Mi notebook se infecto al descargar un ISO

Hola que tal infospyware, resulta que descargue un archivo ISO y me infecto la pc. Le pase el W defender y mejoró pero me encuentro que al iniciar W me aparece que el ic64.dll tiene problemas para iniciar. Tambien quise borrar el ISO porque ahora no lo quiero y no lo borra. Y cuando abrí el Chrome me dice que hay software dañino para eliminar, y yo le pondria que lo elimine pero uno es de Window y ahi la duda si confiar o no. Estos son los archivos detectados: Archivos y programas:

  • c:\program files\nzmyn2rhndk0\ntexyju2ym.exe
  • c:\program files\nzmyn2rhndk0\y2vimzm0nduwzgy0y.exe
  • c:\program files\nzmyn2rhndk0\zwqxmmnmzdc2ytdinjf.exe
  • c:\windows\krqeemvwchfzaiaaovo.krq
  • c:\windows\y2vimzm0nduwzgy0y.exe

Como antivirus tengo el panda pero no detecta nada. Como puedo hacer para hacer mi pc mas segura y que no me roben datos y no la haga mas lenta. Alguien me puede ayudar ? gracias de antemano y agradezco que hayan vuelto.

Hola @Carolina_Saggio

Chrome te avisa de aplicaciones maliciosas pero no podrá borrar ese tipo de infecciones.

Ninguno de esos archivos es de Windows.

Si tienes como comentaste Windows Defender y Panda activado al mismo tiempo eso no es bueno.

En principio no ejecutando en tu equipo software pirata serìa una buena idea.

Para desinfectar el equipo correctamente realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado. Seleccionas todas las unidades.
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

Hola, gracias que sigas mi caso San. Aclararte que el ISO que baje era para un pdf no se porqué estaba en ISO. El tema es que me infectó y ademas quise eliminarlo y no me dejó.

Tal como me pediste estoy ejecutando el Malware, lo que me aparecio es que hay 313 archivos infectados y lo que me resulto raro que me gustaria que me aclaren es que me encontré con que nombres de archivos infectados eliminados me volvieron a aparecer en el informe y no se porque, o no se si porque desactive Panda y el W defender . Tambien algunos arhivos dentro de Windows y la pregunta es si eliminarlos no afectará posteriormente mi pc.

Me gustaría poder adjuntar el txt pero no supe como hacerlo. Te voy a ir contando que me va pasando.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/3/19
Hora del análisis: 18:08
Archivo de registro: abc98ba8-4378-11e9-9529-f0761ceda24a.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9622
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.590)
CPU: x64
Sistema de archivos: NTFS
Usuario: LENOVO-PC\Caro

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 350912
Amenazas detectadas: 313
Amenazas en cuarentena: 310
Tiempo transcurrido: 31 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 2
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\ZWQxMmNmZDc2YTdiNjF.exe, En cuarentena, [498], [556539],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python.exe, En cuarentena, [3868], [628577],1.0.9622

Módulo: 6
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\ZWQxMmNmZDc2YTdiNjF.exe, En cuarentena, [498], [556539],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_ctypes.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python.exe, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python3.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python37.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\vcruntime140.dll, En cuarentena, [3868], [628577],1.0.9622

