JS:ScriptXE-inf[Tri]


#1

Hola a todos Últimamente me esta saltando un aviso de AVG "hemos anulado la conexion a de forma segura por que estaba infectado con JS:ScriptXE-inf [Trj] He hecho una limpieza con el AVG y otra con Malawarebytes en la que me dice que no encuentra nada, pero el aviso sigue saltando. Por otro lado cuando utilizo Google como buscador en el Mozilla en la barra de direcciones aparece como EDITADA URL maliciosa

Desconozco la preligrosida de esto y la forma de eliminarlo, asi que si alguno me puede ayudar le estare agradecido.

SAludos a todos


#2

Hol a Jap_Al bienvenido al nuevo foro

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo


#3

Hola y gracias

1- El escaneo con MBAM me indica que no ha encontrado ningun problema, luego no te puedo adjuntar informe.

2-El escaneo con ADW genera el siguiente informe

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-21-2019
# Duration: 00:00:03
# OS:       Windows 7 Home Premium
# Cleaned:  59
# Failed:   2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\avg web tuneup
Deleted       C:\Program Files (x86)\avg web tuneup
Deleted       C:\Users\Joseba\AppData\Local\avg web tuneup
Deleted       C:\Users\Joseba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted       C:\_acestream_cache_
Deleted       C:\Users\Joseba\AppData\LocalLow\.acestream
Deleted       C:\Users\Joseba\AppData\Roaming\.acestream
Deleted       C:\Users\Joseba\AppData\Roaming\acestream
Deleted       C:\ProgramData\AVG Secure Search
Deleted       C:\Program Files\Common Files\AVG Secure Search
Deleted       C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted       C:\supermegabest

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\0915TBUPDATEINFO.JOB
Deleted       C:\Windows\System32\Tasks\0915TBUPDATEINFO

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A41A852D-8D67-4AE5-82A6-FB83183E1DA0}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A41A852D-8D67-4AE5-82A6-FB83183E1DA0}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915tbUpdateInfo
Deleted       HKCU\Software\Classes\acestream
Deleted       HKCU\Software\RegisteredApplications|AceStream
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted       HKCU\Software\AceStream
Deleted       HKCU\Software\Myfree Codec
Deleted       HKLM\Software\Wow6432Node\Myfree Codec
Deleted       HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted       HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted       HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted       HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16FCCD00-836A-4C7E-8C24-E7CEB55ACA3B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{111B69B4-E639-44CA-ADC0-B7AFB94160A1}
Deleted       HKCU\Software\Classes\.acestream
Deleted       HKLM\Software\Classes\.acestream
Deleted       HKCU\Software\Classes\.tslive
Deleted       HKCU\Software\Classes\.acemedia
Deleted       HKCU\Software\Classes\.acelive
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted       HKCU\Software\Vittalia

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       AVG Web TuneUp

***** [ Firefox URLs ] *****

Not Deleted   mysearch.avg.com
Not Deleted   mysearch.avg.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6942 octets] - [21/01/2019 08:23:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

3-He hecho la limpieza con el CC hasta que no encuentra ningún problema de registro

4-Me sigue dando el problema


#4

Hola

Aunque no haya detectado nada Malwarebytes, pega el reporte para revisarlo, lo encuentras en la pestaña de “Informes”.

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#5

Este es el informe de MBAM


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 21/1/19
Hora del análisis: 22:12
Archivo de registro: 455839e7-1dc1-11e9-a19d-20cf30200a73.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.519
Versión del paquete de actualización: 1.0.8900
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: PC\Joseba

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 262953
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 1 min, 32 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
PUP.Optional.ForcedInstalledExtensionFF, C:\USERS\JOSEBA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVLW65TB.DEFAULT\EXTENSIONS\{6AA47F05-1F3F-4798-908A-0ED01B2361E0}.XPI, En cuarentena, [1715], [627210],1.0.8900

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#6
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Joseba (administrator) on PC (21-01-2019 22:33:13)
Running from C:\Users\Joseba\Desktop
Loaded Profiles: Joseba (Available Profiles: Joseba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Dropbox, Inc.) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dropbox, Inc.) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(The Qt Company Ltd) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-01-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HFALoader] => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterArc.exe [4336352 2015-05-13] (Hamster Soft)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-01-16] (AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1037984 2017-05-20] (Samsung)
HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2015-12-18] (Adobe Systems, Inc.)
Startup: C:\Users\Joseba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-01-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{04AC8194-BFDF-4652-8AC8-A5B1C939B8E6}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{AF75F8B3-712E-4487-9033-1FC30D583263}: [DhcpNameServer] 212.142.144.66 212.142.144.98

