinescanner_enu.exe [2019-01-17] (ESET spol. s r.o.)
Task: {3ACF92E7-9C4C-49C3-9FD6-5CF5F0C47F68} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {4A5BC2A5-BDAC-484A-80ED-14B89DB0372D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {4A604DA7-BDF2-4D76-B2D5-A6AC487ED32B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {4CCE54B2-4242-4C75-9297-83DDF603EF45} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {4EAF760C-E3FF-4AD9-B6BD-642F0EF53481} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2017-05-05] (AVAST Software)
Task: {5477D55A-E5E2-4341-A90B-C150F7443F2F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {66E01AE5-5608-45D9-9E4F-9D979A090AE3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-12] (Microsoft Corporation)
Task: {68770757-3785-4312-AB65-3A1038FD1F5E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {6B017AF4-30DC-4B40-B9DB-971E20EAD0C9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-12] (Microsoft Corporation)
Task: {7A7B374E-7A14-4420-91D7-71AEC14BA509} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {8024D5A6-767E-413F-97BD-81067685FC2D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-12] (Microsoft Corporation)
Task: {9413421F-21D1-4D23-8B4A-39F32F0F1D5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {992E0C04-B9E8-40D0-AC74-CAE5EAF177A7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-02-23] (ASUS)
Task: {9E9ECDAE-82E3-47E8-9680-2C615283B9AB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {9F4959B3-9BF5-4752-8E00-AB6B5323A593} - System32\Tasks\WpsExternal_Usuario_20180112200108 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2018-04-16] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {A53FE14A-319E-4A41-81E4-F188D4B2C982} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {A90CF3DC-F0A6-495C-8092-7B3A718B21E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2019-01-12] (Microsoft Corporation)
Task: {AAEBF8F7-4EBE-4D47-8417-1288EA64416E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {B0374433-060C-44F0-9FE2-B547F66FCF23} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {B5029723-45D0-435A-8117-401D0708E7C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {B8A7F3F0-2F9A-4126-B655-7DEC8BB5A540} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-05] (Dropbox, Inc.)
Task: {B9ED53A4-C656-45A2-BCED-548E92AB989D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-05] (Google Inc.)
Task: {BB455AC2-F634-4D14-AD71-E8285CD77681} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {BC78A195-8098-4A25-848D-F2591C61F4C9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-12] (Microsoft Corporation)
Task: {C749E442-CD60-4A61-B418-391E72B08C47} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-08-16] (Realtek Semiconductor)
Task: {CB309108-184B-4E2A-B90D-12E6727B9883} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
Task: {EC6CAFEB-B289-468E-AC2A-70DF4FB6C2EB} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {F1314EAA-E9B1-4592-AAAF-5E262E9BEBCF} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Usuario\Desktop\esetonlinescanner_enu.exe [2019-01-17] (ESET spol. s r.o.)
Task: {F6A29122-DCCF-4339-A5FB-0B8AAE981136} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-08-16] (Realtek Semiconductor)
Task: {F906D794-698C-49F5-BC52-7C2129FB9280} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-08-13 07:30 - 2014-08-13 07:30 - 000073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2018-09-26 23:02 - 2018-12-17 17:50 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-05 20:55 - 2017-05-05 20:57 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2014-03-25 10:14 - 2014-03-25 10:14 - 000071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2018-05-03 15:41 - 2018-06-07 17:41 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-08 15:41 - 2018-05-08 15:41 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpbr.mdl
2018-05-08 15:41 - 2018-05-08 15:41 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpdsp.mdl
2018-05-08 15:41 - 2018-05-08 15:41 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpph.mdl
2018-05-08 15:41 - 2018-05-08 15:41 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttprbl.mdl
2017-05-05 21:29 - 2017-03-28 14:28 - 000031664 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupService-abpb.exe
2017-05-05 21:29 - 2017-03-28 14:28 - 000080304 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupServiceLib.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000124336 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\deemon.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000398256 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\twirl.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 007988656 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupCore.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 004727216 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ox.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000279984 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\tomb.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000416176 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\veem.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000123824 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\scoolite.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000261040 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\crumb.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 001020848 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\webdave.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000054192 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lzmaUtil.dll
2017-05-05 21:30 - 2017-02-28 17:52 - 000075776 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ziputil.dll
2017-05-05 21:30 - 2017-02-28 17:52 - 000024064 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zlibutil.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000055728 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\minizutil.dll