Clave del registro: 59
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinBoxes, En cuarentena, [3868], [628576],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8FAB731-6142-4104-B52F-E6C153F8A82A}, En cuarentena, [3868], [628576],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D8FAB731-6142-4104-B52F-E6C153F8A82A}, En cuarentena, [3868], [628576],1.0.9622
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [498], [-1],0.0.0
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinBoxes_upd, En cuarentena, [3868], [628576],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{58F838F3-8BA2-4388-91C6-767E633C1C8F}, En cuarentena, [3868], [628576],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{58F838F3-8BA2-4388-91C6-767E633C1C8F}, En cuarentena, [3868], [628576],1.0.9622
PUP.Optional.Kuaizip, HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\KuaiZipMount.flac, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.7z, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.arj, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.cab, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.gz, En cuarentena, [1163], [358174],1.0.9622
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NzMyN2RhNDk0, En cuarentena, [498], [556539],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.lzh, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.tar, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.tgz, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZip.z, En cuarentena, [1163], [358174],1.0.9622
PUP.Optional.Kuaizip, HKLM\SOFTWARE\CLASSES\KuaiZipMount.iso, En cuarentena, [1163], [358174],1.0.9622
Adware.PBot, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinBoxes, En cuarentena, [3868], [628577],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, En cuarentena, [251], [382913],1.0.9622
PUP.Optional.Wajam, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\WajIEnhance, En cuarentena, [202], [244670],1.0.9622
Adware.PBot, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\WinBoxes, En cuarentena, [3868], [628574],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, En cuarentena, [251], [485554],1.0.9622
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, En cuarentena, [7180], [509886],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ikpcpgklmefncbfgbdifkaphbaapgafh, En cuarentena, [315], [590559],1.0.9622
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}, En cuarentena, [251], [471429],1.0.9622
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, En cuarentena, [7180], [509886],1.0.9622
Adware.Wajam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NzMyN2RhNDk0, En cuarentena, [498], [533738],1.0.9622
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [202], [170024],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\IESearchPlugin.MailRuBHO.1, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8E8F97CD-60B5-456F-A201-73065652D099}, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8E8F97CD-60B5-456F-A201-73065652D099}, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32, En cuarentena, [315], [351113],1.0.9622
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, En cuarentena, [315], [351113],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\awunacyv, En cuarentena, [6008], [571190],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{24A0CF41-F2F1-4B3D-BFF9-663B1BB6462A}, En cuarentena, [6008], [571190],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{24A0CF41-F2F1-4B3D-BFF9-663B1BB6462A}, En cuarentena, [6008], [571190],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\eixiosxneotu, En cuarentena, [6008], [622116],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4AC1B838-F387-4105-80FF-3BA7D548D9A6}, En cuarentena, [6008], [622116],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4AC1B838-F387-4105-80FF-3BA7D548D9A6}, En cuarentena, [6008], [622116],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{705DD530-FFA8-005B-15D0-A66D57DBCB6B}, En cuarentena, [6008], [601196],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BAA1617-6581-46D5-B207-C5F4FF958178}, En cuarentena, [6008], [601196],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{6BAA1617-6581-46D5-B207-C5F4FF958178}, En cuarentena, [6008], [601196],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\pkpohu, En cuarentena, [6008], [622117],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BD9775E4-8448-49CA-B91A-3125FA19F2C2}, En cuarentena, [6008], [622117],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BD9775E4-8448-49CA-B91A-3125FA19F2C2}, En cuarentena, [6008], [622117],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\aluzii, En cuarentena, [6008], [622125],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EBAC15E7-EFE5-4098-A331-BBE79B9C6AC2}, En cuarentena, [6008], [622125],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{EBAC15E7-EFE5-4098-A331-BBE79B9C6AC2}, En cuarentena, [6008], [622125],1.0.9622
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [202], [170024],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{08537B65-4445-A400-B6ED-6A89BFC3BF4D}, En cuarentena, [6008], [601195],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AC1506E3-8028-4EFB-BC0B-BD6EBA73F182}, En cuarentena, [6008], [601195],1.0.9622
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{AC1506E3-8028-4EFB-BC0B-BD6EBA73F182}, En cuarentena, [6008], [601195],1.0.9622
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [202], [170024],1.0.9622
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, En cuarentena, [251], [454830],1.0.9622

Valor del registro: 18
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Error durante la eliminación, [498], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [498], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [498], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Error durante la eliminación, [498], [-1],0.0.0
Adware.PBot, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinBoxes, En cuarentena, [3868], [628577],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, En cuarentena, [251], [382913],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, En cuarentena, [251], [382913],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, En cuarentena, [251], [382913],1.0.9622
PUP.Optional.Kuaizip, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.bin\OPENWITHPROGIDS|KUAIZIPMOUNT.BIN, En cuarentena, [1163], [392706],1.0.9622
Adware.PBot.Generic, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinBoxes_upd, En cuarentena, [3740], [629213],1.0.9622
PUP.Optional.RussAd, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IKPCPGKLMEFNCBFGBDIFKAPHBAAPGAFH, En cuarentena, [315], [590559],1.0.9622
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}|APPPATH, En cuarentena, [251], [471429],1.0.9622
Adware.PBot.Generic, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WINBOXES_UPD, En cuarentena, [3740], [646249],1.0.9622
Adware.Wajam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NzMyN2RhNDk0|DISPLAYNAME, En cuarentena, [498], [533738],1.0.9622
Adware.Wajam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NzMyN2RhNDk0|PUBLISHER, En cuarentena, [498], [533738],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{58F838F3-8BA2-4388-91C6-767E633C1C8F}|PATH, En cuarentena, [3868], [628571],1.0.9622
Adware.PBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8FAB731-6142-4104-B52F-E6C153F8A82A}|PATH, En cuarentena, [3868], [628571],1.0.9622
PUP.Optional.MailRu, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|iepoegkaoeljnbhagabakjodgpfniimo, En cuarentena, [251], [454830],1.0.9622