Internet Explorer:
==================
HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/?gws_rd=ssl
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-02] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: dvlw65tb.default
FF ProfilePath: C:\Users\Joseba\AppData\Roaming\Mozilla\Firefox\Profiles\dvlw65tb.default [2019-01-21]
FF Homepage: Mozilla\Firefox\Profiles\dvlw65tb.default -> hxxps://www.google.es/
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-02] [Legacy]
FF HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joseba\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-27] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1412667433-2437821996-2063077104-1001: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\Joseba\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default [2019-01-21]
CHR Extension: (Presentaciones) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-17]
CHR Extension: (Documentos) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-17]
CHR Extension: (Google Drive) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-17]
CHR Extension: (YouTube) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-17]
CHR Extension: (Hojas de cálculo) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-21]
CHR Extension: (Ace Script) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-01-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-17]
CHR Extension: (Gmail) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-21]
CHR HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [357872 2019-01-16] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [7882752 2019-01-16] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6875688 2018-06-13] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [4147408 2018-11-09] (devolo AG)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-01-05] (Macrovision Europe Ltd.) [File not signed]
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [756520 2019-01-08] (Reto-Moto ApS)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-07] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [203336 2019-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [223616 2019-01-17] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196632 2019-01-16] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320744 2019-01-16] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58008 2019-01-16] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46432 2019-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-01-16] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166840 2019-01-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111848 2019-01-16] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1033904 2019-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [474504 2019-01-16] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217912 2019-01-16] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380000 2019-01-16] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-21] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2018-11-09] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-21 22:33 - 2019-01-21 22:33 - 000021250 _____ C:\Users\Joseba\Desktop\FRST.txt
2019-01-21 22:32 - 2019-01-21 22:33 - 000000000 ____D C:\FRST
2019-01-21 22:30 - 2019-01-21 22:30 - 002428416 _____ (Farbar) C:\Users\Joseba\Desktop\FRST64.exe
2019-01-21 22:07 - 2019-01-21 22:07 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-21 08:27 - 2019-01-21 08:27 - 000006020 _____ C:\Users\Joseba\Desktop\AdwCleaner[C00].txt
2019-01-21 08:21 - 2019-01-21 08:26 - 000000000 ____D C:\AdwCleaner
2019-01-21 08:18 - 2019-01-21 08:18 - 007320272 _____ (Malwarebytes) C:\Users\Joseba\Desktop\adwcleaner_7.2.6.0.exe
2019-01-20 22:30 - 2019-01-20 22:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Joseba\Downloads\ccsetup552.exe
2019-01-17 07:52 - 2019-01-17 07:52 - 000223616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-01-16 13:54 - 2019-01-16 13:54 - 000361392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-01-16 13:54 - 2019-01-16 13:54 - 000320744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys
2019-01-16 13:54 - 2019-01-16 13:54 - 000196632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-01-16 13:54 - 2019-01-16 13:54 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-01-16 13:54 - 2019-01-16 13:54 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-01-12 11:44 - 2019-01-12 11:44 - 001106840 _____ (Unity Technologies ApS) C:\Users\Joseba\Downloads\UnityWebPlayer64.exe
2019-01-12 11:44 - 2019-01-12 11:44 - 001106840 _____ (Unity Technologies ApS) C:\Users\Joseba\Downloads\UnityWebPlayer64(1).exe
2019-01-09 23:00 - 2019-01-09 23:00 - 000000000 ____D C:\Users\Joseba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-01-06 09:48 - 2019-01-06 09:48 - 001206768 _____ (Adobe Systems Incorporated) C:\Users\Joseba\Downloads\flashplayer32au_ha_install.exe
2019-01-03 20:07 - 2018-11-09 17:52 - 000295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll
2019-01-03 20:07 - 2018-11-09 17:52 - 000078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll
2019-01-03 20:07 - 2018-11-09 17:52 - 000036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-21 22:32 - 2016-11-16 19:33 - 000000000 ____D C:\Users\Joseba\AppData\LocalLow\Mozilla
2019-01-21 22:22 - 2009-07-14 05:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-21 22:22 - 2009-07-14 05:45 - 000015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-21 22:14 - 2009-07-14 10:31 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-01-21 22:14 - 2009-07-14 10:31 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-01-21 22:14 - 2009-07-14 06:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-21 22:14 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-01-21 22:09 - 2015-01-03 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-21 22:07 - 2015-06-17 21:11 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001Core.job
2019-01-21 22:07 - 2015-05-03 08:52 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job
2019-01-21 22:07 - 2015-01-04 12:27 - 000000000 ___RD C:\Users\Joseba\Dropbox
2019-01-21 22:07 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-21 14:03 - 2015-06-17 21:11 - 000001006 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA.job
2019-01-21 14:02 - 2018-09-26 22:35 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-21 14:02 - 2018-08-30 23:03 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-21 14:02 - 2018-07-17 16:02 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-21 14:02 - 2018-07-17 16:02 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-21 14:02 - 2018-04-22 16:44 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-21 14:02 - 2017-05-18 22:13 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-14 21:28 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-01-21 14:02 - 2017-03-13 22:59 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-21 14:02 - 2017-02-14 23:35 - 000003262 _____ C:\Windows\System32\Tasks\Apagar dentroo de 2 horas
2019-01-21 14:02 - 2015-06-17 21:11 - 000003988 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA
2019-01-21 14:02 - 2015-06-17 21:11 - 000003592 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001Core
2019-01-21 14:02 - 2015-06-08 06:47 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-21 14:02 - 2015-05-03 08:52 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS
2019-01-21 14:02 - 2015-01-29 13:39 - 000002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-21 14:02 - 2015-01-21 17:13 - 000003214 _____ C:\Windows\System32\Tasks\Google Update
2019-01-21 14:02 - 2015-01-03 15:32 - 000003670 _____ C:\Windows\System32\Tasks\klcp_update
2019-01-20 23:18 - 2018-10-20 15:56 - 000001911 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-20 23:18 - 2017-01-28 16:20 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-20 23:18 - 2015-07-26 22:14 - 000000915 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-20 22:31 - 2015-01-03 15:28 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-20 18:06 - 2015-01-03 14:45 - 000000000 ____D C:\Users\Joseba
2019-01-20 14:44 - 2016-10-23 21:46 - 000000000 ____D C:\Users\Joseba\AppData\LocalLow\Heroes and Generals
2019-01-20 08:49 - 2016-01-05 07:42 - 000000000 ____D C:\Users\Joseba\AppData\Local\CrashDumps
2019-01-18 17:54 - 2017-03-13 22:59 - 000166840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-01-16 13:54 - 2018-10-22 12:07 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-01-16 13:54 - 2017-11-27 22:22 - 000203336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 001033904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000474504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000380000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000217912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000111848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-01-16 13:54 - 2017-03-13 22:59 - 000046432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2019-01-12 19:09 - 2015-01-03 15:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-11 17:55 - 2018-10-20 15:55 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-11 07:58 - 2017-05-22 19:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-11 07:58 - 2015-01-03 15:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-09 23:00 - 2015-01-03 15:33 - 000000000 ____D C:\Users\Joseba\AppData\Roaming\Dropbox
2019-01-06 19:25 - 2009-07-14 06:08 - 000032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-01-03 20:10 - 2015-01-04 12:49 - 000000000 ____D C:\Program Files (x86)\devolo
2018-12-30 21:44 - 2015-01-07 13:49 - 000280792 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2018-12-30 21:44 - 2015-01-07 13:47 - 000280792 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2018-12-30 21:43 - 2015-01-07 13:47 - 000281032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2018-12-24 15:54 - 2015-01-05 13:08 - 000000000 ____D C:\Users\Joseba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2015-01-05 17:49 - 2014-09-08 11:00 - 000000036 _____ () C:\Users\Joseba\AppData\Local\installLang.ini
2018-10-14 23:27 - 2018-10-14 23:27 - 000014359 _____ () C:\Users\Joseba\AppData\Local\recently-used.xbel
2015-01-06 22:57 - 2017-08-01 20:44 - 000007598 _____ () C:\Users\Joseba\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-13 20:58