2017-05-05 21:29 - 2017-02-28 17:52 - 000230912 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\jsoncpp.dll
2017-05-05 21:30 - 2017-02-28 17:52 - 000227840 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\party.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000156080 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\netutil.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000074672 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ashinetutil.dll
2017-05-05 21:30 - 2017-02-28 17:52 - 000081408 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zdll.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000027568 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lz4util.dll
2017-05-05 21:30 - 2017-02-28 17:52 - 000571392 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\sqlite.dll
2017-05-05 21:29 - 2017-02-28 17:52 - 000045568 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lzma.dll
2017-05-05 21:29 - 2017-02-28 17:52 - 000084480 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\minizip.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000038320 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lz4.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000041392 _____ () c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\oxHelper.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-05 19:47 - 2018-03-05 19:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 15:06 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-03-08 03:42 - 2017-03-08 03:42 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2019-01-09 15:01 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-11 13:13 - 2018-12-11 13:13 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-11 13:13 - 2018-12-11 13:13 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 13:50 - 2017-12-01 13:52 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 22:59 - 2018-11-29 22:59 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-11 13:13 - 2018-12-11 13:13 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-11 13:13 - 2018-12-11 13:13 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-12-14 14:43 - 2018-12-14 14:43 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 14:43 - 2018-12-14 14:43 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000323504 _____ () C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe
2017-05-05 21:29 - 2017-03-28 14:28 - 005705136 _____ () C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClientLib.dll
2017-05-05 21:30 - 2017-03-28 14:28 - 000291248 _____ () C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\updateman.dll
2017-05-05 21:29 - 2017-03-28 14:28 - 000120752 _____ () C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\featback.dll
2018-10-04 19:23 - 2018-10-04 19:26 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 14:43 - 2018-12-14 14:43 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 14:43 - 2018-12-14 14:43 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 14:43 - 2018-12-14 14:43 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-09-12 14:53 - 2018-09-12 14:53 - 037821384 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2018-12-18 03:31 - 2018-12-12 06:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-18 03:31 - 2018-12-12 06:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2016-08-01 09:35 - 2016-08-01 09:35 - 000017920 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
2018-10-08 23:48 - 2018-10-08 23:48 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000088576 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\zlibwapi.dll
2015-08-18 08:18 - 2015-08-18 08:18 - 000332800 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBCmdDsp.dll
2015-08-18 05:30 - 2015-08-18 05:30 - 000085504 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpBk.dll
2015-08-18 05:28 - 2015-08-18 05:28 - 000323584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpRt.dll
2014-11-25 04:22 - 2014-11-25 04:22 - 000089088 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EfbCheckImg.dll
2015-08-18 05:26 - 2015-08-18 05:26 - 000223232 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskClone.dll
2014-09-22 03:40 - 2014-09-22 03:40 - 000194560 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EFBSearchTool.dll
2015-07-27 06:50 - 2015-07-27 06:50 - 000224256 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskMgr.dll
2014-09-22 03:40 - 2014-09-22 03:40 - 000022528 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBEventMgr.dll
2015-08-18 06:23 - 2015-08-18 06:23 - 000114176 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EasyFuncs.dll
2014-05-21 04:04 - 2014-05-21 04:04 - 000018432 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSToken.dll
2015-08-18 08:17 - 2015-08-18 08:17 - 000104448 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\BootConfig.dll
2014-03-14 08:04 - 2014-03-14 08:04 - 000012288 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSFat32.dll
2014-03-14 08:04 - 2014-03-14 08:04 - 000201216 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NtfsLib.dll
2014-03-14 08:04 - 2014-03-14 08:04 - 000013312 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VssNew.dll
2014-09-22 03:41 - 2014-09-22 03:41 - 000239104 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\diskpart.dll
2014-11-05 01:44 - 2014-11-05 01:44 - 000017408 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VDiskConvert.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000194048 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NetTool.dll
2014-09-04 03:41 - 2014-09-04 03:41 - 000037888 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\RapidClone.dll
2014-08-20 02:23 - 2014-08-20 02:23 - 000075264 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskInterface.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000157552 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FtpPipeModule.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000091584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\TransferManager.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000062832 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\CommonFun.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000054712 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FTPFunModule.dll
