Como dije en el titulo tengo mucho tiempo sin hacerle un mantenimiento a mi laptop y creo que la he descuidado bastante, sospecho que pueda tener algun virus o algo ya que va muy lenta y ciertos programas se me cierran solos de vez en cuando… tambien sospecho que puede ser la memoria ram.
Hola @Marko
Bienvenido a esta nueva etapa de InfoSpyware!!!
Realiza lo siguiente:
1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.
2.- Descarga, instala y/o actualiza a las siguientes herramientas:
3.- Ejecutas respetando el orden los pasos:
CCleaner
Usando su opción Limpiador de acuerdo su Manual:
-
Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
-
NO necesitamos este reporte
AdwCleaner
Lo ejecutas.
- Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
- Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
- Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
- El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”
ZHPCleaner
- Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.
Malwarebytes
- No olvides actualizarlo.
- Lee detenidamente su Manual
- Realiza un Análisis Personalizado marcando todas las unidades
- Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
- Reinicias el Sistema.
- En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.
4.- Nota Importante:
En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.
Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]
Nos comentas.
Salu2
~ ZHPCleaner v2019.5.5.61 by Nicolas Coolman (2019/05/05)
~ Run by Marco (Administrator) (07/05/2019 00:17:29)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Marco\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Marco\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 17134)
---\ Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)
---\ Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)
---\ Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)
---\ Hosts carpeta (1)
~ El archivo hosts es legítimo (23)
---\ Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)
---\ Explorador ( Archivos, Carpetas ) (84)
MOVIDO carpeta: C:\Windows\Installer\wix{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{AF599C42-A2E5-4251-B7EE-4925C1D7AE31}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{B2E25355-C24E-4E7D-8AD3-455D59810838}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{FBA3961B-D1DF-493C-BC1F-E67D3B832895}.SchedServiceConfig.rmi =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\5809ad9.msp =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\99347b.msp =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Users\Marco\Downloads\BitTorrent.exe [BitTorrent Inc. - BitTorrent] =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Marco\Downloads\DkS3 Megamule Basic Edition-96-1-2.zip =>Adware.aMULEcustom
MOVIDO carpeta: C:\Users\Marco\Downloads\setup-lightshot.exe [Skillbrains - lightshot Setup] =>.SUP.Skillbrains
MOVIDO carpeta: C:\Users\Marco\Downloads\TextUtils.exe [Lays-Studio - TextUtils] =>PUP.Optional.Manager
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-11424.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-11500.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-14768.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-14952.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-31156.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-8760.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\aria-debug-9816.log =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\{7B88EAA0-D408-4BC5-833C-1385D05BC2A1} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Marco\AppData\Local\Temp\{E3676A09-C5CC-4025-AF94-2AE300039D6D} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVIDO carpeta*: C:\Program Files (x86)\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
MOVIDO carpeta: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico
MOVIDO carpeta*: C:\ProgramData\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj =>PUP.Optional.DefaultSearch
MOVIDO archivo^: C:\Program Files (x86)\Skillbrains =>.SUP.Skillbrains
MOVIDO archivo: C:\Program Files\KMSpico =>HackTool.KMSpico
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\014 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\019 =>.SUP.Temporary.Chrome
MOVIDO archivo^: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\020 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\021 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\022 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\023 =>.SUP.Temporary.Chrome
MOVIDO archivo^: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\024 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\025 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\026 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\027 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\028 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\029 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\030 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\031 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\032 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\033 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\034 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\035 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\036 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\037 =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\038 =>.SUP.Temporary.Chrome
MOVIDO archivo^: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\WINDOWS\Installer\MSI1E4A.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI2178.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI23C4.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI2A82.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI30FB.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI3206.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI4105.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI44FD.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI489C.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI494F.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI4A07.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI5F79.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI783E.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI806E.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI8776.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI9EF.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIA7AF.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIB19A.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIB1F6.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIB487.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIB60F.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIBB6.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIBC04.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSICAB1.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSICD83.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSID182.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSID25D.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSID378.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIDF6B.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIEF71.tmp- =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIFA2A.tmp- =>.SUP.Empty
---\ Registro ( Claves, Valores, Datos) (15)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [] =>PUP.Optional.DefaultSearch
BORRADOS clave*: [X64] HKLM\SOFTWARE\57979c68-f490-55b8-8fed-8b017a5af2fe [] =>Adware.CrossRider
BORRADOS clave*: HKEY_USERS\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\SkillBrains [] =>.SUP.Skillbrains
BORRADOS clave*: HKEY_USERS\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Tencent [] =>.SUP.Tencent
BORRADOS clave**: HKCU\Software\SkillBrains [] =>.SUP.Skillbrains
BORRADOS clave**: HKCU\Software\Tencent [] =>.SUP.Tencent
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains [] =>.SUP.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains] =>.SUP.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{574174fe-f669-4c0a-8b63-01d576c72025} [Lavasoft] =>PUP.Optional.LavasoftWebCompanion
BORRADOS valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_56D976794F990CB20E35B49F5BE31F4C ['C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Lightshot [0x040000000000000000000000] =>.SUP.Skillbrains
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Sound Blaster Cinema [0x020000000000000000000000] =>Heuristic.Suspect
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_56D976794F990CB20E35B49F5BE31F4C [0x020000000000000000000000] =>Heuristic.Suspect
BORRADOS valor: HKEY_USERS\S-1-5-21-2713763906-1647206067-2837485295-1006\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings\\nladljmabboanhihfkjacnnkgjhnokhj [88D0D124E8B14A8BE84DBD83EA51C0A00CE32EE316E2DE768C82BEE1FC07305F] =>PUP.Optional.DefaultSearch
---\ Resumen de elementos en su estación de trabajo (16)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/10/adware-amulecustom/ =>Adware.aMULEcustom
https://nicolascoolman.eu/2019/01/sup-skillbrains =>.SUP.Skillbrains
https://www.nicolascoolman.com/fr/pup-manager/ =>PUP.Optional.Manager
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.DefaultSearch
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider
https://nicolascoolman.eu/2017/02/23/tencentadressbar/ =>.SUP.Tencent
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
---\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)
---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ El sistema ha sido reiniciado.
---\ STATISTIQUES
~ Items escaneado : 3415
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h01mn05s
---\ Reporte (2)
ZHPCleaner-[S]-07052019-00_15_48.txt
ZHPCleaner-[R]-07052019-00_18_34.txt
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-06-2019
# Duration: 00:00:22
# OS: Windows 10 Pro
# Cleaned: 57
# Failed: 4
***** [ Services ] *****
Deleted WCAssistantService
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Marco\AppData\LocalLow\.acestream
Deleted C:\Users\Marco\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Marco\AppData\Roaming\IOBIT\Driver Booster
Deleted C:\Users\Marco\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Marco\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted C:\Users\Marco\AppData\Roaming\Tencent
Deleted C:\_acestream_cache_
Not Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Not Deleted C:\ProgramData\Lavasoft\Web Companion
Not Deleted C:\Users\Marco\AppData\Roaming\.acestream
Not Deleted C:\Users\Marco\AppData\Roaming\acestream
***** [ Files ] *****
Deleted C:\END
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted HKCU\Software\AceStream
Deleted HKCU\Software\Classes\.acelive
Deleted HKCU\Software\Classes\.acemedia
Deleted HKCU\Software\Classes\.acestream
Deleted HKCU\Software\Classes\.tslive
Deleted HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\acestream
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted HKCU\Software\RegisteredApplications|AceStream
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BC058B4D-A577-4357-9951-89E315D56B00}C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{068C816F-C39C-4B40-A639-606DB0211138}C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{81E9D328-B7D1-44DF-8E9B-B2E38FD54E8D}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B776F245-E002-46C2-8785-C9207822FAE7}
Deleted HKLM\Software\Classes\.acestream
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
Deleted Adaware Secure Search
Deleted Chrome Cleaner Pro
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
Ahora cuando termine el de malwarebytes lo pongo
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 7/5/19
Hora del análisis: 0:20
Archivo de registro: 2293060a-704d-11e9-8e8e-a088696cba28.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.10490
Licencia: Gratis
-Información del sistema-
SO: Windows 10 (Build 17134.706)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-79793IC\Marco
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 1137006
Amenazas detectadas: 16
Amenazas en cuarentena: 16
Tiempo transcurrido: 8 hr, 33 min, 22 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 16
PUP.Optional.Conduit, C:\USERS\MARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BOL440J3.DEFAULT\PREFS.JS, Sustituido, [210], [301520],1.0.10490
PUP.Optional.Conduit, C:\USERS\MARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BOL440J3.DEFAULT\PREFS.JS, Sustituido, [210], [303091],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\SECOH-QAD.EXE, En cuarentena, [0], [392686],1.0.10490
RiskWare.Cracker, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\CHECKERS\EZCRACKV1.7\EZCRACK V1.7.EXE, En cuarentena, [8681], [634290],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\CHECKERS\ALL IN ONE CHECKER\ALL-IN-ONE CHECKER_V24721.EXE, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\CHECKERS\SENTRY MBA 1.5.0 (LATEST VERSION)\SENTRY MBA 1.5.0 (LATEST VERSION)\SENTRY_MBA.EXE, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\SQLI DUMPER\SQLI DUMPER.EXE, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\SQLI DUMPER (1)\SQLI DUMPER.EXE, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\SQLI DUMPER (1).RAR, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\CRACKING PACK [GHOST]\SQLI DUMPER.RAR, En cuarentena, [0], [392686],1.0.10490
Generic.Malware/Suspicious, C:\USERS\MARCO\DOCUMENTS\SENTRY MBA 1.4.1\SENTRY_MBA.EXE, En cuarentena, [0], [392686],1.0.10490
Adware.FusionCore, C:\USERS\MARCO\DOWNLOADS\FILEZILLA_3.41.2_WIN64-SETUP_BUNDLED.EXE, En cuarentena, [7706], [660097],1.0.10490
PUP.Optional.iObitDriverBooster, C:\USERS\MARCO\DOWNLOADS\DRIVER-BOOSTER-6-1-0-139.EXE, En cuarentena, [5304], [651970],1.0.10490
RiskWare.GameHack.Generic, C:\USERS\MARCO\DOWNLOADS\571_MY_TIME_AT_PORT.ZIPS, En cuarentena, [12574], [339459],1.0.10490
PUP.Optional.InstallCore, C:\USERS\MARCO\DOWNLOADS\LEGEND OF ZELDA, THE - OCARINA OF TIME MASTER QUEST (USA)_2714408389.EXE, En cuarentena, [435], [628729],1.0.10490
RiskWare.GameHack, F:\GAMES\OUTWARD\STEAM_API64.DLL, En cuarentena, [7607], [305544],1.0.10490
Sector físico: 0
(No hay elementos maliciosos detectados)
Hola @MarKo
Tenias todos los adware de la red…
Realiza lo siguiente:
Análisis del PC con Eset Online Scaner : Manual de Uso
NOTAS IMPORTANTES:
- Revisa detenidamente el manual para que sepas como salvar su reporte.
- Lo pegas en tu próxima respuesta.
Guía: Como pegar Reportes en el Foro?
Salu2.
8/5/2019 3:54:57 a. m.