Datos del registro: 1
Adware.MailRu.BatBitRst, HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [325], [481471],1.0.9622

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 11
PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, En cuarentena, [251], [384138],1.0.9622
Trojan.Agent, C:\WINDOWS\SYSTEM32\SSL, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, En cuarentena, [419], [479103],1.0.9622
Adware.Wajam, C:\WINDOWS\SYSWOW64\SSL, En cuarentena, [498], [533889],1.0.9622
Adware.OnlineIO, C:\WINDOWS\INSTALLER\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, En cuarentena, [1198], [414815],1.0.9622
Adware.Wajam, C:\PROGRAM FILES\NzMyN2RhNDk0, En cuarentena, [498], [556539],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\js, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\USERS\CARO\APPDATA\ROAMING\WINBOXES, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\USERS\CARO\APPDATA\ROAMING\WinBoxes_upd, En cuarentena, [3740], [629213],1.0.9622

Archivo: 216
Adware.Zdengo, C:\WINDOWS\System32\drivers\ZmQ1OTY5NzQ2MmViZjA0, En cuarentena, [499], [626166],0.0.0
Adware.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, En cuarentena, [1198], [414818],1.0.9622
Trojan.Agent, C:\WINDOWS\SYSTEM32\SSL\XV.DB, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\System32\SSL\cert.db, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\System32\SSL\e1914b145176465a.cer, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\System32\SSL\x.db, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\System32\SSL\xtls.db, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\SysWOW64\SSL\x.db, En cuarentena, [419], [479103],1.0.9622
Trojan.Agent, C:\Windows\SysWOW64\SSL\YzBhMmQzZGRmNjRm 2.cer, En cuarentena, [419], [479103],1.0.9622
Adware.PBot, C:\WINDOWS\SYSTEM32\TASKS\WinBoxes, En cuarentena, [3868], [628576],1.0.9622
Adware.Wajam, C:\WINDOWS\SYSWOW64\SSL\CERT.DB, En cuarentena, [498], [533889],1.0.9622
Adware.Wajam, C:\Windows\SysWOW64\SSL\x.db, En cuarentena, [498], [533889],1.0.9622
Adware.Wajam, C:\Windows\SysWOW64\SSL\xv.db, En cuarentena, [498], [533889],1.0.9622
Adware.Wajam, C:\Windows\SysWOW64\SSL\YzBhMmQzZGRmNjRm 2.cer, En cuarentena, [498], [533889],1.0.9622
Adware.PBot, C:\WINDOWS\SYSTEM32\TASKS\WinBoxes_upd, En cuarentena, [3868], [628576],1.0.9622
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\online.exe, En cuarentena, [1198], [414815],1.0.9622
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\SystemFoldermsiexec.exe, En cuarentena, [1198], [414815],1.0.9622
Adware.Wajam, C:\PROGRAM FILES\NzMyN2RhNDk0\WBE_uninstall.dat, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\mozcrt19.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\NGQ5MWQyO.ico, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\nspr4.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\nss3.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\NTExYjU2Ym.exe, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\plc4.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\plds4.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\service.dat, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\service_64.dat, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\softokn3.dll, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\Y2ViMzM0NDUwZGY0Y.exe, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\YThmOWNkM2NmN2U, En cuarentena, [498], [556539],1.0.9622
Adware.Wajam, C:\Program Files\NzMyN2RhNDk0\ZWQxMmNmZDc2YTdiNjF.exe, En cuarentena, [498], [556539],1.0.9622
PUP.Optional.MailRu, C:\USERS\CARO\FAVORITES\Mail.Ru.url, En cuarentena, [251], [471428],1.0.9622
Adware.PBot, C:\USERS\CARO\APPDATA\ROAMING\WINBOXES\PYTHON\api-ms-win-core-console-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\js\guid.js, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\js\storage.js, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\js\storage.js.sha1, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_ctypes.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_decimal.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_distutils_findvs.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_elementtree.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_hashlib.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_lzma.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_msi.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_multiprocessing.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_overlapped.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_queue.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_socket.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_sqlite3.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_ssl.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-handle-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-heap-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-interlocked-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-libraryloader-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-localization-l1-2-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-memory-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-namedpipe-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-processenvironment-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-processthreads-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-processthreads-l1-1-1.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-profile-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-rtlsupport-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-synch-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-synch-l1-2-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-sysinfo-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-timezone-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-util-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-conio-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-convert-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-environment-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-filesystem-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-heap-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-locale-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-math-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-multibyte-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-datetime-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-debug-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-errorhandling-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-file-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-file-l1-2-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-file-l2-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-core-string-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-private-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-process-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-runtime-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-stdio-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-string-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-time-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\api-ms-win-crt-utility-l1-1-0.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\libcrypto-1_1.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\libssl-1_1.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\pyexpat.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python.exe, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python3.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python37.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python37.zip, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\python37._pth, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\pythonw.exe, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\select.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\sqlite3.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\ucrtbase.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\unicodedata.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\vcruntime140.dll, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\winsound.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_asyncio.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_bz2.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\python\_contextvars.pyd, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\filter.bin, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\rules.ini, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\settings.ini, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\start.bin, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\start.pyc, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\subid.txt, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\time.txt, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\uninstall.exe, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot, C:\Users\Caro\AppData\Roaming\WinBoxes\uuid.txt, En cuarentena, [3868], [628577],1.0.9622