2014-03-25 10:14 - 2014-03-25 10:14 - 000617952 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\XpIcfOpt.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2016-05-09 22:57 - 2016-05-09 22:57 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 067919944 _____ () C:\Program Files (x86)\GOG Galaxy\libcef.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000503368 _____ () C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 001071176 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 001856072 _____ () C:\Program Files (x86)\GOG Galaxy\PocoData.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000387656 _____ () C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 001656392 _____ () C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000306248 _____ () C:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000327752 _____ () C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000130120 _____ () C:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000681032 _____ () C:\Program Files (x86)\GOG Galaxy\sqlite.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000107592 _____ () C:\Program Files (x86)\GOG Galaxy\zlib.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000513608 _____ () C:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000270920 _____ () C:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000426568 _____ () C:\Program Files (x86)\GOG Galaxy\pcre.dll
2018-11-09 16:52 - 2018-12-20 15:43 - 000157256 _____ () C:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2018-11-09 16:51 - 2018-12-20 15:43 - 000152648 _____ () C:\Program Files (x86)\GOG Galaxy\expat.dll
2016-10-06 09:22 - 2016-02-01 19:49 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2018-07-31 09:57 - 2018-07-31 09:57 - 081764304 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2018-07-31 09:57 - 2018-07-31 09:57 - 002257360 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libglesv2.dll
2018-07-31 09:57 - 2018-07-31 09:57 - 000110552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libegl.dll
2018-11-09 16:52 - 2018-10-22 18:35 - 003176448 _____ () C:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2018-11-09 16:52 - 2018-10-22 18:35 - 000079872 _____ () C:\Program Files (x86)\GOG Galaxy\libegl.dll
2018-09-24 18:24 - 2018-09-24 18:24 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-09-24 18:24 - 2018-09-24 18:24 - 000278056 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-09-24 18:24 - 2018-09-24 18:24 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ref\build\Release\binding.node
2018-09-24 18:24 - 2018-09-24 18:24 - 000152616 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-09-24 18:24 - 2018-09-24 18:24 - 000097320 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-09-24 18:24 - 2018-09-24 18:24 - 000110120 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\idle-gc\build\Release\idle-gc.node
2019-01-17 17:04 - 2019-01-15 16:32 - 002000216 _____ () C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\ffmpeg.dll
2019-01-17 17:04 - 2019-01-15 16:32 - 004332376 _____ () C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\libglesv2.dll
2019-01-17 17:04 - 2019-01-15 16:32 - 000106328 _____ () C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\libegl.dll
2019-01-17 17:10 - 2019-01-17 17:10 - 011344728 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_voice\discord_voice.node
2019-01-17 17:10 - 2019-01-17 17:10 - 001723224 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_utils\discord_utils.node
2019-01-17 17:10 - 2019-01-17 17:10 - 001762648 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_game_utils\discord_game_utils.node
2019-01-17 17:09 - 2019-01-17 17:09 - 002672984 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2019-01-17 17:10 - 2019-01-17 17:10 - 000837464 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2019-01-17 17:09 - 2019-01-17 17:09 - 000479064 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2019-01-17 17:09 - 2019-01-17 17:09 - 000553816 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_erlpack\discord_erlpack.node
2019-01-17 17:11 - 2019-01-17 17:11 - 009914712 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_cloudsync\discord_cloudsync.node
2019-01-17 17:11 - 2019-01-17 17:11 - 002909016 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_rpc\discord_rpc.node
2019-01-17 17:11 - 2019-01-17 17:11 - 001726296 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_overlay2\discord_overlay2.node
2019-01-17 17:11 - 2019-01-17 17:11 - 001266008 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_modules\discord_modules.node
2019-01-17 17:11 - 2019-01-17 17:11 - 022327128 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_dispatch\discord_dispatch.node
2019-01-17 17:11 - 2019-01-17 17:11 - 002947416 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_contact_import\discord_contact_import.node
2019-01-17 17:11 - 2019-01-17 17:11 - 001297752 _____ () \\?\C:\Users\Usuario\AppData\Roaming\discord\0.0.304\modules\discord_vigilante\discord_vigilante.node
2019-01-17 17:04 - 2019-01-15 16:32 - 002269528 _____ () C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\swiftshader\libglesv2.dll
2019-01-17 17:04 - 2019-01-15 16:32 - 000132952 _____ () C:\Users\Usuario\AppData\Local\Discord\app-0.0.304\swiftshader\libegl.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2017-07-03 10:51 - 2017-07-03 10:51 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 10:51 - 2017-07-03 10:51 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\
HKU\S-1-5-21-607596156-44945795-2337355111-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\Pictures\107-naturaleza-fondos-de-pantalla-para-su-computadora-de-escritorio-y-telefono.jpg
HKU\S-1-5-21-607596156-44945795-2337355111-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