==================== End of FRST.txt ============================

#7
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Joseba (21-01-2019 22:33:33)
Running from C:\Users\Joseba\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-03 13:45:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1412667433-2437821996-2063077104-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1412667433-2437821996-2063077104-1002 - Limited - Enabled)
Invitado (S-1-5-21-1412667433-2437821996-2063077104-501 - Limited - Disabled)
Joseba (S-1-5-21-1412667433-2437821996-2063077104-1001 - Administrator - Enabled) => C:\Users\Joseba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
Actualización de NVIDIA 25.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoCAD 2010 - Español (HKLM\...\{5783F2D7-8001-040A-0102-0060B0CE6BBA}) (Version: 18.0.309.0 - Autodesk) Hidden
AutoCAD 2010 - Español (HKLM\...\AutoCAD 2010 - Español) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 - Español Version 3 (HKLM\...\AutoCAD 2010 - Español Version 3) (Version: 1 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.1.3075 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
calibre 64bit (HKLM\...\{9862A8CD-F8F4-4939-BAA6-DC87BDCE567D}) (Version: 3.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CianoplanPDF 3.0.1 (HKLM-x32\...\{7cca8a52-b149-4081-aa8f-b037fd35bb2e}) (Version: 3.0.1 - Cianoplan)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version:  - )
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.0.1.0 - devolo AG)
Dropbox (HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Dropbox) (Version: 64.4.141 - Dropbox, Inc.)
GIMP 2.10.2 (HKLM\...\GIMP-2_is1) (Version: 2.10.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Hamster Free ZIP Archiver 3.0.0.86 (HKLM-x32\...\Hamster Free ZIP Archiver_is1) (Version: 3.0.0.86 - HamsterSoft)
IL-2 Sturmovik Battle of Stalingrad (HKLM-x32\...\{66F649A9-0FA2-487E-BC0D-894BD7E89D5E}_is1) (Version:  - 1C Game Studios)
Instalable DNIe (HKLM\...\{D2CE0562-13E0-4FC9-85F2-CA3D0392310E}) (Version: 14.0.0 - Cuerpo Nacional de Policía)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.9.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Ludoteka versión 1.1 (HKLM-x32\...\{A8A82F27-5E59-423D-A9D0-9CBF7EF69378}_is1) (Version: 1.1 - Jokosare S.L.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 64.0.2 (x64 es-ES)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
MuseScore 2 (HKLM-x32\...\{7D01160E-D30F-4E88-8872-4A0A0A782E2E}) (Version: 2.3.2 - Werner Schweer and Others)
NVIDIA Controlador de 3D Vision 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Panel de control de NVIDIA 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 381.65 - NVIDIA Corporation) Hidden
Paquete de idioma de AutoCAD 2010 - Español (HKLM\...\{5783F2D7-8001-040A-1102-0060B0CE6BBA}) (Version: 18.0.55.0 - Autodesk) Hidden
PDFTK Builder 3.9.4 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Presto 8.8 (HKLM-x32\...\{099EA4F2-0BE8-443B-B6EE-2B8FDF035DC0}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Renta y Patrimonio 2016 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Renta y Patrimonio 2017 (HKLM-x32\...\ST6UNST #2) (Version:  - )
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{1EE5F772-57F4-4299-8029-68F8A815E896}) (Version: 16.0.19912 - Trimble Navigation Limited)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Software Logitech para juegos 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TagScanner 6.0.31 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (11/23/2017 1.0.2.6) (HKLM\...\4156F59B733E1BC3DE3D5DA2299224A42B2FF794) (Version: 11/23/2017 1.0.2.6 - Dirección General de la Policía)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412667433-2437821996-2063077104-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [Identificador de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2010-04-19] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-01-16] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterContextMenu64.dll [2014-11-12] (HamsterSoft)
ContextMenuHandlers1: [HamsterMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterContextMenu64.dll [2014-11-12] (HamsterSoft)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-04-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-01-16] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterContextMenu64.dll [2014-11-12] (HamsterSoft)
ContextMenuHandlers6: [HamsterMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterContextMenu64.dll [2014-11-12] (HamsterSoft)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1412667433-2437821996-2063077104-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1412667433-2437821996-2063077104-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1412667433-2437821996-2063077104-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Joseba\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2019-01-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15B4DE56-7290-4ACF-AE67-42551FD9F529} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {15E2E187-1087-49CA-ABBC-002A485E9899} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {1AE79A89-9D7D-4EB7-BEF6-BCC6F368B0B3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {22AA874C-CEA9-4C5E-AEC8-01A0CCD414F1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2019-01-16] (AVG Technologies CZ, s.r.o.)
Task: {27073C8F-C482-4B99-A247-F10893557F0F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {277961E0-1448-4EC3-AB1E-B42B0BBE012D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {36C1D827-2ADF-4C6D-BF29-3DA4767672FA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {4B4AE81D-4D3E-4EC8-AD98-A5774E83BD55} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {5B3297E3-55E1-4FED-BD39-49AD3DBF780C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {5D50BC4E-4CC5-4566-A1B4-6EA2D503464B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()
Task: {682ACCC2-50D8-4FE9-86EE-53ABC9F791EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {6FDAF252-4ECA-4C18-A9EE-FECAA48C04C1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {75A8D4D1-F826-40BE-BB04-EB851A79DD64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-17] (Google Inc.)
Task: {92CB6972-3D9B-46E9-A008-E9E1ECA898BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {9B61721E-27BD-4444-859E-6367BD6F9493} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-16] (AVG Technologies CZ, s.r.o.)
Task: {AFD1F28B-0A65-4127-838F-637E8101422B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-27] (Adobe Systems Incorporated)
Task: {B3A3E922-EAC0-47BC-BB18-E4B580BB8EBB} - System32\Tasks\Google Update => C:\Windows\upr.exe <==== ATTENTION
Task: {C85C4808-79F7-4E31-AFDF-AAAAC2F0B4E5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001Core => C:\Users\Joseba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {CE42661E-6439-4E64-B076-ACC9DB658C04} - System32\Tasks\Apagar dentroo de 2 horas => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {D205203E-22D1-4D6D-A530-037712BDECA9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {F3BFFF8E-E78E-4419-A772-9B19162475F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-17] (Google Inc.)
Task: {F53EFB01-2FE4-49DF-A479-844A3EA4DD32} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA => C:\Users\Joseba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FD1EFAEA-11D7-471D-9343-C69A5F2ED7A8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001Core.job => C:\Users\Joseba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA.job => C:\Users\Joseba\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-16 13:54 - 2019-01-16 13:54 - 000662960 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2019-01-16 13:54 - 2019-01-16 13:54 - 000550832 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2019-01-16 13:54 - 2019-01-16 13:54 - 001967536 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2019-01-21 22:07 - 2019-01-21 22:07 - 006938312 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\19012104\algo64.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 004297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-05 23:14 - 2005-03-12 01:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 000866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 001050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 000059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 000242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-03-14 21:28 - 2017-05-03 21:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-01-07 13:47 - 2015-01-07 23:33 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2019-01-16 13:54 - 2019-01-16 13:54 - 093696960 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-10-20 15:55 - 2019-01-11 17:55 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-10 11:01 - 2019-01-10 11:01 - 000103560 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2019-01-09 23:00 - 2019-01-08 14:07 - 001140552 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2019-01-09 23:00 - 2019-01-08 14:07 - 002103112 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2019-01-09 23:00 - 2019-01-08 14:09 - 000023376 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\tornado.speedups.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000025456 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000148968 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\_cffi_backend.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 001878888 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000025960 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000118232 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\pywintypes36.dll