Archivos explorados: 955370
Archivos infectados: 26
Amenazas eliminadas: 26
Tiempo total de exploración 04:37:11
Estado de la exploración: Finalizado
23:12:18 # product=EOS
# version=8
# ESETOnlineScanner_ESL.exe=3.0.17.0
# country="Venezuela"
# lang=13322
23:13:11 Updating
23:13:11 Update Init
23:13:13 Update Download
23:16:21 esets_scanner_reload returned 0
23:16:21 g_uiModuleBuild: 41311
23:16:21 Update Finalize
23:16:21 Call m_esets_charon_send
23:16:21 Call m_esets_charon_destroy
23:16:21 Updated modules version: 41311
23:16:31 Call m_esets_charon_setup_create
23:16:31 Call m_esets_charon_create
23:16:31 m_esets_charon_create OK
23:16:31 Call m_esets_charon_start_send_thread
23:16:32 Call m_esets_charon_setup_set
23:16:32 m_esets_charon_setup_set OK
23:16:32 Scanner engine: 41311
03:55:49 # product=EOS
# version=8
# flags=0
# av=1
# fw=7
# admin=1
# ESETOnlineScanner_ESL.exe=3.0.17.0
# EOSSerial=c10a3e41b3e2714c9508004714f68029
# engine=41311
# end=finished
# bannerClicked=1
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2019-05-08 01:55:49
# local_time=2019-05-08 03:55:49 (+0100, Hora de verano romance)
# country="Venezuela"
# lang=13322
# osver=10.0.17134 NT
# compatibility_mode_1='Avast Antivirus'
# compatibility_mode=815 16777213 83 97 24530 10419319 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2367790 33790911 0 0
# scanned=955370
# found=26
# cleaned=26
# scan_time=16631
# stats_enabled=0
# scan_type=3
sh=7AFA2C9069FA2C3DC5306A64F44E401D83A51189 ft=0 fh=0000000000000158 vn="una variante de Generik.HBKPFTF troyano (desinfectado por eliminación)" ac=C fn="C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml"
sh=983E802853796BED9F4CF7278B6366DF1ED2012F ft=0 fh=00000000000018c3 vn="JS/Adware.OpenCleaner.A aplicación (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp\1.1.1_0\js\background.js"
sh=380822E0449681812152552F1B25FCD3879572D1 ft=1 fh=0000000000019d20 vn="una variante de MSIL/WebCompanion.D aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.Utils.dll"
sh=94EBF88099A396D3EED4B35D5EC8F29581D209E5 ft=1 fh=0000000000006520 vn="una variante de MSIL/WebCompanion.D aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.WCAssistant.WinService.exe"
sh=4FD1ECECEF0ECB7A6F8D90C99B8BF9BEB5D8CDB4 ft=1 fh=0000000000729520 vn="una variante de MSIL/WebCompanion.D aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanion.exe"
sh=695427A66499436EBF0245312673E05CDB66B2DA ft=1 fh=000000000004fd20 vn="una variante de MSIL/WebCompanion.C aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanionInstaller.exe"
sh=983654BE57C506E0A9800F3C63136CB3638FD2E0 ft=0 fh=00000000000002b4 vn="Win32/HackKMS.AZ aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\scripts\AddExceptionsWD.reg"
sh=EFAC5C2E59DDEF2F0A7782AD1DEA8F6B25A07395 ft=0 fh=00000000000000d5 vn="Win32/HackKMS.AZ aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\scripts\Install_Service.cmd"
sh=5919C95EF78BD4AB200F8071B98970FF9541A24A ft=0 fh=00000000000000dc vn="Win32/HackKMS.AZ aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\scripts\Install_Task.cmd"
sh=608B42CA0203B11A00AD75516680435F785EDBAD ft=0 fh=0000000000000054 vn="Win32/HackKMS.AZ aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\scripts\Silent.cmd"
sh=7F92FD5D84A139998C99FDF4CC5C1A2709B56105 ft=1 fh=00000000002bce60 vn="una variante de MSIL/WebCompanion.A aplicación potencialmente no deseada,una variante de Win32/WebCompanion.B aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\BitTorrent.exe"
sh=7AFA2C9069FA2C3DC5306A64F44E401D83A51189 ft=0 fh=0000000000000158 vn="una variante de Generik.HBKPFTF troyano (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Desktop\Tor Browser\Browser\firefox.VisualElementsManifest.xml"
sh=57C9C1C9F275DBEFB33308E8B5F2B0042CEA7A82 ft=1 fh=000000000000ae00 vn="una variante de MSIL/HackTool.BruteForce.GY troyano (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Documents\Cracking Pack [Ghost]\Checkers\Origin & Steam Cracker\QIWIChecker.exe"
sh=41618E01B574D9C382E73F4617281C04522A3573 ft=1 fh=000000000089927c vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.0.8745\Update\Setup.exe"
sh=48676E785FA1CAB013D2B7935229DE61117D5FC2 ft=1 fh=0000000000899223 vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.0.8796\Update\Setup.exe"
sh=BDA6F4D479E40029C1116E593B026CD30FDBFBC0 ft=1 fh=00000000008992a0 vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.1.8909\Update\Setup.exe"
sh=58C7139D5257AFCFFB2EA4056A1E0F424381DED8 ft=1 fh=0000000000aaec60 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\ccsetup538.exe"
sh=9CE1D04D941DE7C3B058CC7E94A7C11431D285CA ft=1 fh=000000000113c228 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\ccsetup548.exe"
sh=2EFAE88E4298861B32A63E5CD191BF5160D3398E ft=1 fh=0000000001445040 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\ccsetup556.exe"
sh=D43243DCA1033791C2A8963C4DF46A5DD2726F4C ft=1 fh=00000000004e02a0 vn="una variante de Win64/SystemRequirementsLab.A aplicación potencialmente no deseada (desinfectado por eliminación)" ac=C fn="C:\Users\Marco\Downloads\Detection (1).exe"
sh=E042C7B133AAB2DD55A8CADA6331C2EDD34651D6 ft=0 fh=00000000009da9dc vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.0.8745.rar"
sh=8C3EEDCB7D6E53EB3C28F93E0EEA90EDB59DBEE7 ft=0 fh=0000000000d8e48d vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.0.8796.rar"
sh=975AFD4B6F39171E2E1B7E8F1CD543C0E1C45BA6 ft=0 fh=0000000000f28193 vn="una variante de Win32/HackTool.Crack.ES aplicación potencialmente no segura (eliminado)" ac=C fn="C:\Users\Marco\Downloads\Northgard.Update.v1.1.8909.rar"
sh=BFBE2C4A6341C1BC25FE01FD36361E55766DDA0B ft=1 fh=000000000003c400 vn="una variante de Win32/HackTool.Crack.CM aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="F:\Games\Crusader Kings 2\steam_api.dll"
sh=559004D8E523C9658ECBBCA5D25B4996CE24754A ft=1 fh=00000000000acc00 vn="Win32/HackTool.Crack.DW aplicación potencialmente no segura (desinfectado por eliminación)" ac=C fn="F:\Games\Mount.Blade.Warband.v1.174.Inclu.ALL.DLC\MountBlade Warband\steam_api.dll"
sh=18945058256E0217004945C280A147D0D936F93D ft=0 fh=00000000a864a492 vn="Win32/HackTool.Crack.DW aplicación potencialmente no segura (eliminado)" ac=C fn="F:\Games\Mount.Blade.Warband.v1.174.Inclu.ALL.DLC.rar"
03:55:50 Call m_esets_charon_send
03:55:50 Call m_esets_charon_destroy
Hola @MarKo
Veremos que mas hay por alli…
Realiza lo siguiente:
1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.
2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?
- Ejecuta FRST.exe.
- En el mensaje de la ventana del Disclaimer, pulsamos Yes
- En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
- Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Guía: Como Ejecutar FRST
3.- En tu próxima respuesta, pega los reportes generados.
Guía : ¿Como Pegar reportes en el Foro?
Esperamos esos reporte.
Salu2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05.2019
Ran by Marco (administrator) on DESKTOP-79793IC (Micro-Star International Co., Ltd. GE60 2PE) (08-05-2019 14:45:40)
Running from C:\Users\Marco\Desktop
Loaded Profiles: Marco & (Available Profiles: Marco)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel(R) Software -> Intel Corporation) C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe
(Intel(R) Software -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(SteelSeries ApS) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\Marco\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\Marco\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\Marco\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\Marco\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366624 2017-05-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-20] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150232\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [Spotify] => C:\Users\Marco\AppData\Roaming\Spotify\Spotify.exe [25805544 2019-05-04] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [Discord] => C:\Users\Marco\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2015-06-11] (SteelSeries ApS) [File not signed]
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2222032 2018-12-04] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Run: [GoogleChromeAutoLaunch_56D976794F990CB20E35B49F5BE31F4C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1723888 2019-04-30] (Google LLC -> Google Inc.)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [Spotify] => C:\Users\Marco\AppData\Roaming\Spotify\Spotify.exe [25805544 2019-05-04] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [Discord] => C:\Users\Marco\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2015-06-11] (SteelSeries ApS) [File not signed]
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2222032 2018-12-04] (TEFINCOM S.A. -> NordVPN)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3642880 2016-05-08] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3613696 2016-05-08] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LWLR] => C:\Windows\SysWOW64\RGBACodec.dll [37488 2017-04-03] (EditShare EMEA (X-Edit Limited) -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-07] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-08-23]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-12-23]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Marco\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) [File not signed]
Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2018-10-11] () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05025240-8C6C-4CFD-ACF0-6DAE52E7BCE0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {06E54FB4-8D65-4CDA-940D-A6BCBF96A351} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [131129288 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {0965A6DF-11F5-4009-AD84-1E1E00D428F5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {16C51C06-9DF1-47B4-BAE1-CAB5AA97D552} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {23FF2DE1-CDC0-4284-8485-2ED636CB28BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {28C44903-0A7C-408B-8C2C-988DF8CDDF98} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FC531BD-7313-4523-956E-C01CFCA21A96} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {44BE6B4B-9880-4152-B045-4F826E485A31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-20] (Google Inc -> Google Inc.)
Task: {48198098-E8EF-4501-9A3C-D2D8C676909A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4921871C-DE90-4A49-B135-C5A3D6962CAE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A4638D1-D79D-4446-89E7-5236344FC943} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {54B5679B-BEB3-41B1-9932-4A26D95A8F31} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-79793IC-Marco => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {664B25FB-0DDD-4161-83F0-9449AB119A39} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6A1DEB58-F2A1-4B8D-959C-619796843998} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C82A2A8-73CF-47C8-9A80-7C415B72D69C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {72F2E0A0-974E-42A2-AAAB-42AF921284D5} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1286840 2015-05-05] (Intel(R) Software -> Intel Corporation)
Task: {7EB5EE7F-5830-45DC-8552-3B6B6D621FA4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8197EB1F-FA67-4BA7-8850-46AC85CE8B5E} - System32\Tasks\Opera scheduled Autoupdate 1514737750 => C:\Program Files\Opera\launcher.exe [1465432 2019-04-21] (Opera Software AS -> Opera Software)
Task: {84B74A1D-5A51-4032-B224-8C9A1EB2AED3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {84DB2082-FBD8-4329-BD77-09B4B1F48B5E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A3FA9725-D5C8-4C91-8B3F-8FC2DDD81E3D} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A42AB5BA-1E43-4C6D-AFB3-7603D33E6C64} - System32\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {AA3F945C-8810-4695-8A3D-EAE01AFC3D59} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AD7E7B71-1C3D-42AB-8DC9-B91492541863} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2436936 2019-04-21] (Overwolf Ltd -> Overwolf LTD)
Task: {B1926E83-9F8F-42F0-8687-D1DB4D1D9544} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BBBF6236-B154-45BD-A5B0-BBB4760A55B0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {CB2C02B6-A7E8-4634-A9B0-8EE7497AE7CB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {CB6BBBB4-5A74-40DC-B369-07F4F844351E} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {D2BC4E12-94C1-4D11-B03A-DBAED1D613BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D398C8E8-F7A6-4E95-BAD4-6AD0E2AF9AA7} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D7F61171-3DD6-45E6-B9ED-1AF12C7BEFDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-20] (Google Inc -> Google Inc.)