--->continuo en otro post por ser muy largo

#8
==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-607596156-44945795-2337355111-1001\...\StartupApproved\Run: => "Steam"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{7FE39E11-EA36-4BEB-B567-B04B4FD2B2B9}C:\users\usuario\downloads\age of empires ii\age of empires ii.exe] => (Allow) C:\users\usuario\downloads\age of empires ii\age of empires ii.exe (Microsoft Corporation)
    FirewallRules: [TCP Query User{38A8F24F-6398-4183-9C1B-872941256518}C:\users\usuario\downloads\age of empires ii\age of empires ii.exe] => (Allow) C:\users\usuario\downloads\age of empires ii\age of empires ii.exe (Microsoft Corporation)
    FirewallRules: [UDP Query User{2DF9505B-2509-4271-8850-7E122FAE0C2E}C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe (The NWJS Community)
    FirewallRules: [TCP Query User{C917D7CF-363E-477C-B198-64997F7F4AEA}C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn-time\popcorn-time.exe (The NWJS Community)
    FirewallRules: [{5EDDCC10-644C-42B0-99AB-B423C18B2432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The House in Fata Morgana\fata.exe ()
    FirewallRules: [{19F61BF1-BA4B-4FB8-B8DE-EF17B7790676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The House in Fata Morgana\fata.exe ()
    FirewallRules: [{F1A20CF8-25F7-4C31-9A4C-46734B559F4C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
    FirewallRules: [{74C7CDEE-CD9C-457D-8BB2-D7E995215355}] => (Allow) C:\Users\Usuario\AppData\Local\Temp\7zS16DA\HP.EasyStart.exe No File
    FirewallRules: [UDP Query User{E0035E43-F2FA-4F7F-A68C-68557100056B}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Corporation)
    FirewallRules: [TCP Query User{7DD78127-28F5-472B-B94E-F854E04D7CE3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Corporation)
    FirewallRules: [{E43A9694-3741-4B00-B9D3-B7CC4503AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{C8B32FDE-430F-482F-B1B9-381EC5868CD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{F1ED6B40-22B6-40FF-AEC5-DF7AF1027843}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{2E080194-1C91-41E7-9AE7-1D69C7934F96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{5924169C-DB5D-44B1-85F5-02E2EB9B9412}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
    FirewallRules: [{E53E359C-3620-448A-97D0-3577DBF5ED65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
    FirewallRules: [{C4D678DC-3843-4D7E-A0ED-686ECF4FB0E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation)
    FirewallRules: [{4E87E824-689F-4064-9098-33547B900CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [{AE1AC8E2-E2AD-434B-97CD-98E9A1001E48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [{410C1B9C-1DC1-411E-AD44-C43D2A1E6630}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe ()
    FirewallRules: [{D90A609C-8AAE-4F5D-A1CC-38262DE8082E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    FirewallRules: [{9995FFD6-1436-40EB-ACD9-1DE3DDDF9AAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    FirewallRules: [{1006C79B-33DF-40A2-B7CD-3F35A0F9110A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{1D8AA709-2702-43F1-8EC1-E89C47375F08}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{D9E0F478-A6EB-4DAC-B1B4-4AA9A72F7C64}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{1A2EF843-B3C7-4590-943A-C334F4C57B7D}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{BD1AFD55-F87D-4809-AFED-2A7E08D28E1F}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{DBD7601A-FC80-42EA-AB91-A2AC2EB0F554}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{A49B709D-D3DA-4647-AAD5-A3F5779B0D34}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{21DC5BE5-8DA0-4AD6-A9C8-52B0AE6D995E}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    FirewallRules: [{B4B0ABC8-39F7-4B43-9F90-21DC6EE1C852}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.6020\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