2019-01-09 23:00 - 2019-01-08 14:07 - 000109024 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32api.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000082760 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\fastpath.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000418776 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\pythoncom36.dll
2019-01-09 23:00 - 2019-01-08 14:08 - 000074072 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000027616 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32event.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000049128 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32process.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000026600 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32clipboard.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000131552 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32file.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000182752 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32gui.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000027616 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32pipe.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000119272 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32security.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000401752 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000028640 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32job.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000034664 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000062304 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000023520 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\mmapfile.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000053736 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32service.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000065504 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32evtlog.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000025944 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000068968 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000028520 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000027488 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000032224 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32ts.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000156504 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000092496 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt562.sip.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 001778000 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000518992 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000052056 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 001929552 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 003821392 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000044888 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000132944 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000218456 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000205656 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000061408 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32print.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000051552 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000027624 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\win32profile.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000033632 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000028008 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000025960 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000025448 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000025960 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000031600 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000486880 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winxpgui.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000029040 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 011830608 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\nucleus_python.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000029024 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:07 - 000036312 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\librsync.dll
2019-01-09 23:00 - 2019-01-08 14:09 - 000025960 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000433992 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2019-01-09 23:00 - 2019-01-08 14:09 - 000038240 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:08 - 000025920 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\libEGL.DLL
2019-01-09 23:00 - 2019-01-08 14:08 - 001592128 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2019-01-09 23:00 - 2019-01-08 14:09 - 000029544 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000241488 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\windragdrop.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000102736 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000025448 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000037200 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000029544 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000530768 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp36-win32.pyd
2019-01-09 23:00 - 2019-01-08 14:09 - 000348496 _____ () C:\Users\Joseba\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp36-win32.pyd
2012-09-23 19:44 - 2012-09-23 19:44 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2017-03-14 21:28 - 2017-05-03 21:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Joseba:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Joseba\Dropbox:user.myxattr [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-12-03 22:19 - 000003727 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   209.34.83.73:443
127.0.0.1                   209.34.83.73:43
127.0.0.1                   209.34.83.67:443
127.0.0.1                   209.34.83.67:43
127.0.0.1                   ood.opsource.net
127.0.0.1                   199.7.52.190:80
127.0.0.1                   OCSP.SPO1.VERISIGN.COM
127.0.0.1                   199.7.54.72:80
127.0.0.1                   192.150.14.69
127.0.0.1                   192.150.18.101
127.0.0.1                   192.150.18.108
127.0.0.1                   192.150.22.40
127.0.0.1                   192.150.8.100
127.0.0.1                   192.150.8.118
127.0.0.1                   209-34-83-73.ood.opsource.net
127.0.0.1                   3dns-1.adobe.com
127.0.0.1                   3dns-2.adobe.com
127.0.0.1                   3dns-3.adobe.com
127.0.0.1                   3dns-4.adobe.com
127.0.0.1                   3dns.adobe.com
127.0.0.1                   activate-sea.adobe.com
127.0.0.1                   activate-sjc0.adobe.com
127.0.0.1                   activate.wip.adobe.com
127.0.0.1                   activate.wip1.adobe.com
127.0.0.1                   activate.wip2.adobe.com
127.0.0.1                   activate.wip3.adobe.com
127.0.0.1                   activate.wip4.adobe.com
127.0.0.1                   adobe-dns-1.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^Joseba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Joseba\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Joseba\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HFALoader => C:\Program Files (x86)\Hamster Soft\Hamster Free ZIP Archiver\HamsterArc.exe -loader