Task: {D9E48B29-577D-49E9-9005-3F8A217C05B7} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [1680520 2014-01-23] (MICRO-STAR INTERNATIONAL CO., LTD -> TODO: <公司名稱>) [File not signed]
Task: {DC60C726-2668-4CD4-8EC4-9842033D69DF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [1332736 2017-12-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DD2B9967-A519-4129-AE7A-22D9EDD1F4AC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DD535E72-EF4F-47B4-90B3-FFBCCF6C5093} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {E49EF282-B9D5-48E1-B9A0-AFFE74E94C13} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {E8E00A36-4D11-4A26-A8BE-F462FE478EE7} - System32\Tasks\S-1-5-21-2713763906-1647206067-2837485295-1006\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [132608 2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {EA227EB7-CA80-4C61-A76F-0958E6140402} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {EF4EC67B-B68E-482F-9A04-545B0BFDF48C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2027FC5-B747-47B9-B218-3B4A0B238859} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-79793IC-Marco => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F218FF5A-185C-44A1-8CD1-36FC783575CC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{60237f9f-740b-45cc-9f56-d0298c5b7c67}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{66af6839-7c00-4213-8073-21d6c1cff387}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{66af6839-7c00-4213-8073-21d6c1cff387}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: bol440j3.default
FF ProfilePath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bol440j3.default [2019-05-07]
FF Homepage: Mozilla\Firefox\Profiles\bol440j3.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Avast SafePrice) - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bol440j3.default\Extensions\[email protected] [2018-11-14] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bol440j3.default\Extensions\[email protected] [2018-11-14]
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-25] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-25] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherLS\npSoftnyx.dll [2015-09-22] (Softnyx Co., Ltd. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default [2019-05-08]
CHR Extension: (Presentaciones) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-20]
CHR Extension: (Documentos) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-20]
CHR Extension: (Google Drive) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-20]
CHR Extension: (YouTube) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-20]
CHR Extension: (uBlock Origin) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-06]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2019-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Hojas de cálculo) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Avast Online Security) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-02]
CHR Extension: (Arcane Legends) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2018-11-21]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-04-06]
CHR Extension: (Jakcodex/Muledump CORS Adapter) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimhkldbldnmapepklmeeinclchfkddd [2019-05-04]
CHR Extension: (Violentmonkey) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2019-05-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-02]
CHR Extension: (Ace Script) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-22]
CHR Extension: (MetaMask) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-05-02]
CHR Extension: (MyEtherWallet) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2018-11-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (EtherAddressLookup) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknmigbbbhmllnmgdfalmedcmcefdfn [2019-04-02]
CHR Extension: (Gmail) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-07]
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-11] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-12-07] (BitRaider LLC -> BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-04-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2017-05-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183480 2017-08-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2483376 2018-06-15] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NGS; C:\WINDOWS\NGService.exe [2994248 2018-12-11] (NEXON Korea Corporation. -> NEXON Korea Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [184784 2018-12-04] (TEFINCOM S.A. -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2436936 2019-04-21] (Overwolf Ltd -> Overwolf LTD)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [285696 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-07] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-07] (Microsoft Corporation -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72880 2018-06-15] (Rivet Networks LLC -> CloudBees, Inc.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72888 2018-06-15] (Rivet Networks LLC -> CloudBees, Inc.)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Software -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [257832 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2018-12-07] (BitRaider -> BitRaider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2018-01-15] (Disc Soft Ltd -> Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31824 2017-05-04] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-12-12] (Martin Malik - REALiX -> REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232976 2017-08-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-12] (Intel(R) Software -> Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [150184 2018-06-15] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-06] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2018-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3595472 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_b5e3213e640f6936\nvlddmkm.sys [20747736 2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-09-23] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SAlphaPS2; C:\WINDOWS\System32\drivers\SAlphaPS264.sys [27520 2014-10-08] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48320 2018-08-20] (SteelSeries ApS -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2017-12-18] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] (Micro-Star Int'l Co. Ltd. -> )
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-27] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-08 14:45 - 2019-05-08 14:48 - 000051660 _____ C:\Users\Marco\Desktop\FRST.txt
2019-05-08 14:45 - 2019-05-08 14:45 - 000000000 ____D C:\FRST
2019-05-08 14:44 - 2019-05-08 14:44 - 002430464 _____ (Farbar) C:\Users\Marco\Desktop\FRST64.exe
2019-05-08 03:55 - 2019-05-08 03:55 - 000000358 _____ C:\Users\Marco\Desktop\reporte eset.txt
2019-05-07 23:12 - 2019-05-07 23:12 - 000000000 ____D C:\Users\Marco\AppData\Local\ESET
2019-05-07 23:10 - 2019-05-07 23:10 - 007666296 _____ (ESET spol. s r.o.) C:\Users\Marco\Desktop\ESETOnlineScanner_ESL.exe
2019-05-07 18:00 - 2019-05-07 18:00 - 000051593 _____ C:\Users\Marco\Downloads\the-hangover-english-yify-9136.zip
2019-05-07 17:15 - 2019-05-07 17:15 - 001461862 _____ C:\Users\Marco\Downloads\plantillas-definitivas-2019-1.pdf
2019-05-07 14:24 - 2019-05-07 14:24 - 000000000 ____D C:\Users\Marco\AppData\LocalLow\Temp
2019-05-07 14:24 - 2019-05-07 14:24 - 000000000 ____D C:\Users\Marco\AppData\Local\OfficeBSCache-MyComputer
2019-05-07 13:05 - 2019-05-07 13:05 - 000003804 _____ C:\Users\Marco\Desktop\mbam1.txt
2019-05-07 12:59 - 2019-05-07 12:59 - 000004145 _____ C:\Users\Marco\Desktop\mbam.txt
2019-05-07 00:18 - 2019-05-07 00:18 - 000013149 _____ C:\Users\Marco\Desktop\ZHPCleaner (R).txt
2019-05-07 00:15 - 2019-05-07 00:15 - 000014330 _____ C:\Users\Marco\Desktop\ZHPCleaner (S).txt
2019-05-07 00:07 - 2019-05-07 00:18 - 000000000 ____D C:\Users\Marco\AppData\Roaming\ZHP
2019-05-07 00:07 - 2019-05-07 00:07 - 000000875 _____ C:\Users\Marco\Desktop\ZHPCleaner.lnk
2019-05-07 00:07 - 2019-05-07 00:07 - 000000000 ____D C:\Users\Marco\AppData\Local\ZHP
2019-05-07 00:03 - 2019-05-07 00:03 - 003142016 _____ C:\Users\Marco\Desktop\ZHPCleaner.exe
2019-05-06 23:48 - 2019-05-06 23:48 - 001790024 _____ (Malwarebytes) C:\Users\Marco\Downloads\JRT.exe
2019-05-06 23:24 - 2019-05-06 23:24 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-06 23:17 - 2019-05-06 23:17 - 007025360 _____ (Malwarebytes) C:\Users\Marco\Desktop\adwcleaner_7.3.exe
2019-05-06 22:51 - 2019-05-06 22:56 - 033526857 _____ C:\Users\Marco\Downloads\[X31.6.0]059client_mpgh.net.zip
2019-05-06 19:09 - 2019-05-08 00:53 - 000000000 ____D C:\Users\Marco\Desktop\estandares
2019-05-05 14:28 - 2019-05-05 14:32 - 488485356 _____ C:\Users\Marco\Downloads\Libro de historia.pdf
2019-05-04 15:22 - 2019-05-08 02:00 - 000000000 ____D C:\Users\Marco\AppData\Roaming\WhatsApp
2019-05-04 15:22 - 2019-05-04 15:22 - 000002265 _____ C:\Users\Marco\Desktop\WhatsApp.lnk
2019-05-04 15:22 - 2019-05-04 15:22 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-05-04 15:22 - 2019-05-04 15:22 - 000000000 ____D C:\Users\Marco\AppData\Local\WhatsApp
2019-05-04 15:19 - 2019-05-04 15:20 - 140089776 _____ (WhatsApp) C:\Users\Marco\Downloads\WhatsAppSetup.exe
2019-05-04 13:35 - 2019-05-04 13:35 - 000348195 _____ C:\Users\Marco\Downloads\temas_literatura_evau_17.pdf
2019-05-04 12:44 - 2019-05-04 12:44 - 000001338 _____ C:\Users\Public\Desktop\Tenorshare iCareFone.lnk
2019-05-04 12:44 - 2019-05-04 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenorshare iCareFone
2019-05-04 12:43 - 2019-05-04 12:43 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2019-05-04 12:42 - 2019-05-04 12:42 - 001428192 _____ (Tenorshare Co.Ltd) C:\Users\Marco\Downloads\icarefone.exe
2019-04-25 15:45 - 2019-04-25 15:45 - 000000080 ___SH C:\bootTel.dat
2019-04-25 14:16 - 2019-04-25 14:16 - 000000222 _____ C:\Users\Marco\Desktop\Motorsport Manager.url
2019-04-25 13:31 - 2019-04-25 13:31 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-24 21:25 - 2019-02-13 07:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-21 15:00 - 2019-04-10 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-04-21 15:00 - 2019-04-10 16:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-04-21 15:00 - 2019-04-10 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-21 15:00 - 2019-04-10 16:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-04-21 15:00 - 2019-04-10 16:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-21 15:00 - 2019-04-10 16:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-04-21 15:00 - 2019-04-10 16:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-21 15:00 - 2019-04-10 16:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-04-21 15:00 - 2019-04-10 16:53 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-04-21 15:00 - 2019-04-10 16:53 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 040421064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 035268296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 005276064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 004625552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 002033112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 001734288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6442531.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 001536144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6442531.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 001465432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 001130584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 000668664 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 000631896 _____ (NVIDIA Corporation)
C:\WINDOWS\system32\NvIFROpenGL.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 000534936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-04-21 15:00 - 2019-04-10 16:52 - 000522144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-04-21 15:00 - 2019-04-10 13:52 - 010320528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-04-21 15:00 - 2019-04-10 13:52 - 008785944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-04-21 15:00 - 2019-04-10 13:52 - 001169120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-04-21 15:00 - 2019-04-10 13:52 - 000915088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 020107920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 017432992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 004304672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 001462024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 001145536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 000794440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-04-21 15:00 - 2019-04-10 13:51 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-04-12 19:10 - 2019-04-25 13:32 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-11 13:17 - 2019-04-11 13:17 - 000000222 _____ C:\Users\Marco\Desktop\Albion Online.url
2019-04-10 19:57 - 2019-04-10 19:57 - 000443728 _____ C:\Users\Marco\Downloads\matricula examen asiganturas (1).pdf
2019-04-10 18:33 - 2019-04-10 18:33 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Albion
2019-04-10 18:31 - 2019-04-10 18:31 - 000000000 ____D C:\Users\Marco\AppData\LocalLow\Sandbox Interactive GmbH
2019-04-10 18:31 - 2019-04-10 18:31 - 000000000 ____D C:\Users\Marco\AppData\Local\Sandbox Interactive GmbH
2019-04-10 18:31 - 2019-04-10 18:31 - 000000000 ____D C:\Users\Marco\.QtWebEngineProcess
2019-04-10 18:31 - 2019-04-10 18:31 - 000000000 ____D C:\Users\Marco\.Albion Online Launcher