Adware.PBot.Generic, C:\USERS\CARO\APPDATA\ROAMING\WinBoxes_upd\PYTHON\pythonw.exe, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_ctypes.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_decimal.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_distutils_findvs.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_elementtree.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_hashlib.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_lzma.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_msi.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_multiprocessing.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_overlapped.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_queue.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_socket.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_sqlite3.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_ssl.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-handle-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-heap-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-interlocked-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-libraryloader-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-localization-l1-2-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-memory-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-namedpipe-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-processenvironment-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-processthreads-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-processthreads-l1-1-1.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-profile-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-rtlsupport-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-synch-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-synch-l1-2-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-sysinfo-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-timezone-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-util-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-conio-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-convert-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-environment-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-filesystem-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-heap-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-locale-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-math-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-multibyte-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-console-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-datetime-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-debug-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-errorhandling-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-file-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-file-l1-2-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-file-l2-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-core-string-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-private-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-process-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-runtime-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-stdio-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-string-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-time-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\api-ms-win-crt-utility-l1-1-0.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\libcrypto-1_1.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\libssl-1_1.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\pyexpat.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\python.exe, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\python3.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\python37.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\python37.zip, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\python37._pth, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\select.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\sqlite3.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\ucrtbase.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\unicodedata.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\vcruntime140.dll, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\winsound.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_asyncio.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_bz2.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\python\_contextvars.pyd, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\id.txt, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\path.txt, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\start.bin, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\start.pyc, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\subid.txt, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\time.txt, En cuarentena, [3740], [629213],1.0.9622
Adware.PBot.Generic, C:\Users\Caro\AppData\Roaming\WinBoxes_upd\utctimestamp.txt, En cuarentena, [3740], [629213],1.0.9622
PUP.Optional.RussAd, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [315], [590559],1.0.9622
Adware.MailRu.BatBitRst, C:\USERS\CARO\FAVORITES\Искать в Интернете.URL, En cuarentena, [325], [648495],1.0.9622
Adware.MailRu.BatBitRst, C:\USERS\CARO\ONEDRIVE\ESCRITORIO\Искать в Интернете.URL, Error durante la eliminación, [325], [481462],1.0.9622
PUP.Optional.RussAd, C:\USERS\CARO\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL, En cuarentena, [315], [351113],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\awunacyv, En cuarentena, [6008], [571190],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\eixiosxneotu, En cuarentena, [6008], [622116],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{705DD530-FFA8-005B-15D0-A66D57DBCB6B}, En cuarentena, [6008], [601196],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\pkpohu, En cuarentena, [6008], [622117],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\aluzii, En cuarentena, [6008], [622125],1.0.9622
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{08537B65-4445-A400-B6ED-6A89BFC3BF4D}, En cuarentena, [6008], [601195],1.0.9622
Misplaced.Legit.BatBitRst, C:\PROGRAM FILES (X86)\TZEA.EXE, En cuarentena, [10828], [632788],1.0.9622
Misplaced.Legit.BatBitRst, C:\PROGRAM FILES (X86)\LXAYLUEDDFS.EXE, En cuarentena, [10828], [632788],1.0.9622
Misplaced.Legit.BatBitRst, C:\PROGRAM FILES (X86)\JKYUIJ.EXE, En cuarentena, [10828], [632798],1.0.9622
PUP.Optional.InstallCore.Generic, C:\USERS\CARO\DOWNLOADS\WBS CHART PRO_4017496038.EXE, En cuarentena, [542], [512142],1.0.9622
PUP.Optional.MailRu, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [251], [454830],1.0.9622
PUP.Optional.MailRu, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [251], [454830],1.0.9622
PUP.Optional.MailRu, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [251], [454830],1.0.9622
PUP.Optional.Linkury.Generic, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [218], [454805],1.0.9622
PUP.Optional.Linkury.Generic, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [218], [454805],1.0.9622
PUP.Optional.SonicSearch, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [370], [519968],1.0.9622
PUP.Optional.SonicSearch, C:\USERS\CARO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [370], [519968],1.0.9622