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{09ACB2E4-9932-4969-84CF-37075D404713}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{DD141B41-46BC-4175-82AD-0058389A2D84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{07492CB0-DFFF-43D5-87E2-81CBD1DA6DAA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
FirewallRules: [{6E6BA941-0C01-496C-9EB7-802CDF7F5FBE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
FirewallRules: [{83941E49-6A03-46EA-A467-6B37C437BC7A}] => (Allow) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{09C320D6-88F3-4B65-891D-B6EC682C1069}] => (Allow) C:\Users\Joseba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [TCP Query User{67776779-3E44-4CCF-BA1D-918809FD27FB}C:\users\joseba\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\joseba\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [UDP Query User{C9C3A1FF-941C-4891-ABBD-477BB71670B1}C:\users\joseba\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\joseba\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [{585D0D21-1B68-461B-8075-617932F6AE6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestra.exe ()
FirewallRules: [{792E7A7F-5093-468A-874B-B4BFF605E731}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestra.exe ()
FirewallRules: [{AAA103FE-B4EC-4454-84F1-C1E30A07B55A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe ()
FirewallRules: [{67FB6695-5BAC-4163-A55A-283D0AA92B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe ()
FirewallRules: [{432B68E1-BEBB-4FCD-AAF6-A58BFCB6E7AD}] => (Allow) C:\Program Files (x86)\CianoplanPDF\CianoplanPDF.exe (Cianoplan)
FirewallRules: [{E4FC131C-3AA8-4A88-B224-FD1ECCAF91DF}] => (Allow) C:\Program Files (x86)\CianoplanPDF\CianoplanPDF.exe (Cianoplan)
FirewallRules: [{B30CB9A6-5DF4-415B-8F6A-260DFD8A3A20}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe ()
FirewallRules: [{BC9BA363-BF97-434E-B6A1-396451A64AD9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe ()
FirewallRules: [{7676E1F5-F6F2-407D-A731-6C8854E3169E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe ()
FirewallRules: [{3FF07674-ED7B-419A-AF13-53A1D42F316F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe ()
FirewallRules: [{A0E269FB-DB0C-449D-A947-9E32A5156757}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
FirewallRules: [{24BCEF6C-A38E-4EC7-A175-320CC4E9701F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
FirewallRules: [{9A940DA9-CEF0-4116-827E-F4C286E1CDD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{24AB9A57-2C78-4D8F-AE7C-C25DBFB00BB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{2A8AC3E6-8104-40A0-94F1-EA04EAC56267}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{904FFEE6-DF64-4301-B417-497D1713207B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{18B5DE2E-B67D-4EC0-BE11-67F6D7C0C20A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{85768A89-A1D6-4E79-81FE-81D41CAA62F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{6B769F88-7DF3-4052-A9B3-2E49206467D0}] => (Allow) C:\Users\Joseba\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{291F44BC-3888-448B-B4A6-89F482A497C0}] => (Allow) C:\Users\Joseba\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{0974D167-023A-497B-B4BA-65AA278CE2CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{6D323A07-114D-4110-BD0D-3B1318516C39}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{068084AA-5FDF-40E6-BE29-4691F35602EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{BF1DA876-D7CF-4409-B609-A45730714661}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{82B2E2AF-0D2E-4190-8042-EC6FD16B9222}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{25BFFF5E-DB9B-48CD-BB31-06F903DC475D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation)