2019-04-10 00:09 - 2019-04-02 14:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 00:09 - 2019-04-02 14:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 00:09 - 2019-04-02 14:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 00:09 - 2019-04-02 14:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 00:09 - 2019-04-02 14:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 00:09 - 2019-04-02 14:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 00:09 - 2019-04-02 11:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 00:09 - 2019-04-02 11:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 00:09 - 2019-04-02 11:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 00:09 - 2019-04-02 11:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 00:09 - 2019-04-02 11:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 00:09 - 2019-04-02 11:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 00:09 - 2019-04-02 10:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 00:09 - 2019-04-02 10:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 00:09 - 2019-04-02 10:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 00:09 - 2019-04-02 10:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 00:09 - 2019-04-02 10:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 00:09 - 2019-04-02 09:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 00:09 - 2019-04-02 09:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 00:09 - 2019-04-02 09:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 00:09 - 2019-04-02 09:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 00:09 - 2019-04-02 09:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 00:09 - 2019-04-02 09:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 00:09 - 2019-04-02 09:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 00:09 - 2019-04-02 09:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 00:09 - 2019-04-02 09:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 00:09 - 2019-04-02 07:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 00:09 - 2019-04-02 07:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 00:09 - 2019-04-02 07:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 00:09 - 2019-04-02 06:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 00:09 - 2019-04-02 06:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 00:09 - 2019-04-02 06:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 00:09 - 2019-04-02 06:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 00:09 - 2019-04-02 06:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 00:09 - 2019-03-14 16:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 00:09 - 2019-03-14 16:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 00:09 - 2019-03-14 16:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 00:09 - 2019-03-14 16:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 00:09 - 2019-03-14 16:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 00:09 - 2019-03-14 16:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 00:09 - 2019-03-14 15:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 00:09 - 2019-03-14 10:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 00:09 - 2019-03-14 10:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 00:09 - 2019-03-14 10:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 00:09 - 2019-03-14 10:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 00:09 - 2019-03-14 10:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 00:09 - 2019-03-14 10:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 00:09 - 2019-03-14 10:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 00:09 - 2019-03-14 10:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 00:09 - 2019-03-14 10:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 00:09 - 2019-03-14 10:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 00:09 - 2019-03-14 10:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 00:09 - 2019-03-14 10:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 00:09 - 2019-03-14 10:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 00:09 - 2019-03-14 10:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 00:09 - 2019-03-14 10:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 00:09 - 2019-03-14 10:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 00:09 - 2019-03-14 10:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 00:09 - 2019-03-14 10:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 00:09 - 2019-03-14 10:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 00:09 - 2019-03-14 10:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 00:09 - 2019-03-14 10:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 00:09 - 2019-03-14 10:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 00:09 - 2019-03-14 10:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 00:09 - 2019-03-14 10:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 00:09 - 2019-03-14 09:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 00:09 - 2019-03-14 09:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 00:09 - 2019-03-14 09:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 00:09 - 2019-03-14 09:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 00:09 - 2019-03-14 09:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 00:09 - 2019-03-14 09:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 00:09 - 2019-03-14 09:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 00:09 - 2019-03-14 09:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 00:09 - 2019-03-14 09:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 00:09 - 2019-03-14 09:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 00:09 - 2019-03-14 09:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 00:09 - 2019-03-14 09:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 00:09 - 2019-03-14 09:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 00:09 - 2019-03-14 09:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 00:09 - 2019-03-14 09:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 00:09 - 2019-03-14 09:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 00:09 - 2019-03-14 09:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 00:09 - 2019-03-14 09:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 00:09 - 2019-03-14 09:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 00:08 - 2019-04-02 14:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 00:08 - 2019-04-02 14:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 00:08 - 2019-04-02 14:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 00:08 - 2019-04-02 14:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 00:08 - 2019-04-02 14:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 00:08 - 2019-04-02 14:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 00:08 - 2019-04-02 14:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 00:08 - 2019-04-02 14:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 00:08 - 2019-04-02 14:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 00:08 - 2019-04-02 14:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 00:08 - 2019-04-02 11:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 00:08 - 2019-04-02 11:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 00:08 - 2019-04-02 11:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 00:08 - 2019-04-02 10:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 00:08 - 2019-04-02 10:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 00:08 - 2019-04-02 10:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 00:08 - 2019-04-02 10:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 00:08 - 2019-04-02 10:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 00:08 - 2019-04-02 10:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 00:08 - 2019-04-02 10:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 00:08 - 2019-04-02 10:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 00:08 - 2019-04-02 10:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 00:08 - 2019-04-02 10:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 00:08 - 2019-04-02 10:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 00:08 - 2019-04-02 10:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 00:08 - 2019-04-02 09:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 00:08 - 2019-04-02 09:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 00:08 - 2019-04-02 09:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 00:08 - 2019-04-02 09:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 00:08 - 2019-04-02 09:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 00:08 - 2019-04-02 09:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 00:08 - 2019-04-02 09:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 00:08 - 2019-04-02 09:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 00:08 - 2019-04-02 09:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 00:08 - 2019-04-02 08:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 00:08 - 2019-04-02 07:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 00:08 - 2019-04-02 07:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 00:08 - 2019-04-02 06:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 00:08 - 2019-04-02 06:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 00:08 - 2019-04-02 06:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 00:08 - 2019-04-02 06:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 00:08 - 2019-04-02 06:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 00:08 - 2019-04-02 06:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 00:08 - 2019-03-16 14:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 00:08 - 2019-03-16 11:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 00:08 - 2019-03-14 16:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 00:08 - 2019-03-14 16:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 00:08 - 2019-03-14 16:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 00:08 - 2019-03-14 16:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 00:08 - 2019-03-14 16:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 00:08 - 2019-03-14 16:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 00:08 - 2019-03-14 16:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 00:08 - 2019-03-14 16:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 00:08 - 2019-03-14 16:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 00:08 - 2019-03-14 16:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 00:08 - 2019-03-14 16:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 00:08 - 2019-03-14 16:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 00:08 - 2019-03-14 16:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 00:08 - 2019-03-14 16:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 00:08 - 2019-03-14 16:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 00:08 - 2019-03-14 15:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 00:08 - 2019-03-14 15:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 00:08 - 2019-03-14 15:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 00:08 - 2019-03-14 15:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 00:08 - 2019-03-14 15:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 00:08 - 2019-03-14 10:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 00:08 - 2019-03-14 10:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 00:08 - 2019-03-14 10:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 00:08 - 2019-03-14 10:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 00:08 - 2019-03-14 10:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 00:08 - 2019-03-14 10:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 00:08 - 2019-03-14 10:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 00:08 - 2019-03-14 10:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 00:08 - 2019-03-14 10:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 00:08 - 2019-03-14 10:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 00:08 - 2019-03-14 10:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 00:08 - 2019-03-14 10:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 00:08 - 2019-03-14 10:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 00:08 - 2019-03-14 10:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 00:08 - 2019-03-14 10:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 00:08 - 2019-03-14 10:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 00:08 - 2019-03-14 10:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 00:08 - 2019-03-14 10:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 00:08 - 2019-03-14 10:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 00:08 - 2019-03-14 10:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 00:08 - 2019-03-14 10:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 00:08 - 2019-03-14 10:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 00:08 - 2019-03-14 10:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 00:08 - 2019-03-14 10:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 00:08 - 2019-03-14 10:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 00:08 - 2019-03-14 10:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 00:08 - 2019-03-14 10:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 00:08 - 2019-03-14 09:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 00:08 - 2019-03-14 09:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 00:08 - 2019-03-14 09:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 00:08 - 2019-03-14 09:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 00:08 - 2019-03-14 09:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 00:08 - 2019-03-14 09:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 00:08 - 2019-03-14 09:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 00:08 - 2019-03-14 09:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 00:08 - 2019-03-14 09:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 00:08 - 2019-03-14 09:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 00:08 - 2019-03-14 09:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 00:08 - 2019-03-14 09:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 00:08 - 2019-03-14 09:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 00:08 - 2019-03-14 09:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 00:08 - 2019-03-14 09:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 00:08 - 2019-03-14 09:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 00:08 - 2019-03-14 09:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 00:08 - 2019-03-14 09:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 00:08 - 2019-03-14 09:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 00:08 - 2019-03-14 09:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 00:08 - 2019-03-14 09:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 00:08 - 2019-03-14 09:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 00:08 - 2019-03-14 03:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 00:08 - 2019-03-14 03:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 00:08 - 2019-03-14 03:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 00:08 - 2019-03-14 03:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 00:08 - 2019-03-14 03:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-08 14:48 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-08 14:44 - 2017-12-19 02:53 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-08 14:41 - 2018-05-21 15:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-07 23:35 - 2018-03-31 12:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-07 18:00 - 2017-12-20 02:14 - 000000000 ___RD C:\Users\Marco\3D Objects
2019-05-07 16:40 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-07 16:40 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-07 14:32 - 2017-12-16 02:16 - 000000000 ____D C:\Users\Marco\AppData\Local\Packages
2019-05-07 13:05 - 2018-12-22 16:31 - 000000000 ____D C:\Users\Marco\AppData\Roaming\.ACEStream
2019-05-07 13:01 - 2018-05-21 15:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-07 12:59 - 2017-12-29 00:22 - 000000000 ____D C:\Users\Marco\Documents\Cracking Pack [Ghost]
2019-05-07 12:59 - 2017-12-28 23:49 - 000000000 ____D C:\Users\Marco\Documents\Sentry MBA 1.4.1
2019-05-07 08:55 - 2017-12-20 03:53 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-07 00:17 - 2019-01-04 20:57 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-05-07 00:17 - 2019-01-04 20:56 - 000000000 ____D C:\ProgramData\Lavasoft
2019-05-07 00:17 - 2017-12-30 15:50 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-05-07 00:06 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-07 00:06 - 2018-03-19 19:54 - 000000000 ____D C:\Users\Marco\AppData\Local\CrashDumps
2019-05-07 00:06 - 2017-12-26 11:48 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-07 00:04 - 2018-05-21 15:22 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-07 00:04 - 2017-12-20 03:53 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-06 23:23 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Local\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\Users\Marco\AppData\Roaming\IObit
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\ProgramData\IObit
2019-05-06 23:22 - 2018-05-21 15:09 - 000000000 ____D C:\Users\Marco