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

Bueno ejecute ADW Cleaner y cuando reinicie me tardó en iniciar … hasta que cuando inicio me puso un cartel azul que " se produjo un error al iniciar Windows" y un codigo QR que no pude sacarle foto, cuando me di cuenta de desaparecio y se apago. Asi que volvi a proceder a reiniciar.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-03-04.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-10-2019
# Duration: 00:00:13
# OS:       Windows 10 Home Single Language
# Cleaned:  5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension
Deleted       HKLM\Software\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted       HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2027 octets] - [10/03/2019 19:35:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

este es el informe del scan

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-03-04.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-10-2019
# Duration: 00:00:29
# OS:       Windows 10 Home Single Language
# Scanned:  31858
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
PUP.Winlogon.Heuristic          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

En la medida que estoy trabajando me aparece un cartel blanco escrito en verdad que me notifica " sitio web bloqueado debido a pop up" … no se a que se debe porque estoy trabajando en este problema y solo tengo abierto el chrome en el foro y las paginas que abro, pero me es muy molesto la notificacion.

Por otro lado informarte que la configuracion de windows estaba teniendo problemas cuando la quería usar. y tambien veo que al usar los programas veo mucho " claves del registro " y me pregunto que es

ZHPCleaner

22:53 10/3/2019~ ZHPCleaner v2019.3.9.30 by Nicolas Coolman (2019/03/09)
~ Run by Caro (Administrator)  (10/03/2019 20:58:57)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Caro\OneDrive\Escritorio\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Caro\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (136)
MOVIDO carpeta: C:\Windows\Installer\wix{0A596141-97D5-45FA-9281-98DFAF48D579}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{31A0B634-BCF4-4D3F-8336-87FEACFEE142}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{77F8C879-88CD-4145-945A-541C35285285}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{9E005AAA-81A3-478E-8944-532D350952EE}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{B5E06417-A4AC-4225-B36E-7E34C91616E7}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C29B636B-9015-4ED1-A12F-6375A337F23B}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{D4D86CB2-2370-4691-8272-3869EDED6C64}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Windows\Installer\MSI12EE.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI271B.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI3537.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI362A.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI3633.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI415.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI4293.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI5F15.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI7CE3.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI7E74.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI8452.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI8A23.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSI9815.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIA287.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIA2FA.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIAAE5.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIB50B.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIB669.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIC043.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIC1ED.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIC64C.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIC7D4.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIC888.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSICCF7.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSID3FE.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSID4E6.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIDC4F.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIE11.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIE59C.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIE75F.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIE867.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIEADC.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIEFEA.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIF07E.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIF3A.tmp    =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\MSIFEDA.tmp [.NET Foundation - WiX Custom Actions]  =>.SUP.MSIInstaller
MOVIDO carpeta: C:\Windows\Installer\1054298.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1461542.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\1a371a3.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\20a4991.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\2c800d58.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\453f1b93.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\57b730.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\64f2707.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\af8f48d.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Windows\Installer\ec215a7.msp    =>.SUP.Obsolete.Adobe
MOVIDO carpeta: C:\Users\Caro\Downloads\PopcornTime-latest.exe [Popcorn Time - Popcorn Time Setup]  =>.SUP.PopcornTime
MOVIDO carpeta^: C:\Users\Caro\AppData\Local\Temp\aria-debug-14496.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta^: C:\Users\Caro\AppData\Local\Temp\aria-debug-16600.log    =>.SUP.Temporary.OneDrive