FirewallRules: [{DDD6834A-55C2-4A38-9627-0C6621D30939}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{964C4AEA-5183-4F20-ABDA-C47A4B98AF9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{ADB639EF-5FE0-4FA9-A998-77E70F215895}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\HotwLauncher.exe (Microsoft)
FirewallRules: [{BDF39C31-5F7A-4859-8C18-F5A9A986FEED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\HotwLauncher.exe (Microsoft)
FirewallRules: [{844DA831-4EC4-444D-A49B-566340ABD51A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{A28C462B-21DC-49F5-A165-24620FADC1F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{6251E526-93BA-44B3-8886-B2F284DAFCBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{641D9D12-720D-41C9-8A93-D5E9F78403DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{4F7396AA-EAFE-4CA8-8ADC-58C16FFAD49B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestraLargeAddressAware.exe ()
FirewallRules: [{0CBAF81B-AEFE-4D04-B096-C24662A3F97F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestraLargeAddressAware.exe ()
FirewallRules: [{AAC8B209-0516-46CE-90C8-AF1E2D3C9F8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS)
FirewallRules: [{70699FFE-950D-4C71-B487-B296ECF956AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS)
FirewallRules: [{6464DCA5-EF20-4CB8-9F13-0730F35B0961}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [TCP Query User{C72982D0-CE1D-40FA-9F30-1AAAC7E66722}C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\launcher.exe] => (Allow) C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\launcher.exe (1C-777 Limited)
FirewallRules: [UDP Query User{EDE6D501-9277-4F30-8235-390323226FC1}C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\launcher.exe] => (Allow) C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\launcher.exe (1C-777 Limited)
FirewallRules: [TCP Query User{78010E16-BB4B-4684-B86D-4951A5F9A611}C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\il-2.exe] => (Allow) C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\il-2.exe (1C-777 Limited)
FirewallRules: [UDP Query User{6EC903B8-EE06-49B9-9A9A-F6AB69DF118D}C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\il-2.exe] => (Allow) C:\program files (x86)\1c game studios\il-2 sturmovik battle of stalingrad\bin\game\il-2.exe (1C-777 Limited)
FirewallRules: [{FA165DB2-3E84-4B5E-B780-3D5CF14910D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{DC85BB46-4C12-44E2-AAA4-7E66D8CC10A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{1AB0A86C-0EEF-435A-BD74-9549BF71E7FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{FE9638DF-E033-4E06-B4A9-36C37AB32701}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{B4856D23-8AE2-4F59-808A-58EEBCE7CA87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{A04A1995-12B4-4297-BA0B-7938CDAF8456}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{7F3BE407-6217-4CCC-A7EA-1C62A50116F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{43CB3B30-2D27-4411-9C3E-638C92498501}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
FirewallRules: [{696E5F92-39AC-4F06-8729-89F241F66437}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
FirewallRules: [{33A36C0B-BE0C-45C4-916B-6B0FBC65EC10}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)
FirewallRules: [{281E5ADC-65C0-463B-B508-6A22625F97DB}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)
FirewallRules: [{26815951-8725-48E0-BDF0-36FF5B880055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestraLargeAddressAware.exe ()
FirewallRules: [{EE008C39-1F4D-4014-B3DB-911DE4745E70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra\System\RedOrchestraLargeAddressAware.exe ()
FirewallRules: [{296F11C1-469B-4580-B6CC-A37B95446B48}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{D4F5579D-B57C-4BE3-B72E-E7CC555B94E9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