2019-05-06 23:02 - 2018-11-14 14:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-06 23:02 - 2018-05-24 23:08 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:02 - 2018-05-24 23:08 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:02 - 2018-05-21 15:22 - 000003314 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1514737750
2019-05-06 23:02 - 2018-05-21 15:22 - 000003244 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2019-05-06 23:02 - 2018-05-21 15:22 - 000003056 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006
2019-05-06 23:02 - 2018-05-21 15:22 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:02 - 2018-05-21 15:22 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2713763906-1647206067-2837485295-1006
2019-05-06 23:02 - 2018-05-21 15:22 - 000002800 _____ C:\WINDOWS\System32\Tasks\update-sys
2019-05-06 23:01 - 2018-12-23 01:34 - 000002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-05-06 23:01 - 2018-12-11 13:32 - 000002502 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center
2019-05-06 23:01 - 2018-07-22 23:56 - 000002820 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-79793IC-Marco
2019-05-06 23:01 - 2018-07-22 23:56 - 000002774 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-79793IC-Marco
2019-05-06 23:01 - 2018-05-24 23:08 - 000003152 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-24 23:08 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-24 23:08 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-06 23:01 - 2018-05-21 15:22 - 000003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-06 23:01 - 2018-05-21 15:22 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-06 23:01 - 2018-05-21 15:22 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000003258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-06 23:01 - 2018-05-21 15:22 - 000003196 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-05-06 23:01 - 2018-05-21 15:22 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-05-06 20:53 - 2018-04-21 15:39 - 000000000 ____D C:\Users\Marco\AppData\Local\Spotify
2019-05-06 19:15 - 2018-04-21 15:35 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Spotify
2019-05-06 14:08 - 2018-05-21 15:20 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-06 14:08 - 2018-04-12 18:19 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-05-06 14:08 - 2018-04-12 18:19 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-05-06 01:48 - 2019-03-07 14:48 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-05 22:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-04 15:22 - 2017-12-28 16:18 - 000000000 ____D C:\Users\Marco\AppData\Local\SquirrelTemp
2019-05-04 01:27 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-28 13:40 - 2018-11-14 14:51 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-27 17:42 - 2018-08-18 16:34 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Slack
2019-04-25 19:11 - 2019-03-25 17:52 - 000000000 ____D C:\Users\Marco\AppData\Roaming\FileZilla
2019-04-25 19:11 - 2017-12-28 13:45 - 000000000 ____D C:\Users\Marco\AppData\Roaming\BitTorrent
2019-04-25 16:01 - 2018-08-18 16:34 - 000000000 ____D C:\Users\Marco\AppData\Local\slack
2019-04-25 16:00 - 2018-08-18 16:34 - 000002201 _____ C:\Users\Marco\Desktop\Slack.lnk
2019-04-25 16:00 - 2018-08-18 16:34 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-04-25 14:16 - 2018-03-18 00:49 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-04-25 14:04 - 2018-05-22 02:27 - 000000000 ____D C:\Users\Marco\AppData\Local\D3DSCache
2019-04-25 13:32 - 2018-11-14 14:49 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 13:32 - 2018-11-14 14:49 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 13:31 - 2019-02-13 16:45 - 000257832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-04-25 13:31 - 2018-11-14 14:49 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 13:31 - 2018-11-14 14:49 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 13:31 - 2018-11-14 14:49 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 13:31 - 2018-11-14 14:49 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-25 13:31 - 2018-11-14 14:49 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-25 13:31 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-25 13:30 - 2019-01-14 18:08 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 13:30 - 2019-01-07 14:41 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 13:30 - 2019-01-07 14:41 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 13:30 - 2019-01-07 14:41 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 13:30 - 2019-01-07 14:41 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-04-25 13:30 - 2018-11-14 14:49 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 13:30 - 2018-11-14 14:49 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-23 16:21 - 2018-01-12 00:21 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-04-22 19:20 - 2018-12-11 19:44 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-22 17:29 - 2017-12-31 18:29 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-04-22 17:29 - 2017-12-31 17:58 - 000000000 ____D C:\Program Files\Opera
2019-04-21 15:17 - 2017-12-19 02:53 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-21 15:03 - 2018-03-18 20:37 - 000000000 ____D C:\Users\Marco\AppData\Local\NVIDIA
2019-04-21 14:47 - 2017-12-19 02:53 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-21 14:46 - 2018-03-18 20:37 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-04-21 14:45 - 2017-12-19 02:52 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-20 00:35 - 2018-05-21 15:09 - 000002401 _____ C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-20 00:35 - 2017-12-16 02:18 - 000000000 ___RD C:\Users\Marco\OneDrive
2019-04-11 18:01 - 2017-12-21 02:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 18:31 - 2018-05-05 23:56 - 000000000 ____D C:\Users\Marco\AppData\Roaming\EasyAntiCheat
2019-04-10 18:15 - 2018-05-21 15:05 - 000400304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 18:12 - 2018-04-12 18:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-10 18:12 - 2018-04-12 01:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 18:12 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 18:12 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-10 18:12 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 13:51 - 2018-05-06 03:14 - 005045704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-04-10 00:07 - 2015-12-13 01:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 23:59 - 2015-12-13 01:49 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 15:40 - 2018-05-06 03:14 - 000049910 _____ C:\WINDOWS\system32\nvinfo.pb
2019-04-09 13:43 - 2017-12-19 02:54 - 005365744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 000651576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-04-09 13:43 - 2017-12-19 02:54 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-04-09 12:08 - 2017-12-19 02:54 - 008530822 _____ C:\WINDOWS\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2018-12-11 18:36 - 2018-12-11 18:36 - 000003312 _____ () C:\Users\Marco\installshield_scm.reg
2018-12-11 18:36 - 2018-12-11 18:36 - 000001854 _____ () C:\Users\Marco\scm.reg
2018-11-04 20:09 - 2018-11-04 20:09 - 000001725 _____ () C:\Program Files (x86)\Vinstall.log
2018-09-28 17:57 - 2018-09-28 17:57 - 000000000 _____ () C:\Users\Marco\AppData\Local\oobelibMkey.log
2017-12-30 15:50 - 2017-12-30 15:50 - 000000003 _____ () C:\Users\Marco\AppData\Local\updater.log
2017-12-30 15:50 - 2017-12-30 15:50 - 000000425 _____ () C:\Users\Marco\AppData\Local\UserProducts.xml
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019
Ran by Marco (08-05-2019 14:50:06)
Running from C:\Users\Marco\Desktop
Windows 10 Pro Version 1803 17134.706 (X64) (2018-05-21 13:23:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-2713763906-1647206067-2837485295-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2713763906-1647206067-2837485295-503 - Limited - Disabled)
Invitado (S-1-5-21-2713763906-1647206067-2837485295-501 - Limited - Disabled)
Marco (S-1-5-21-2713763906-1647206067-2837485295-1006 - Administrator - Enabled) => C:\Users\Marco
WDAGUtilityAccount (S-1-5-21-2713763906-1647206067-2837485295-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Actualización de NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_1_2) (Version: 15.1.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_1_2) (Version: 12.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_5) (Version: 19.1.5 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_2) (Version: 12.1.2 - Adobe Systems Incorporated)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)
Age of Empires III - The Napoleonic Era version 2.1.8 (HKLM-x32\...\{647233CC-A29F-4961-9CB0-50AD445C7238}_is1) (Version: 2.1.8 - Napoleonic Era Team)
Age of Empires: Definitive Edition (HKLM-x32\...\Age of Empires: Definitive Edition_is1) (Version: - )
Apple Application Support (32 bits) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1807.0401 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1807.0401 - Micro-Star International Co., Ltd.)
BitPay versión 4.4.0 (HKLM-x32\...\2d1002d7-ee34-4f60-bd29-0c871ba0c195_is1) (Version: 4.4.0 - BitPay)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
Crusader Kings 2: Horse Lords + Other DLCs (HKLM-x32\...\Crusader Kings 2: Horse Lords + Other DLCs_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dark Souls 3 (HKLM-x32\...\Dark Souls 3_is1) (Version: - )
Discord (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Discord) (Version: 0.0.305 - Discord Inc.)
Discord (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Dragon Gaming Center (HKLM-x32\...\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1701.0601 - Micro-Star International Co., Ltd.) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1701.0601 - Micro-Star International Co., Ltd.)
Eines de correcció del Microsoft Office 2016: català (HKLM-x32\...\{90160000-001F-0403-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ELAN Touchpad 15.13.8.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.8.2 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{9B504F12-DA3B-4CEC-A6FD-B07D6C1FEA26}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Europa Universalis IV: Common Sense (HKLM-x32\...\Europa Universalis IV: Common Sense_is1) (Version: - )
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM-x32\...\{90160000-001F-0456-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
FileZilla Client 3.41.2 (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\FileZilla Client) (Version: 3.41.2 - Tim Kosse)
FileZilla Client 3.41.2 (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\FileZilla Client) (Version: 3.41.2 - Tim Kosse)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version: - )
FMRTE 19.1.5.17 (HKLM\...\{3AA526E7-B7BB-409A-A6C3-157BDF1AB0E5}_is1) (Version: 19.1.5.17 - FMRTE)
FMSE19 (HKLM\...\{C8746BC0-6B45-4681-8C36-40B55A58753D}) (Version: 2.1.6.0 - AppCake Limited) Hidden
FMSE19 (HKLM-x32\...\{43c70fc9-992f-49f5-bbab-8ad6b8c055fc}) (Version: 2.1.6.0 - AppCake Limited)
Football Manager 2019 (HKLM-x32\...\Football Manager 2019_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hourglass (HKLM-x32\...\{6ce69131-210d-4228-aa70-aac39cb739bc}) (Version: 1.9.0.0 - Chris Dziemborowicz)
Hourglass (HKLM-x32\...\{A890EA6C-D580-4E4E-A6D3-DF7F00DDC4B5}) (Version: 1.9.0.0 - Chris Dziemborowicz) Hidden
iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{4E53939F-5A1D-4D2D-9173-D0C7D0D0F87E}) (Version: 6.0.2.8 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
iTunes (HKLM\...\{8EFBAE53-223A-4C6D-98DC-ED3D649A4C40}) (Version: 12.9.2.6 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 11.1.0 - JPEXS)
JuegoDomino (HKLM-x32\...\{0F2E223E-1BCD-4A4E-9125-F450B68CCCC2}) (Version: 1.08.009 - )
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
K-Lite Mega Codec Pack 12.1.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
LonelyScreen 1.2 (HKLM-x32\...\LonelyScreen AirPlay Receiver_is1) (Version: 1.2 - IMTIGER Technologies Inc.)
LonelyScreen 1.2.16 (HKLM-x32\...\LonelyScreen_is1) (Version: 1.2.16 - IMTIGER Technologies Inc.)
LOOT versión 0.13.4 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.4 - LOOT Team)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Motorsport Manager (HKLM-x32\...\Motorsport Manager_is1) (Version: - )
Mozilla Firefox 65.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0.1 (x64 es-ES)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Time at Portia (HKLM-x32\...\My Time at Portia_is1) (Version: - )
Net Dominó 4.5b (HKLM-x32\...\Net Dominó 4.5b) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NordVPN (HKLM-x32\...\{F11DDED0-213C-41B7-B120-514E402A7B53}) (Version: 6.19.6 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.19.6) (Version: 6.19.6 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.1.1 - Duodian Technology Co. Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de gráficos 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NyxLauncher (HKLM-x32\...\NyxLauncher_is1) (Version: - Softnyx co.,ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OpenVPN 2.4.6-I602 (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.132 (HKLM-x32\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
Oracle VM VirtualBox 5.2.4 (HKLM\...\{33042B56-E453-40AB-B313-0EB544FAC0F9}) (Version: 5.2.4 - Oracle Corporation)
Outward (HKLM-x32\...\Outward_is1) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.128.0.10 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Panel de control de NVIDIA 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 425.31 - NVIDIA Corporation) Hidden
PokeMMO (HKLM\...\PokeMMO_is1) (Version: - PokeMMO)
Python 2.7.8 (64-bit) (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DE}) (Version: 2.7.8150 - Python Software Foundation)
qBittorrent 4.1.4 (HKLM-x32\...\qBittorrent) (Version: 4.1.4 - The qBittorrent project)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM-x32\...\{90160000-001F-0416-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Skype versión 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\slack) (Version: 3.4.0 - Slack Technologies)
Slack (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\slack) (Version: 3.4.0 - Slack Technologies)
Soda Player (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\sodaplayer) (Version: 1.4.2 - Soda Player)
Soda Player (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\sodaplayer) (Version: 1.4.2 - Soda Player)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Spotify) (Version: 1.1.5.153.gf614956d - Spotify AB)
Spotify (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Spotify) (Version: 1.1.5.153.gf614956d - Spotify AB)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.9.2015.1 - SteelSeries)
SteelSeries Engine 3.12.9 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.9 - SteelSeries ApS)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\TeamSpeak 3 Client) (Version: 3.1.7 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.4.3 (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.4.3 - Telegram Messenger LLP)
Telegram Desktop version 1.4.3 (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.4.3 - Telegram Messenger LLP)
Tenorshare iCareFone 5.4.2.2 (HKLM-x32\...\{Tenorshare iCareFone}_is1) (Version: 5.4.2.2 - Tenorshare, Inc.)
The Elder Scrolls: Skyrim SE (HKLM-x32\...\The Elder Scrolls: Skyrim SE_is1) (Version: - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Twitch (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.16.12 - Black Tree Gaming Ltd.)