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\evb4B89.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\evbE1A5.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\evbF2C5.tmp    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\sa.5D967502-CACE-3F7B-F464-8E7AF2DC2C5F_5__.Public.AppUpdate.dat    =>.SUP.Temporary.WindowsApps
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wct6BF4.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wct771D.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wct94F.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctA8AE.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctAC80.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctB4B.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctB783.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctC0C7.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctC623.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctDEFF.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\wctE1A2.tmp    =>.SUP.Temporary.Office
MOVIDO carpeta: C:\Users\Caro\AppData\Local\Temp\{6B3477D3-0E7A-4720-A9E4-AF178F3C22F2} - OProcSessId.dat    =>.SUP.Temporary.Empty
MOVIDO archivo: C:\Users\Caro\AppData\Roaming\PDAppFlex  =>Trojan.Elpman
MOVIDO archivo: C:\ProgramData\panda_url_filtering  =>.SUP.StartSearch
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit  =>.SUP.SHAREit
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign080f0d2c2199fb39  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign08a54828cc449186  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign0ab74bc39ddd684a  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign0d6de507fe3c6b42  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign46d694f2cbef5504  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign66496dacd9f6d8a6  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign70dbe483770fa35d  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign74e4cd646b552c25  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign762818453ae2b164  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign7810973d7696f859  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign7a3a43a74c171fa9  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign82ef3119e54584bc  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsign8edf9da60dadd495  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsigncdbf6795e89a229d  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsignceabab87cd715f12  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsignd45c8d468e78d96d  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Tempzxpsignd508237a2c034038  =>.SUP.Temporary
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\005  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\006  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\007  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\009  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\010  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\011  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\012  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\013  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\014  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\015  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\016  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\017  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\018  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\019  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\020  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\021  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\022  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\023  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\File System\024  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Caro\AppData\Local\AdvinstAnalytics  =>.SUP.Various
MOVIDO archivo: C:\WINDOWS\Installer\MSI16D7.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI1718.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI2261.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSI351F.tmp-  =>.SUP.Empty
MOVIDO archivo: C:\WINDOWS\Installer\MSIE2DA.tmp-  =>.SUP.Empty


---\\  Registro ( Claves, Valores, Datos) (11)
BORRADOS clave*: HKLM\SOFTWARE\Wow6432Node\pandasecuritytb []  =>.SUP.VisicomMedia
BORRADOS clave*: HKLM\SOFTWARE\Wow6432Node\UCBrowserPID []  =>.SUP.UCBrowser
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029AB1D033707234FAD100A0EAB4A227 [C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe (Not File)]  =>.SUP.Microleaves
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E61F5183882B6F45A67D57C3AFF28E1 [C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe (Not File)]  =>.SUP.Microleaves
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_E4861B66E09791F839469AF303BDEE82 [0x020000000000000000000000]  =>Heuristic.Suspect
BORRADOS valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ApplePhotoStreams [0x020000000000000000000000]  =>.SUP.HideBaid
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Lenovo\Lenovo Updates\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Lenovo\Lenovo Updates\images\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre7\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection\ [No Folder]  =>.SUP.Obsolete.NoFolder


---\\  Resumen de elementos en su estación de trabajo (20)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.WindowsApps
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/09/23/trojan-elpman/  =>Trojan.Elpman
https://nicolascoolman.eu/2017/09/11/sup-startsearch/  =>.SUP.StartSearch
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SHAREit
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Various
https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/  =>.SUP.VisicomMedia
https://nicolascoolman.eu/2017/03/04/superfluous-ucbrowser/  =>.SUP.UCBrowser
https://nicolascoolman.eu/2017/12/24/sup-microleaves/  =>.SUP.Microleaves
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.HideBaid
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.NoFolder