    FirewallRules: [TCP Query User{832EECF6-120B-4B4D-A147-427AEFAC972C}C:\program files\axis communications\axis companion\axiscompanion.exe] => (Allow) C:\program files\axis communications\axis companion\axiscompanion.exe (Axis Communications)
    FirewallRules: [UDP Query User{F8C5357A-5133-468A-8B73-55A2709D20BC}C:\program files\axis communications\axis companion\axiscompanion.exe] => (Allow) C:\program files\axis communications\axis companion\axiscompanion.exe (Axis Communications)
    FirewallRules: [TCP Query User{D57A0D46-7EE9-43EF-A94C-5787E731795A}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Node.js)
    FirewallRules: [UDP Query User{2D8174D2-8BDE-4226-8E82-296B991EDA7E}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Node.js)
    FirewallRules: [{19AF1884-FA07-4E06-8072-DA88F662CE1A}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.)
    FirewallRules: [TCP Query User{7D9725BE-AEBA-4B0D-A9CE-FCB5C8B197B4}C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP)
    FirewallRules: [UDP Query User{EE8DF2BD-C14E-48AA-9D40-E45F92C116DD}C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP)
    FirewallRules: [{B167519E-19DF-418E-A992-A915357BA648}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
    FirewallRules: [{7FB9C089-66C7-4A46-BD4B-B50B27AEF8E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe (Deconstructeam )
    FirewallRules: [{22090D97-819B-48D7-AD38-813D1E6FCCC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gods Will Be Watching\gwbw.exe (Deconstructeam )
    FirewallRules: [{BC07305C-1ADB-476D-8A47-71C207D4AABF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Red Strings Club\TRSC2017.exe ( )
    FirewallRules: [{80E8BD93-EDBC-4CC9-91AC-75326913A785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Red Strings Club\TRSC2017.exe ( )
    FirewallRules: [{12A9DA86-36AE-46DB-A577-3611C207CD9A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
    FirewallRules: [{46C697DE-6E7A-4CEF-A804-D636A0E41E1E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
    FirewallRules: [{638A459D-F080-4D8B-85F6-3E08A50AA14A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{C0E7F40D-CFDF-4380-A851-3C18065CD4CC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
    FirewallRules: [{5112F3FA-3B1D-4D4C-B8A3-C3316AA959AF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{8812F21F-B082-47C1-8F1B-79DAEA6A0821}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/17/2019 09:08:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nombre de la aplicación con errores: UpdateChecker.exe, versión: 0.0.0.0, marca de tiempo: 0x576b4ce8
    Nombre del módulo con errores: alvupdt.dll_unloaded, versión: 1.0.0.10, marca de tiempo: 0x579eb55e
    Código de excepción: 0xc0000005
    Desplazamiento de errores: 0x00001290
    Identificador del proceso con errores: 0x30d8
    Hora de inicio de la aplicación con errores: 0x01d4ae9f3c514a63
    Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
    Ruta de acceso del módulo con errores: alvupdt.dll
    Identificador del informe: 7136aa19-f652-4b4d-a13e-09431c0b6da3
    Nombre completo del paquete con errores: 
    Identificador de aplicación relativa del paquete con errores:

    Error: (01/17/2019 05:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nombre de la aplicación con errores: bad_module_info, versión: 0.0.0.0, marca de tiempo: 0x00000000
    Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
    Código de excepción: 0x00000000
    Desplazamiento de errores: 0x00000000
    Identificador del proceso con errores: 0x1954
    Hora de inicio de la aplicación con errores: 0x01d4ae7db58d91b9
    Ruta de acceso de la aplicación con errores: bad_module_info
    Ruta de acceso del módulo con errores: unknown
    Identificador del informe: 70a0fbd4-47e1-4dbf-a7a9-2f4a067bc66e
    Nombre completo del paquete con errores: 
    Identificador de aplicación relativa del paquete con errores:

    Error: (01/17/2019 05:04:35 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: DllHost (10472,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (01/17/2019 05:04:35 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: DllHost (10472,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

    Error: (01/17/2019 05:04:09 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (3924,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (01/17/2019 05:04:09 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: taskhostw (3924,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

    Error: (01/17/2019 12:56:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/17/2019 12:52:47 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: DllHost (7916,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V01.log.


    System errors:
    =============
    Error: (01/17/2019 08:56:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9PO1SCK)
    Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     y APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     al usuario DESKTOP-9PO1SCK\Usuario con SID (S-1-5-21-607596156-44945795-2337355111-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

    Error: (01/17/2019 07:59:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     y APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

    Error: (01/17/2019 05:20:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
    Se ha bloqueado la descarga de este controlador

    Error: (01/17/2019 05:20:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Usuario\AppData\Local\Temp\ehdrv.sys

    Error: (01/17/2019 05:20:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
    Se ha bloqueado la descarga de este controlador

    Error: (01/17/2019 05:20:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Usuario\AppData\Local\Temp\ehdrv.sys

    Error: (01/17/2019 05:20:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
    Se ha bloqueado la descarga de este controlador

    Error: (01/17/2019 05:20:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Users\Usuario\AppData\Local\Temp\ehdrv.sys