Wars of Liberty version 1.0.9g (HKLM-x32\...\{EB448764-CABB-4766-8055-495AEA292020}_is1) (Version: 1.0.9g - Wars of Liberty Team)
WhatsApp (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Windows Movie Maker 2018 (HKLM\...\{3CC29C6A-B5FE-427B-8F23-52A2557A92C2}}_is1) (Version: - VideoWin)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Marco\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Marco\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () [File not signed]
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Marco\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-11-13] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Marco\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-06] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
==================== Loaded Modules (Whitelisted) ==============
2015-06-11 22:32 - 2015-06-11 22:32 - 000057344 _____ ( ) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\Interop.BSteelLinkLib.dll
2019-05-07 16:41 - 2019-05-07 16:41 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\21a27e36-68aa-4d7f-8f9d-fa16ced2169e.tmp.node
2019-05-07 16:40 - 2019-05-07 16:40 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\bcf5a91d-e863-4277-b08f-dffde8e9bea2.tmp.node
2018-05-24 14:45 - 2018-05-24 14:45 - 000250368 _____ () [File not signed] C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030720 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000029696 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030720 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000034304 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030208 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000115200 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030720 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000011264 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000031744 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000015872 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000159744 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000189440 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030720 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000504832 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 009315328 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-10-08 17:30 - 2014-10-08 17:30 - 000047616 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-10-08 17:30 - 2014-10-08 17:30 - 001102336 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000011264 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000030208 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000020992 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000023040 _____ () [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 000470016 _____ () [File not signed] C:\Users\Marco\AppData\Local\MEGAsync\ShellExtX64.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000053248 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000091648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001016832 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000027648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000036352 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000046592 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000050688 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001410048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000372736 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 005892096 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000318976 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 003552768 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000018944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000273000 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000350720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 002386432 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000723968 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000040448 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000066048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000082944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000031232 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000112142 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002977792 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000334336 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000061952 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000014848 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000358912 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000110080 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000010240 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\select.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000551424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000687104 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000098816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000111616 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000167424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000024064 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000035840 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000966144 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000981504 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000746496 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000674816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000670720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2018-12-11 13:37 - 2012-11-01 12:21 - 000325120 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2018-12-11 13:37 - 2012-11-01 12:23 - 000089600 _____ () [File not signed] C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2018-12-11 13:37 - 2011-09-22 20:04 - 000238080 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\CTLoadRs.dll
2018-12-11 13:37 - 2013-08-16 16:59 - 000711680 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
2018-06-22 09:41 - 2018-06-22 09:41 - 020468224 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avcodec-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 005897216 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avformat-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000481280 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avutil-54.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000279552 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\swresample-1.dll
2018-08-20 22:53 - 2018-08-20 22:53 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2018-08-20 22:53 - 2018-08-20 22:53 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2014-10-08 17:30 - 2014-10-08 17:30 - 000200704 _____ (ICSharpCode.net) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\ICSharpCode.SharpZipLib.dll
2017-12-25 14:32 - 2016-10-04 16:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000640000 _____ (Microsoft Corporation) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\dbghelp.dll
2014-01-22 11:44 - 2014-01-22 11:44 - 000075912 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> ) [File not signed] C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2017-01-06 15:04 - 2017-01-06 15:04 - 006097688 _____ (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
2009-07-09 16:54 - 2009-07-09 16:54 - 000160768 _____ (Micro-Star International Co., Ltd.) [File not signed] C:\WINDOWS\SysWOW64\MSIService.exe
2015-06-11 22:33 - 2015-06-11 22:33 - 000027136 _____ (Protolog Systems Ltd.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\D3HeadsetPlugin.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000024064 _____ (Protolog Systems Ltd.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\PluginAbstract.dll
2015-06-11 22:33 - 2015-06-11 22:33 - 000125440 _____ (Protolog Systems Ltd.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\VoicePlugin.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002639872 _____ (Python Software Foundation) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\PYTHON27.DLL
2015-06-11 22:33 - 2015-06-11 22:33 - 000087040 _____ (SteelSeries ApS) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
2012-01-19 19:19 - 2012-01-19 19:19 - 001099776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\LIBEAY32.dll
2012-01-19 19:20 - 2012-01-19 19:20 - 000237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\SSLEAY32.dll
2015-06-11 22:32 - 2015-06-11 22:32 - 000653824 _____ (TODO: <Company name>) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\BSteelLink.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000122368 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 001300992 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000730112 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 003165184 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000479744 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 09:24 - 2019-01-07 02:00 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-05-23 01:46 - 2018-05-23 01:46 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150232\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\StartupApproved\Run: => "NordVPN"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [UDP Query User{849C7478-99E9-4872-96A9-66562701CCC2}C:\users\marco\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marco\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{50D5F7D8-8363-4B30-ABA6-D53E973AB8EA}C:\users\marco\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marco\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{366B4D2A-A198-4F86-BAFA-171C78D8E86E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive) [File not signed]
FirewallRules: [{65A4414D-676B-4D6A-ADDA-D7E58E65E2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive) [File not signed]
FirewallRules: [UDP Query User{DE0DDC45-7C3D-4CDC-A005-75B08DDEDC0B}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [TCP Query User{754BCF95-DB92-4B5E-B535-458C93676445}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{FABD2B1A-D1F2-45B5-AB5F-CC1AD3EF3914}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C85005F1-79E8-4DF4-B2B3-7270D6CA9B87}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{59D8F393-10B1-4256-A374-E7B5552A2961}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [TCP Query User{0C74CCED-6ADB-4E6E-B3A9-117D1DA400D7}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [UDP Query User{C813AEB1-0F7C-4DCB-B78A-BF0B506F1C1A}C:\users\marco\downloads\easy cash version 1.1 www.ebookleaks.org\merakettik\amped.exe] => (Allow) C:\users\marco\downloads\easy cash version 1.1 www.ebookleaks.org\merakettik\amped.exe (AMPED) [File not signed]
FirewallRules: [TCP Query User{41BC870B-5BF1-4540-8365-8E36AB3444FE}C:\users\marco\downloads\easy cash version 1.1 www.ebookleaks.org\merakettik\amped.exe] => (Allow) C:\users\marco\downloads\easy cash version 1.1 www.ebookleaks.org\merakettik\amped.exe (AMPED) [File not signed]
FirewallRules: [UDP Query User{2F8D021F-F253-46C5-A2C5-D335F1D4A147}C:\game\softnyxgame\nyxlauncherls\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncherls\full_downloader.exe (Softnyx Co., Ltd. -> )
FirewallRules: [TCP Query User{D59A5ACA-99BC-4156-A6FB-B433AE159843}C:\game\softnyxgame\nyxlauncherls\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncherls\full_downloader.exe (Softnyx Co., Ltd. -> )
FirewallRules: [{A3434E94-A651-4330-887D-998CA9EC2F9C}] => (Allow) C:\Users\Marco\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{071F9952-9E57-45F0-82C5-2AAC12BA0DE7}] => (Allow) C:\Users\Marco\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{652482BC-B016-4BBB-875B-80E78F2954FE}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> )
FirewallRules: [{4ED6B70D-EBFF-4075-8F5A-B7BF8786A557}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> Duodian Technology Co. Ltd.)
FirewallRules: [{D2724845-6F0C-496D-9C64-DA495D0FB67D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{53D297FA-CFE7-4B65-A70B-E384A9634A28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7062D26C-A07E-4E52-9580-C6C7527B2605}F:\games\tennis elbow full crackeado\tennis.elbow.2013.v1.0i\tenniselbow.exe] => (Allow) F:\games\tennis elbow full crackeado\tennis.elbow.2013.v1.0i\tenniselbow.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [UDP Query User{D5C4756C-615A-4590-893B-9641EF4D6369}F:\games\tennis elbow full crackeado\tennis.elbow.2013.v1.0i\tenniselbow.exe] => (Allow) F:\games\tennis elbow full crackeado\tennis.elbow.2013.v1.0i\tenniselbow.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [{6375E0CD-BDD4-4FC1-A043-30DE89484376}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{963AD753-4F90-41F9-926A-0BC6833363A3}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4C0835F5-FD59-47CD-9DDC-BC6EA7AFAE67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56CDA4C7-34C8-40D2-AB89-A5E90BA1BF00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2112FFB9-27A6-4CA4-9F6A-8BC242531464}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{DE35E7B7-3568-4B4F-8D89-FCBF952023EB}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{00DAA289-FF68-49CA-B047-2A6CA6F621DE}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{D902CC81-2AB4-4B80-88BB-B2DF55B1E460}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [TCP Query User{4C84ED18-1E1A-4B27-8BFA-23D36DF7EFA2}C:\users\marco\desktop\fate.undiscovered.realms.v1.1.12.000\fate.undiscovered.realms.v1.1.12.000\fate.exe] => (Allow) C:\users\marco\desktop\fate.undiscovered.realms.v1.1.12.000\fate.undiscovered.realms.v1.1.12.000\fate.exe () [File not signed]
FirewallRules: [UDP Query User{AAB19901-E417-4E9B-9485-8C92D808F99E}C:\users\marco\desktop\fate.undiscovered.realms.v1.1.12.000\fate.undiscovered.realms.v1.1.12.000\fate.exe] => (Allow) C:\users\marco\desktop\fate.undiscovered.realms.v1.1.12.000\fate.undiscovered.realms.v1.1.12.000\fate.exe () [File not signed]
FirewallRules: [{9C5584DB-24AF-4915-B964-1308F71C4E6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1291A218-5487-44EF-839C-1D964646CD2D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{9BF2312F-5811-4478-9731-0AA486B36CE5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{D644C2EF-26D8-4DBE-9782-CAF67FC8A87D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [{523A8D47-6632-4A1F-8CCD-792CEBAEEDCE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22573A3A-3646-432F-8E32-C68C0392B555}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B48D3C6A-DE17-4F09-A690-DE867302AFDE}F:\games\football manager 2019\fm.exe] => (Allow) F:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [UDP Query User{6E8CCA1D-4AE8-482E-BBF2-268210C958F4}F:\games\football manager 2019\fm.exe] => (Allow) F:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{F8F1A722-2238-48A2-B584-08E27F092385}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8D1D8895-B60A-416B-8167-D8FE0354D3D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{2BA4B8D0-9591-4EE2-808B-15DA8F0BF5A0}C:\braca soft\fmrte 19\amped.exe] => (Allow) C:\braca soft\fmrte 19\amped.exe (AMPED) [File not signed]
FirewallRules: [UDP Query User{618BD2AF-F862-4F7C-A91F-47CEEA2F2E21}C:\braca soft\fmrte 19\amped.exe] => (Allow) C:\braca soft\fmrte 19\amped.exe (AMPED) [File not signed]