---\\ Limpieza adicional. (8)
~ Clave de registro Tracing borrados (8)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 693
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 29005754


~ End of clean in 00h01mn25s

---\\  Reporte (2)
ZHPCleaner-[S]-10032019-20_45_28.txt
ZHPCleaner-[R]-10032019-21_00_22.txt

Bueno hasta lo que me has pedido con algunos inconnvenientes que me llamo la atencion lo que no pudo iniciar Windows, y preocupada por archivos que ya han sido eliminados y que estoy con el antivurus desactivado por un lado , y me queda la duda de que si al desactivar el antivirus no esta activando los archivos que estan en cuarentena. Son dudas que me han surgido.

Otra duda que tengo es que yo dejo guardadas las password en google crhome, mas que nada para no olvidarmelas, la pregunta es si es seguro? Bueno hasta aca todo el informe. Espero haberlo bien. Y desde ya muchisimas gracias la ayuda. Te aviso que procedo a activar el antivirus para no quedarme desprotegida . Tuve que responder en 2 partes porque no me dejo por ser demasiado largo. Excelente comienzo de semana, espero tu respuesta y los pasos a seguir. Un abrazo enorme. Y de nuevo mil gracias y agradecida que volvieron…

Hola @Carolina_Saggio

Tratare de aclararte algunas dudas.

Alli comenzo el problema, si necesitas un pdf, y su extensión no se corresponde (en este caso una ISO) es virus de seguro, siempre debes fijarte en las extensiones de lo que descargas, ademas de analizarlo con tu antivirus, aunque creas que es un docx inofensivo.

Es normal, hasta que las desinfecciones no se completen del todo, vuelven a crearse.

No afectan, ya que las herramientas solo eliminan lo que esta infectado y no dañan a Windows. Siempre elimina todo lo que estas detecten.

No se a que .txt te refieres pero ve esta guia:

El tipo de malwares que tienes hacen esas cosas, ya que hay un archivo relacionado con el inicio de Windows infectado.

Es normal tu Google Chrome esta muy infectado aun, y ese Pup UP es de Malwarebytes que esta bloqueando todos los sitios maliciosos a los que el navegador quiere conectar.

No entiendo a que te refieres, se mas clara. Puedes tomar imagenes y subirlas.

Para nada, lo que esta en cuarentena no se activa.

No no lo es. Pasalas al papel, por que seguramente tengamos que eliminar la configuración actual de tu navegador.

Perfecto, ya te dire en proximo pasos cuando desactivarlo, y al finalizar podras activarlos.


Vuelve a realizar otro analisis con Malwarebytes, tal como lo hiciste anteriormente. Selecciona Analisis Personalizado y escanea todas las unidades.

Luego realizas lo siguiente:

1.- Desactiva temporalmente su antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abriran dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola , muchas gracias por las respuestas y tu tiempo :wink:

Malware tiro dos amenazas

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 11/3/19
Hora del análisis: 15:31
Archivo de registro: db4ac910-442b-11e9-918f-f0761ceda24a.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9638
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.590)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 342476
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 13 min, 35 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
MachineLearning/Anomalous.100%, C:\WINDOWS\Y2VIMZM0NDUWZGY0Y.EXE, En cuarentena, [0], [392687],1.0.9638
Adware.MailRu.BatBitRst, C:\USERS\CARO\ONEDRIVE\ESCRITORIO\Искать в Интернете.URL, En cuarentena, [325], [481462],1.0.9638

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

(end)

FSRT

lo pego en dos partes


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2019
Ran by Caro (administrator) on LENOVO-PC (11-03-2019 23:26:02)
Running from C:\Users\Caro\Downloads
Loaded Profiles: Caro (Available Profiles: Caro)
Platform: Windows 10 Home Single Language Version 1803 17134.590 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee LLC) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Panda Security S.L -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc. -> McAfee LLC) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(McAfee, Inc. -> McAfee LLC) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Caro\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Box, Inc. -> ) C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() [File not signed] C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Caro\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileCoAuth.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-11-11] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-11-13] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5968600 2018-11-30] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-27] (Google Inc -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{447344c8-26eb-42e9-b091-d3e108ad6180}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d8f4dff3-7823-4d7c-ae85-8e67426a664c}: [DhcpNameServer] 200.42.4.207 200.49.130.41 200.49.130.41