    Windows Defender:
    ===================================
    Date: 2019-01-17 13:31:21.737
    Description: 
    Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
    Para obtener más información consulte lo siguiente:
    https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/CeeInject&threatid=2147598241&enterprise=0
    Nombre: VirTool:Win32/CeeInject
    Id.: 2147598241
    Gravedad: Grave
    Categoría: Herramienta
    Ruta de acceso: file:_C:\Windows\Temp\tmp0000014c\tmp000001d8; file:_C:\Windows\Temp\tmp0000014c\tmp000001d9; file:_C:\Windows\Temp\tmp0000014c\tmp000001da
    Origen de detección: Equipo local
    Tipo de detección: Concreto
    Fuente de detección: Protección en tiempo real
    Usuario: NT AUTHORITY\SYSTEM
    Nombre de proceso: C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
    Versión de firma: AV: 1.283.3110.0, AS: 1.283.3110.0, NIS: 1.283.3110.0
    Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-17 13:31:21.551
    Description: 
    Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
    Para obtener más información consulte lo siguiente:
    https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/CeeInject&threatid=2147598241&enterprise=0
    Nombre: VirTool:Win32/CeeInject
    Id.: 2147598241
    Gravedad: Grave
    Categoría: Herramienta
    Ruta de acceso: file:_C:\Windows\Temp\tmp0000014c\tmp000001d8; file:_C:\Windows\Temp\tmp0000014c\tmp000001d9
    Origen de detección: Equipo local
    Tipo de detección: Concreto
    Fuente de detección: Protección en tiempo real
    Usuario: NT AUTHORITY\SYSTEM
    Nombre de proceso: C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
    Versión de firma: AV: 1.283.3110.0, AS: 1.283.3110.0, NIS: 1.283.3110.0
    Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-17 13:31:21.309
    Description: 
    Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
    Para obtener más información consulte lo siguiente:
    https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/CeeInject&threatid=2147598241&enterprise=0
    Nombre: VirTool:Win32/CeeInject
    Id.: 2147598241
    Gravedad: Grave
    Categoría: Herramienta
    Ruta de acceso: file:_C:\Windows\Temp\tmp0000014c\tmp000001d8
    Origen de detección: Equipo local
    Tipo de detección: Concreto
    Fuente de detección: Protección en tiempo real
    Usuario: NT AUTHORITY\SYSTEM
    Nombre de proceso: C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
    Versión de firma: AV: 1.283.3110.0, AS: 1.283.3110.0, NIS: 1.283.3110.0
    Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-17 13:30:44.137
    Description: 
    Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
    Para obtener más información consulte lo siguiente:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Donvibs&threatid=2147717778&enterprise=0
    Nombre: Trojan:VBS/Donvibs
    Id.: 2147717778
    Gravedad: Grave
    Categoría: Caballo de Troya
    Ruta de acceso: containerfile:_C:\Windows\Temp\tmp00000153\tmp00000998; file:_C:\Windows\Temp\tmp0000014c\tmp00000001->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000002->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp00000003->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp0000003d->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp0000003e->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000085->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp00000086->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000ea->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000eb->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000ec->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ed->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ee->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ef->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000f0->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000f4->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000143->(EncScript); file:_C
    Origen de detección: Equipo local
    Tipo de detección: Concreto
    Fuente de detección: Protección en tiempo real
    Usuario: NT AUTHORITY\SYSTEM
    Nombre de proceso: C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
    Versión de firma: AV: 1.283.3110.0, AS: 1.283.3110.0, NIS: 1.283.3110.0
    Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-17 13:30:43.904
    Description: 
    Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
    Para obtener más información consulte lo siguiente:
    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:VBS/Donvibs&threatid=2147717778&enterprise=0
    Nombre: Trojan:VBS/Donvibs
    Id.: 2147717778
    Gravedad: Grave
    Categoría: Caballo de Troya
    Ruta de acceso: containerfile:_C:\Windows\Temp\tmp00000153\tmp00000998; file:_C:\Windows\Temp\tmp0000014c\tmp00000001->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000002->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp00000003->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp0000003d->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp0000003e->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000085->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp00000086->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000ea->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000eb->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000ec->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ed->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ee->(EncScript); file:_C:\Windows\Temp\tmp0000014c\tmp000000ef->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp000000f0->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000143->(EncScript); file:_C:\WINDOWS\TEMP\tmp0000014c\tmp00000144->(EncScript); file:_C
    Origen de detección: Equipo local
    Tipo de detección: Concreto
    Fuente de detección: Protección en tiempo real
    Usuario: NT AUTHORITY\SYSTEM
    Nombre de proceso: C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
    Versión de firma: AV: 1.283.3110.0, AS: 1.283.3110.0, NIS: 1.283.3110.0
    Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

    CodeIntegrity:
    ===================================

    Date: 2018-09-17 17:12:24.828
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-09-15 14:13:30.709
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-09-13 22:48:55.859
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-09-12 19:22:41.353
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-16 22:24:37.017
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-16 22:07:36.352
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-08-06 20:00:38.523
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-07-25 22:23:34.282
    Description: 
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info =========================== 

    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 58%
    Total physical RAM: 8056.13 MB
    Available physical RAM: 3319.59 MB
    Total Virtual: 20856.13 MB
    Available Virtual: 14686.63 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:490.7 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{26a182d5-de39-4dcc-9a5a-e60555e69635}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.09 GB) NTFS
    \\?\Volume{97ae865a-2b66-4781-b43c-c4610157386f}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 46C08D3A)

    Partition: GPT.

    ==================== End of Addition.txt ============================

Y creo que eso es todo!


#9

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2019-01-11 12:49 - 2018-10-14 15:29 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\b0ba1f17121cc10d56f919726dfc8982
2019-01-11 12:48 - 2018-10-14 15:29 - 000000000 ___HD C:\DESKTOP-9PO1SCK
2018-01-24 03:06 - 2018-01-24 03:06 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{620D58C4-587C-4EE1-AAFB-F3346D0361C3}
2018-02-16 15:00 - 2018-02-16 15:00 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{F9CDF0AE-2EA6-48D0-A587-2DAC629A0FBE}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
Task: {088585A8-AD61-4DDD-AFF5-47E0179EFA3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION




HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#10

Cuando intento iniciar en Modo Seguro (por el método 2 al final), me piden la contraseña de Microsoft (normalmente es el PIN lo que me piden) y no hay manera, me dice que contraseña no válida aunque la he cambiado y todo y sigue sin reconocérmela :persevere:


#11

Selecciona modo seguro con red y usa,la contraseña de Microsoft de tu correo

Si no puedes,ejecuta en modo normal


#12

Al final probando tropecientas contraseñas, una funcionó! Aunq no tengo red a pesar de que he iniciado con el 5 que es el modo seguro con funciones de red, pero supongo que puedo ejecutar el FRST igual, aunque estoy algo mosca con mi controlador de red o como se diga porque la verdad es que tiene rachas donde si muevo el pc un poco se me va y tengo que reiniciar el pc para volver a tener internet. ¿En este foro brindais soporte a esa clase de problemas?

Por cierto, muchísimas gracias por la rapidez con tus respuestas


#13

Ejecuta frst ahora en ese modo

Lo del controlador veremos,pero puedes comprobar si mejoro tambien con lo que vamos a realizar


#14

Pues aquí está el Fixlog.text. De momento no me ha salido la notificación de que me ha bloqueado el troyano desde que ayer le pasé todos esos programas, estaré probándolo por la noche a ver. ¿Le puedo pasar de nuevo el antivirus a ver si me detecta algo?

Lo del controlador la verdad es que es un problema muy anterior, junto con que la pantalla a veces de repente se pone negra tras varios flashes y si apago el pc (sin apagarlo del todo) y lo vuelvo a encender ya me vuelve, pero eso me estaba pasando demasiado seguido estos últimos días y estaba ya aterrorizada de que el ordenador se me iba a morir en cualquier momento y por eso quería hacer la copia de seguridad de mis archivos, pero justo me empezó a pasar lo de este troyano y no quería guardar archivos infectados. La verdad es que la última vez que me pasó eso fue pasando el Malwerbytes la penúltima vez, de momento no me ha vuelto a pasar. Cuando acudí a este foro lo hice pensando en resolver lo del troyano, porque lo demás me parecía más bien un problema gordo de hardwere, pero si con lo que has hecho resulta que me lo has arreglado, no sabes la alegría que me das!

En fin, aquí te pongo el informe:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Usuario (18-01-2019 20:44:00) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario & _ashbackuppb_)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-607596156-44945795-2337355111-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2019-01-11 12:49 - 2018-10-14 15:29 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\b0ba1f17121cc10d56f919726dfc8982
2019-01-11 12:48 - 2018-10-14 15:29 - 000000000 ___HD C:\DESKTOP-9PO1SCK
2018-01-24 03:06 - 2018-01-24 03:06 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{620D58C4-587C-4EE1-AAFB-F3346D0361C3}
2018-02-16 15:00 - 2018-02-16 15:00 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{F9CDF0AE-2EA6-48D0-A587-2DAC629A0FBE}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
Task: {088585A8-AD61-4DDD-AFF5-47E0179EFA3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION




HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
C:\Users\Usuario\AppData\Roaming\b0ba1f17121cc10d56f919726dfc8982 => moved successfully
C:\DESKTOP-9PO1SCK => moved successfully
C:\Users\Usuario\AppData\Local\{620D58C4-587C-4EE1-AAFB-F3346D0361C3} => moved successfully
C:\Users\Usuario\AppData\Local\{F9CDF0AE-2EA6-48D0-A587-2DAC629A0FBE} => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088585A8-AD61-4DDD-AFF5-47E0179EFA3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088585A8-AD61-4DDD-AFF5-47E0179EFA3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-607596156-44945795-2337355111-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23295973 B
Java, Flash, Steam htmlcache => 36297450 B
Windows/system/drivers => 15608494 B
Edge => 30090 B
Chrome => 396342294 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 28973 B
systemprofile32 => 0 B
LocalService => 2876 B
LocalService => 0 B
NetworkService => 5074 B
NetworkService => 0 B
Usuario => 348799641 B
_ashbackuppb_ => 231683034 B

RecycleBin => 0 B
EmptyTemp: => 1014.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:44:41 ====

#15

Ahora solo toca probar el pc.

Úsalo durante 24 -48 horas y me dices como va ( o antes si sale algun problema de nuevo)