FirewallRules: [{3120894F-20D1-4D3D-9874-BD77ABD0A654}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{9033CC18-BE4C-4A0B-B9FB-846585FEA3A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B481911D-3250-48C8-9ED9-1689D80302B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{B108ADEB-0CC6-414B-A0B1-54D41222B808}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{1D818691-1EEF-4F13-B527-3BCFC376842C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0155E40F-AA98-4616-A8F0-01BE5617DF19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{56D43175-CC91-4D97-AAAB-8EEAE11A10AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{60F1B9CF-77FA-40D1-8598-9C72E3336325}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EEC3765E-CE01-4FDF-AE11-B103AF4852D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3DCC2C41-7FFF-4540-9283-84EC2FC70D68}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{588A8D98-9058-495C-A763-1B8AA307F70E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{50B8B109-B439-4370-ACAD-E965A0BAE2A1}F:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) F:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{11A44A09-81EF-4590-9040-75D2EC0346ED}F:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) F:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{CE9BE09A-1566-4447-B193-D09AC794361E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{9BF19180-F6E2-40F9-8BBB-8139C50B9169}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{DA46FA7C-38A2-4086-8C7B-3DD8B54A9F92}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{890D5E4E-02FD-4F64-9F17-0A17A7D75AC6}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [TCP Query User{BA2C42DA-CFA9-4BB2-ABA2-20A332644630}F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{CCC7DE5C-1F6F-44C2-966F-6008A5B80503}F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) F:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{F6F44B36-787E-44AF-BCC7-7CD78005D556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory 2\nxsteam\nxsteam.exe (NEXON Korea Corporation. -> NEXON)
FirewallRules: [{C6F421A0-D463-413B-9A7A-FD323DA6ACBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory 2\nxsteam\nxsteam.exe (NEXON Korea Corporation. -> NEXON)
FirewallRules: [{E680880C-3253-4541-8F72-EB96B2B2C472}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{1BEFA271-484A-42A6-9120-6F1D6AE47A09}F:\subnautica\subnautica.exe] => (Allow) F:\subnautica\subnautica.exe () [File not signed]
FirewallRules: [UDP Query User{37524DA6-1DD4-47E5-9648-B2982C97C292}F:\subnautica\subnautica.exe] => (Allow) F:\subnautica\subnautica.exe () [File not signed]
FirewallRules: [TCP Query User{5F7DC92A-8616-461E-9259-84E1AFFFBEAD}C:\users\marco\appdata\local\sodaplayer\app-1.4.2\soda player.exe] => (Allow) C:\users\marco\appdata\local\sodaplayer\app-1.4.2\soda player.exe (Soda Player) [File not signed]
FirewallRules: [UDP Query User{32DAC2B9-C506-44EC-A113-274C54575158}C:\users\marco\appdata\local\sodaplayer\app-1.4.2\soda player.exe] => (Allow) C:\users\marco\appdata\local\sodaplayer\app-1.4.2\soda player.exe (Soda Player) [File not signed]
FirewallRules: [TCP Query User{A86372BF-D13D-49B9-9516-AB8313EF9C6E}F:\age of empires iii - complete collection\age3n.exe] => (Allow) F:\age of empires iii - complete collection\age3n.exe (Microsoft Corporation -> Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{941B392C-2D6E-4219-AA5A-2A6D81C4EAD8}F:\age of empires iii - complete collection\age3n.exe] => (Allow) F:\age of empires iii - complete collection\age3n.exe (Microsoft Corporation -> Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{AD1800D0-0C92-4306-AB2D-5F5E6005A04C}F:\games\age of empires iii - complete collection\age3y.exe] => (Allow) F:\games\age of empires iii - complete collection\age3y.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{6D2B7F7D-BF79-428C-A41F-B365BE17F51A}F:\games\age of empires iii - complete collection\age3y.exe] => (Allow) F:\games\age of empires iii - complete collection\age3y.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{B1872F40-B38D-4533-A157-633440496ED7}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F638C7B7-996B-43F2-828B-50084116CC4C}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{376F113A-1D3A-43E8-87B3-0F53BA2F786E}F:\cemu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe] => (Allow) F:\cemu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe () [File not signed]
FirewallRules: [UDP Query User{1C9466CF-45FB-4CF6-B7FF-5B592CCC52BF}F:\cemu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe] => (Allow) F:\cemu\wii u usb helper 0.6.1.616\usbhelperlauncher.exe () [File not signed]
FirewallRules: [TCP Query User{0E615533-51F8-43CE-A160-F86C538D620D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{75D3F4A3-8EC8-4451-A810-A6C733A7619F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{FE960FFE-D0BD-4C89-A1B6-BDBB0DF75F10}] => (Allow) F:\SteamLibrary\steamapps\common\Tennis Elbow 2013\TennisElbow.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [{24AF9309-2C19-4DAF-9AAB-BF16D8BC2583}] => (Allow) F:\SteamLibrary\steamapps\common\Tennis Elbow 2013\TennisElbow.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [{D5773690-094C-439A-8563-38B293CA31E0}] => (Allow) F:\SteamLibrary\steamapps\common\Tennis Elbow 2013\Config.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [{37CB6745-3343-40B0-960C-4738F52F7444}] => (Allow) F:\SteamLibrary\steamapps\common\Tennis Elbow 2013\Config.exe (Emmanuel Rivoire -> Mana Games)
FirewallRules: [{D5667760-18FD-447B-93AA-F300DE1F0FBC}] => (Allow) F:\Games\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{AD42598D-168B-4688-99DF-37B583769CEC}] => (Allow) F:\Games\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{07C14434-0936-4B62-8F9F-D744B1E7748F}] => (Allow) F:\Games\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{163C6A7D-2FEF-4D09-A307-778FEAF56B63}] => (Allow) F:\Games\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{3F5B92A0-6C69-41D5-9034-86A2D9FB610C}] => (Allow) F:\SteamLibrary\steamapps\common\Battlerite Royale\BattleriteRoyale.exe (Stunlock Studios AB -> )
FirewallRules: [{FBB315CA-D6F1-42A9-9D80-501A61D11E97}] => (Allow) F:\SteamLibrary\steamapps\common\Battlerite Royale\BattleriteRoyale.exe (Stunlock Studios AB -> )
FirewallRules: [{F454EBE4-2986-45D0-9BFF-DC9D0BC0BDA1}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{9AA2E57A-473E-4E1C-AB88-994E32824234}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B0D0E63-40BE-4017-A857-DD4BBD99D444}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62240F96-F319-4CC4-91DF-E4BD2DBC53C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{178F1DF4-63BD-4F76-8BB1-802FDC82D016}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{66C0943A-AF0C-417A-849B-45F315DC6A26}] => (Allow) C:\Program Files\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{6E442E6D-FE51-438A-A8CD-78B917FC3FE5}] => (Allow) F:\SteamLibrary\steamapps\common\Motorsport Manager\MM.exe () [File not signed]
FirewallRules: [{F633A3A1-A8F2-478A-9162-48BBD8D2962D}] => (Allow) F:\SteamLibrary\steamapps\common\Motorsport Manager\MM.exe () [File not signed]
FirewallRules: [{7C2CA742-3E56-43F6-A046-2D1EEFA48953}] => (Allow) F:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe (Sandbox Interactive GmbH -> Sandbox Interactive GmbH)
FirewallRules: [{A9C18A0A-A7D0-4B97-ACB8-3170B5EB518A}] => (Allow) F:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe (Sandbox Interactive GmbH -> Sandbox Interactive GmbH)
FirewallRules: [{A721E02C-AC10-4DCB-92B7-179198D5C5CA}] => (Allow) C:\Users\Marco\Downloads\icarefone.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd)
FirewallRules: [{5446B560-272F-4B5B-9F8E-BD52718AD71C}] => (Allow) C:\Users\Marco\Downloads\icarefone.exe (Tenorshare Co.,Ltd. -> Tenorshare Co.Ltd)
FirewallRules: [TCP Query User{2BD0DA0A-AB2E-4340-89AB-2454390D55EF}C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [UDP Query User{EBD5CECD-14ED-4454-8CC9-3FBEE0F1C802}C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\marco\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [{83F9586B-33C3-4532-990B-D64C4B3EF504}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
27-04-2019 11:21:23 Punto de control programado
04-05-2019 01:26:35 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2019 11:01:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MM.exe, versión: 5.3.8.32307, marca de tiempo: 0x591dda4e
Nombre del módulo con errores: USER32.dll, versión: 10.0.17134.376, marca de tiempo: 0x17011bdc
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x0000000000012441
Identificador del proceso con errores: 0x4690
Hora de inicio de la aplicación con errores: 0x01d5044e7eab857a
Ruta de acceso de la aplicación con errores: F:\SteamLibrary\steamapps\common\Motorsport Manager\MM.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\USER32.dll
Identificador del informe: df984576-7828-49b3-afb4-0a35a835693d
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (05/06/2019 11:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: nvcontainer.exe, versión: 1.15.2586.5913, marca de tiempo: 0x5c75252f
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xb9f4a0f1
Código de excepción: 0xe06d7363
Desplazamiento de errores: 0x000000000003a388
Identificador del proceso con errores: 0xd50
Hora de inicio de la aplicación con errores: 0x01d50404c3a487aa
Ruta de acceso de la aplicación con errores: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: dac78835-f633-49dc-aae7-bfd9b95fbe51
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (05/06/2019 11:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MM.exe, versión: 5.3.8.32307, marca de tiempo: 0x591dda4e
Nombre del módulo con errores: USER32.dll, versión: 10.0.17134.376, marca de tiempo: 0x17011bdc
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000012441
Identificador del proceso con errores: 0x4690
Hora de inicio de la aplicación con errores: 0x01d5044e7eab857a
Ruta de acceso de la aplicación con errores: F:\SteamLibrary\steamapps\common\Motorsport Manager\MM.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\USER32.dll
Identificador del informe: 244e4f00-4b25-4a40-8ec9-8de0f545bf59
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (05/06/2019 01:57:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (320,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\Marco\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (05/06/2019 01:57:56 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (320,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Marco\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error: (05/06/2019 12:43:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa LockApp.exe, versión 10.0.17134.1, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.
Identificador de proceso: 7d48
Hora de inicio: 01d50393d68f16e1
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Identificador de informe: 6d384071-e6fb-4b2f-985e-eba37234117b
Nombre completo de paquete con errores: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: WindowsDefaultLockScreen
Error: (05/05/2019 11:29:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3562
Error: (05/05/2019 11:29:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3562
System errors:
=============
Error: (05/08/2019 02:45:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1053" al intentar iniciar el servicio gupdate con argumentos "/comsvc" para ejecutar el servidor:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (05/08/2019 02:45:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Google Update Servicio (gupdate) no pudo iniciarse debido al siguiente error:
El servicio no respondió a tiempo a la solicitud de inicio o de control.
Error: (05/08/2019 02:45:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Google Update Servicio (gupdate).
Error: (05/07/2019 11:16:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
Se ha bloqueado la descarga de este controlador
Error: (05/07/2019 11:16:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marco\AppData\Local\Temp\ehdrv.sys
Error: (05/07/2019 11:16:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
Se ha bloqueado la descarga de este controlador
Error: (05/07/2019 11:16:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marco\AppData\Local\Temp\ehdrv.sys
Error: (05/07/2019 11:16:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
Se ha bloqueado la descarga de este controlador
Windows Defender:
===================================
Date: 2018-05-21 15:25:43.500
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:4504,ProcessStart:131713820061941045;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFD08A3-D1A1-46FB-B8DD-710ACD2E0E41};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT Authority\System
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de firma: AV: 1.267.965.0, AS: 1.267.965.0, NIS: 1.267.965.0
Versión de motor: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-05-21 15:25:43.171
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\Windows\System32\Tasks\AutoPico Daily Restart;process:_pid:4504,ProcessStart:131713820061941045;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFD08A3-D1A1-46FB-B8DD-710ACD2E0E41};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\Windows\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT Authority\System
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de firma: AV: 1.267.965.0, AS: 1.267.965.0, NIS: 1.267.965.0
Versión de motor: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-05-21 15:25:42.735
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:4504,ProcessStart:131713820061941045;service:_Service KMSELDI
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT Authority\System
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de firma: AV: 1.267.965.0, AS: 1.267.965.0, NIS: 1.267.965.0
Versión de motor: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-05-21 15:23:50.319
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.A&threatid=2147726953&enterprise=0
Nombre: HackTool:Win32/AutoKMS.A
Id.: 2147726953
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\SECOH-QAD.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de firma: AV: 1.267.965.0, AS: 1.267.965.0, NIS: 1.267.965.0
Versión de motor: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2018-05-21 15:23:43.267
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:4504,ProcessStart:131713820061941045
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT Authority\System
Nombre de proceso: C:\Program Files\KMSpico\Service_KMS.exe
Versión de firma: AV: 1.267.965.0, AS: 1.267.965.0, NIS: 1.267.965.0
Versión de motor: AM: 1.1.14800.3, NIS: 1.1.14800.3
Date: 2019-02-13 18:15:10.715
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.281.101.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
Date: 2019-02-13 18:15:10.715
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.281.101.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
Date: 2019-02-13 18:15:10.715
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.281.101.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
Date: 2019-02-13 18:15:10.519
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.281.101.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
Date: 2019-02-13 18:15:10.519
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.281.101.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.15400.5
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
CodeIntegrity:
===================================
Date: 2019-05-08 14:46:38.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:38.655
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:38.320
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:38.319
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:23.621
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:23.620
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:22.968
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-08 14:46:22.967
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. E16GFIMS.515 03/28/2014
Motherboard: Micro-Star International Co., Ltd. MS-16GF
Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 90%
Total physical RAM: 8111.2 MB
Available physical RAM: 771.09 MB
Total Virtual: 13611.2 MB
Available Virtual: 4618.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:486.93 GB) (Free:114.01 GB) NTFS
Drive f: (HDD DATOS) (Fixed) (Total:443.23 GB) (Free:147.39 GB) NTFS
\\?\Volume{0ac4f8a3-ccd7-46d4-bfec-5e71f947d5b1}\ (Recuperación) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c793d077-fb73-4ef1-8309-aa7ba156870c}\ () (Fixed) (Total:0.8 GB) (Free:0.33 GB) NTFS
\\?\Volume{8dca9c6f-126e-4073-b73a-a329ceab22ba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================
Hola @MarKo
Sigue estos pasos:
1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.
- Descarga DelFix en el escritorio de Windows.
- Clic Derecho, “Ejecutar como Administrador”.
- En la ventana principal, marca solamente la casilla “Create Registry Backup”.
- Clic en Run.
Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…
2.- Desactiva Temporalmente tu antivirus.