30-12-2018 14:58:56 Punto de control programado
07-01-2019 21:15:47 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Tarjeta LAN inalámbrica 802.11n
Description: Tarjeta LAN inalámbrica 802.11n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2019 10:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: GWXUX.exe, versión: 6.3.9600.17813, marca de tiempo: 0x554a15f3
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.23418, marca de tiempo: 0x5708a857
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000048d84
Id. del proceso con errores: 0x156c
Hora de inicio de la aplicación con errores: 0x01d4a85f225878d4
Ruta de acceso de la aplicación con errores: C:\Windows\System32\GWX\GWXUX.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Id. del informe: 61956014-1452-11e9-a897-20cf30200a73

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/09/2019 07:50:56 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA LocalSystem Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio devolo Network Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Telemetry Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SAMSUNG Mobile Connectivity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/21/2019 08:26:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio PnkBstrA se terminó de manera inesperada. Esto ha sucedido 1 veces.


CodeIntegrity:
===================================

Date: 2018-05-30 14:21:54.966
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\gpapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-05-30 14:21:54.866
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\gpapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-05-30 14:21:54.681
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\FWPUCLNT.DLL porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-05-30 14:21:54.485
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-05-30 14:21:54.383
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\NapiNSP.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-05-30 14:21:54.283
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\nlaapi.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 22%
Total physical RAM: 12286.05 MB
Available physical RAM: 9530.83 MB
Total Virtual: 24570.29 MB
Available Virtual: 21726.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:51.11 GB) NTFS
Drive d: (Disco local) (Fixed) (Total:465.76 GB) (Free:160.83 GB) NTFS

\\?\Volume{9977717a-934d-11e4-8ab3-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7A562138)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BD2D2258)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#8

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
FF HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joseba\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-1412667433-2437821996-2063077104-1001: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\Joseba\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-21]
2019-01-21 22:07 - 2015-05-03 08:52 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job
2019-01-21 14:03 - 2015-06-17 21:11 - 000001006 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA.job
2019-01-21 14:02 - 2018-08-30 23:03 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-21 14:02 - 2017-03-13 22:59 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-21 14:02 - 2015-05-03 08:52 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {1AE79A89-9D7D-4EB7-BEF6-BCC6F368B0B3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B3A3E922-EAC0-47BC-BB18-E4B580BB8EBB} - System32\Tasks\Google Update => C:\Windows\upr.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\Users\Joseba:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Joseba\Dropbox:user.myxattr [0]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo


#9

Hola Daniela

En primer lugar agradecerte las molestias que te estas tomando.

En segundo lugar decirte que han desaparecido los sintomas de problema que tratabamos Es decir, ya no me aparece el aviso de AVG y la busqueda a traves de google no se redirecciona como te indique en el primer post. Lo cual no se si indica que el problema a desaparecido o simplememte que no se muestra.

Te cuento esto por si crees que es necesario realizar las operaciones que me indicas en el pos anterior.

Un saludo


#10

Hola

Si, realiza el último paso que te di :+1:

Un saludo


#11

Un saludo

Aqui esta el reporte

Gracias

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Joseba (25-01-2019 23:42:50) Run:1
Running from C:\Users\Joseba\Desktop
Loaded Profiles: Joseba (Available Profiles: Joseba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
FF HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Joseba\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-1412667433-2437821996-2063077104-1001: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\Joseba\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-21]
2019-01-21 22:07 - 2015-05-03 08:52 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job
2019-01-21 14:03 - 2015-06-17 21:11 - 000001006 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA.job
2019-01-21 14:02 - 2018-08-30 23:03 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-21 14:02 - 2017-03-13 22:59 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-21 14:02 - 2015-05-03 08:52 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {1AE79A89-9D7D-4EB7-BEF6-BCC6F368B0B3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B3A3E922-EAC0-47BC-BB18-E4B580BB8EBB} - System32\Tasks\Google Update => C:\Windows\upr.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\Users\Joseba:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Joseba\Dropbox:user.myxattr [0]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.20.4 => removed successfully
"C:\Users\Joseba\AppData\Roaming\ACEStream\player\npace_plugin.dll" => not found
CHR Extension: (Chrome Media Router) - C:\Users\Joseba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-21] => Error: No automatic fix found for this entry.
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1412667433-2437821996-2063077104-1001UA.job => moved successfully
C:\Windows\System32\Tasks\AVAST Software => moved successfully
C:\Windows\System32\Tasks\Antivirus Emergency Update => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1AE79A89-9D7D-4EB7-BEF6-BCC6F368B0B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE79A89-9D7D-4EB7-BEF6-BCC6F368B0B3}" => removed successfully
"C:\Windows\System32\Tasks\AutoKMS" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B3A3E922-EAC0-47BC-BB18-E4B580BB8EBB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3A3E922-EAC0-47BC-BB18-E4B580BB8EBB}" => removed successfully
C:\Windows\System32\Tasks\Google Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Update" => removed successfully
"C:\Windows\Tasks\AutoKMS.job" => not found
C:\Users\Joseba => ":Heroes & Generals" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
"C:\Users\Joseba\Dropbox" => ":user.myxattr" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1412667433-2437821996-2063077104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::71d7:761b:9631:c7ea%10
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.33
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{04AC8194-BFDF-4652-8AC8-A5B1C939B8E6}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {B932D869-6AE4-4782-99D2-053671BC9C6D}.
{DABCF0D1-EDB8-42A8-B52D-CB2922C8057F} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23766704 B
Java, Flash, Steam htmlcache => 416789587 B
Windows/system/drivers => 723 B
Edge => 0 B
Chrome => 16701484 B
Firefox => 1099678561 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58568987 B
systemprofile32 => 1656618 B
LocalService => 66228 B
NetworkService => 66228 B
Joseba => 560853014 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:43:24 ====

#12

Hola

Como sigue el problema.

Un saludo


#13

Hola Anoche te mande el FIXLOG y como te comente anteriormente parece que el problema a desaparecido.

Un saludo


#14

Hola @Jap_AI

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :handshake:

Nos alegramos que se te haya resuelto :Bien: Damos el tema por solucionado.

Solucionado

Un saludo


cerrado #15

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.