3.- Abre un nuevo archivo Notepad y copia y pega este contenido:
Start
CloseProcesses:
CreateRestorePoint:
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6C82A2A8-73CF-47C8-9A80-7C415B72D69C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {84B74A1D-5A51-4032-B224-8C9A1EB2AED3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {A42AB5BA-1E43-4C6D-AFB3-7603D33E6C64} - System32\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Task: {AA3F945C-8810-4695-8A3D-EAE01AFC3D59} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BBBF6236-B154-45BD-A5B0-BBB4760A55B0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {CB2C02B6-A7E8-4634-A9B0-8EE7497AE7CB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {CB6BBBB4-5A74-40DC-B369-07F4F844351E} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {DD535E72-EF4F-47B4-90B3-FFBCCF6C5093} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {EA227EB7-CA80-4C61-A76F-0958E6140402} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
C:\Users\Marco\AppData\Roaming\ACEStream
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Extension: (Ace Script) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-22]
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2019-05-07 13:05 - 2018-12-22 16:31 - 000000000 ____D C:\Users\Marco\AppData\Roaming\.ACEStream
2019-05-07 00:17 - 2019-01-04 20:57 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-05-07 00:17 - 2019-01-04 20:56 - 000000000 ____D C:\ProgramData\Lavasoft
2019-05-07 00:17 - 2017-12-30 15:50 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Local\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\Users\Marco\AppData\Roaming\IObit
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\ProgramData\IObit
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
2019-05-07 16:41 - 2019-05-07 16:41 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\21a27e36-68aa-4d7f-8f9d-fa16ced2169e.tmp.node
2019-05-07 16:40 - 2019-05-07 16:40 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\bcf5a91d-e863-4277-b08f-dffde8e9bea2.tmp.node
2018-06-22 09:41 - 2018-06-22 09:41 - 000053248 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000091648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001016832 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000027648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000036352 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000046592 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000050688 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001410048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000372736 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 005892096 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000318976 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 003552768 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000018944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000273000 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000350720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 002386432 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000723968 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000040448 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000066048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000082944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000031232 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000112142 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002977792 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000334336 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000061952 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000014848 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000358912 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000110080 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000010240 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\select.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000551424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000687104 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000098816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000111616 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000167424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000024064 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000035840 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000966144 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000981504 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000746496 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000674816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000670720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 020468224 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avcodec-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 005897216 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avformat-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000481280 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avutil-54.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000279552 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\swresample-1.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002639872 _____ (Python Software Foundation) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\PYTHON27.DLL
2012-01-19 19:19 - 2012-01-19 19:19 - 001099776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\LIBEAY32.dll
2012-01-19 19:20 - 2012-01-19 19:20 - 000237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\SSLEAY32.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000122368 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 001300992 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000730112 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 003165184 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000479744 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
FirewallRules: [UDP Query User{DE0DDC45-7C3D-4CDC-A005-75B08DDEDC0B}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [TCP Query User{754BCF95-DB92-4B5E-B535-458C93676445}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
- Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.
- Ejecutas Frst.exe.
- Presionas el botón Fix y aguardas a que termine.
- La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
- Lo pegas en tu próxima respuesta.
Actualiza Java a su ultima versión: Versión 8 Update 211
Luego de reiniciar, nos comentas como va ahora el equipo.
Salu2.
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Marco (09-05-2019 03:27:09) Run:1
Running from C:\Users\Marco\Desktop
Loaded Profiles: Marco & (Available Profiles: Marco)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
(INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies) C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6C82A2A8-73CF-47C8-9A80-7C415B72D69C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {84B74A1D-5A51-4032-B224-8C9A1EB2AED3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {A42AB5BA-1E43-4C6D-AFB3-7603D33E6C64} - System32\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Task: {AA3F945C-8810-4695-8A3D-EAE01AFC3D59} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BBBF6236-B154-45BD-A5B0-BBB4760A55B0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {CB2C02B6-A7E8-4634-A9B0-8EE7497AE7CB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {CB6BBBB4-5A74-40DC-B369-07F4F844351E} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION
Task: {DD535E72-EF4F-47B4-90B3-FFBCCF6C5093} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {EA227EB7-CA80-4C61-A76F-0958E6140402} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
C:\Users\Marco\AppData\Roaming\ACEStream
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Extension: (Ace Script) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-22]
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2019-05-07 13:05 - 2018-12-22 16:31 - 000000000 ____D C:\Users\Marco\AppData\Roaming\.ACEStream
2019-05-07 00:17 - 2019-01-04 20:57 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-05-07 00:17 - 2019-01-04 20:56 - 000000000 ____D C:\ProgramData\Lavasoft
2019-05-07 00:17 - 2017-12-30 15:50 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-sys.job
2019-05-06 23:23 - 2017-12-30 15:50 - 000000420 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Roaming\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\Users\Marco\AppData\Local\Lavasoft
2019-05-06 23:22 - 2019-01-04 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\Users\Marco\AppData\Roaming\IObit
2019-05-06 23:22 - 2018-12-12 12:14 - 000000000 ____D C:\ProgramData\IObit
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
2019-05-07 16:41 - 2019-05-07 16:41 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\21a27e36-68aa-4d7f-8f9d-fa16ced2169e.tmp.node
2019-05-07 16:40 - 2019-05-07 16:40 - 000497152 _____ () [File not signed] \\?\C:\Users\Marco\AppData\Local\Temp\bcf5a91d-e863-4277-b08f-dffde8e9bea2.tmp.node
2018-06-22 09:41 - 2018-06-22 09:41 - 000053248 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000091648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001016832 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000027648 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000036352 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000046592 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000050688 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 001410048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000372736 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 005892096 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000318976 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 003552768 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000018944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000273000 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 000350720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
2018-08-23 12:23 - 2018-08-23 12:23 - 002386432 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000723968 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000040448 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000066048 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000082944 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000031232 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000112142 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002977792 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000334336 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000061952 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000014848 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000136704 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000358912 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000110080 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000010240 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\select.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000551424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000687104 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000098816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000111616 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000167424 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000024064 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000035840 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000966144 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000981504 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000746496 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000674816 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 000670720 _____ () [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2018-06-22 09:41 - 2018-06-22 09:41 - 020468224 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avcodec-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 005897216 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avformat-56.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000481280 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avutil-54.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000279552 _____ (FFmpeg Project) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\swresample-1.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 002639872 _____ (Python Software Foundation) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\PYTHON27.DLL
2012-01-19 19:19 - 2012-01-19 19:19 - 001099776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\LIBEAY32.dll
2012-01-19 19:20 - 2012-01-19 19:20 - 000237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\SSLEAY32.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000122368 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 001300992 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000730112 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 003165184 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll
2018-06-22 09:41 - 2018-06-22 09:41 - 000479744 _____ (wxWidgets development team) [File not signed] C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
FirewallRules: [UDP Query User{DE0DDC45-7C3D-4CDC-A005-75B08DDEDC0B}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [TCP Query User{754BCF95-DB92-4B5E-B535-458C93676445}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************
Processes closed successfully.
Restore point was successfully created.
C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe => No running process found
C:\Users\Marco\AppData\Roaming\ACEStream\engine\ace_engine.exe => No running process found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C82A2A8-73CF-47C8-9A80-7C415B72D69C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C82A2A8-73CF-47C8-9A80-7C415B72D69C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84B74A1D-5A51-4032-B224-8C9A1EB2AED3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84B74A1D-5A51-4032-B224-8C9A1EB2AED3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A42AB5BA-1E43-4C6D-AFB3-7603D33E6C64}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A42AB5BA-1E43-4C6D-AFB3-7603D33E6C64}" => removed successfully
C:\WINDOWS\System32\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-2713763906-1647206067-2837485295-1006" => removed successfully
C:\Program Files (x86)\Skillbrains => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA3F945C-8810-4695-8A3D-EAE01AFC3D59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA3F945C-8810-4695-8A3D-EAE01AFC3D59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBBF6236-B154-45BD-A5B0-BBB4760A55B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBBF6236-B154-45BD-A5B0-BBB4760A55B0}" => removed successfully
C:\WINDOWS\System32\Tasks\update-sys => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB2C02B6-A7E8-4634-A9B0-8EE7497AE7CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB2C02B6-A7E8-4634-A9B0-8EE7497AE7CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB6BBBB4-5A74-40DC-B369-07F4F844351E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6BBBB4-5A74-40DC-B369-07F4F844351E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD535E72-EF4F-47B4-90B3-FFBCCF6C5093}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD535E72-EF4F-47B4-90B3-FFBCCF6C5093}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA227EB7-CA80-4C61-A76F-0958E6140402}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA227EB7-CA80-4C61-A76F-0958E6140402}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time" => not found
C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job => moved successfully
C:\WINDOWS\Tasks\update-sys.job => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => removed successfully
HKLM\Software\Classes\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => not found
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => removed successfully
HKLM\Software\Classes\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => not found
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\Software\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => moved successfully
FF HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\...\Firefox\Extensions: [[email protected]] - C:\Users\Marco\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-30] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-30] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll => moved successfully
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.32 => removed successfully
C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll => moved successfully
FF Plugin HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Marco\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies) => Error: No automatic fix found for this entry.
C:\Users\Marco\AppData\Roaming\ACEStream => moved successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
CHR Extension: (Ace Script) - C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-22] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => removed successfully
CHR HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\Users\Marco\AppData\Roaming\.ACEStream => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
"C:\Program Files (x86)\Skillbrains" => not found
"C:\WINDOWS\Tasks\update-sys.job" => not found
"C:\WINDOWS\Tasks\update-S-1-5-21-2713763906-1647206067-2837485295-1006.job" => not found
C:\Users\Marco\AppData\Roaming\Lavasoft => moved successfully
C:\Users\Marco\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\Marco\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
C:\Users\Marco\AppData\Local\Temp\21a27e36-68aa-4d7f-8f9d-fa16ced2169e.tmp.node => moved successfully
C:\Users\Marco\AppData\Local\Temp\bcf5a91d-e863-4277-b08f-dffde8e9bea2.tmp.node => moved successfully
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_blist.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_socket.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\apsw.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\select.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32api.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32file.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\win32process.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avcodec-56.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avformat-56.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\avutil-54.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\swresample-1.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\PYTHON27.DLL" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\LIBEAY32.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\SSLEAY32.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_net_vc.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxbase28uh_vc.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_adv_vc.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_core_vc.dll" => not found
"C:\Users\Marco\AppData\Roaming\ACEStream\engine\lib\wxmsw28uh_html_vc.dll" => not found
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE0DDC45-7C3D-4CDC-A005-75B08DDEDC0B}C:\program files\java\jre1.8.0_161\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{754BCF95-DB92-4B5E-B535-458C93676445}C:\program files\java\jre1.8.0_161\bin\javaw.exe" => removed successfully
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local* 11 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 2 mientras los medios
est‚n desconectados.
Adaptador de Ethernet Ethernet:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de Ethernet Ethernet 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de Ethernet Ethernet 4:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de rea local* 11:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de rea local* 12:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Wi-Fi:
Sufijo DNS espec¡fico para la conexi¢n. . :
V¡nculo: direcci¢n IPv6 local. . . : fe80::2431:f5b8:de2e:269d%14
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.184
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 192.168.0.1
Adaptador de Ethernet Conexi¢n de red Bluetooth 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2713763906-1647206067-2837485295-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072019130150555\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39447603 B
Java, Flash, Steam htmlcache => 70626569 B
Windows/system/drivers => 6926041 B
Edge => 24064 B
Chrome => 328817404 B
Firefox => 25890364 B
Opera => 147776 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 410520 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 148719000 B
NetworkService => 0 B
Marco => 40188848 B
RecycleBin => 149792 B
EmptyTemp: => 641.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 03:31:28 ====
Probare el equipo 24h y luego te comento que tal va, otra cosa, que hicimos en el paso anterior?
Hola @MarKo
Perfecto por aquí esperamos.
Eliminar mucho archivo basura y restos de infecciones que había en tu equipo.
Según el reporte algunas extensiones maliciosas no se han podido eliminar.
Intenta manualmente resetear tus navegadores según los pasos del siguiente enlace:
Salu2
hola tengo una duda, se que no tiene nada que ver con el tema, pero tiene que ver con la sospecha de que mi memoria ram puede estar fallando o algo
Al momento que mi hermano quiero jugar este juego en especifico le sale este error, no se si me podrias ayudar
Unity Player [version: Unity 5.3.8f2_0c7e33ff9c0e]
MM.exe caused an Access Violation (0xc0000005)
in module MM.exe at 0033:9e137510.
Error occurred at 2019-05-09_113228.
F:\SteamLibrary\steamapps\common\Motorsport Manager\MM.exe, run by Marco.
93% memory in use.
8112 MB physical memory [536 MB free].
13612 MB paging file [0 MB free].
134217728 MB user address space [134203687 MB free].
Write to location 00000000 caused an access violation.