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-4145286444-108475074-2886558672-1009 -> is enabled.
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.13.0_neutral__d55gg7py3s0m0 [2019-01-31]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-03-01]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-26] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4145286444-108475074-2886558672-1009: SkypeForBusinessPlugin64-16.2 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default [2019-03-11]
CHR Extension: (Presentaciones) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (File Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2017-03-30]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2019-02-14]
CHR Extension: (Documentos) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-03-07]
CHR Extension: (YouTube) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-28]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-02-14]
CHR Extension: (PDF to Word Converter - PDF Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eombmhnnhbilmgdkbkeccclcadjffgjd [2017-03-30]
CHR Extension: (Hojas de cálculo) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-26]
CHR Extension: (Word Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-03-30]
CHR Extension: (PDF to Word Doc Converter) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjhedcdiaeighcnidfhegnmfieiejmdj [2017-03-30]
CHR Extension: (Favoritos de iCloud) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-26]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-01-09]
CHR Extension: (Video Ads Blocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2019-01-19]
CHR Extension: (Excel Online) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-03-30]
CHR Extension: (Save to Facebook) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-01-02]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-21]
CHR Extension: (Hangouts de Google) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2019-01-19]
CHR Extension: (Outlook.com) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36688 2018-11-30] (Box, Inc. -> Box, Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] (Lenovo (Beijing) Limited -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO -> LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-02-08] (McAfee, Inc. -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [475600 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc. -> McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc. -> McAfee, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-08-15] (Lenovo (Beijing) Limited -> Lenovo)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [33224 2016-04-15] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S2 0134591532030241mcinstcleanup; C:\WINDOWS\TEMP\013459~1.EXE -cleanup -nolog [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc. -> McAfee, Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee, Inc. -> McAfee LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-11-11] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-29] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-11-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-11] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

continuo con el FRST


2019-03-11 23:26 - 2019-03-11 23:28 - 000045618 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-11 23:26 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-11 23:24 - 002434560 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 23:13 - 2019-03-10 23:13 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-10 23:13 - 2019-03-10 23:13 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\Program Files\CCleaner
2019-03-10 21:03 - 2019-03-10 21:03 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-10 21:03 - 2019-03-10 21:03 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 19:02 - 2019-03-10 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-10 17:24 - 2019-03-10 17:24 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini
2019-03-04 10:17 - 2019-03-04 10:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-02-14 18:32 - 2019-02-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iPod
2019-02-14 18:22 - 2019-02-14 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-02-14 18:08 - 2019-02-06 04:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 18:08 - 2019-02-06 04:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 04:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 18:08 - 2019-02-06 04:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 18:08 - 2019-02-06 03:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 03:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 18:08 - 2019-02-06 00:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 18:08 - 2019-02-06 00:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 18:08 - 2019-02-05 23:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 18:08 - 2019-02-05 23:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 18:08 - 2019-02-05 23:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 18:08 - 2019-02-05 23:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 18:08 - 2019-01-11 23:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 18:08 - 2019-01-09 14:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 18:08 - 2019-01-09 14:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 18:08 - 2019-01-09 14:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 18:08 - 2019-01-09 14:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 18:08 - 2019-01-09 06:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 18:08 - 2019-01-09 02:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 18:08 - 2019-01-09 02:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 18:08 - 2019-01-09 02:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 18:08 - 2019-01-09 02:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 18:07 - 2019-02-06 04:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 18:07 - 2019-02-06 03:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 18:07 - 2019-02-06 00:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 18:07 - 2019-02-06 00:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 18:07 - 2019-02-06 00:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 18:07 - 2019-02-05 23:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 18:07 - 2019-02-05 23:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 18:07 - 2019-02-05 23:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 18:07 - 2019-02-05 23:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 18:07 - 2019-02-05 23:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 18:07 - 2019-01-09 15:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 18:07 - 2019-01-09 02:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 18:07 - 2019-01-09 02:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 18:07 - 2019-01-09 02:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 18:07 - 2019-01-09 02:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 18:07 - 2019-01-08 00:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 16:56 - 2019-02-06 04:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 16:56 - 2019-02-06 03:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 16:56 - 2019-02-06 00:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 16:56 - 2019-02-06 00:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 16:56 - 2019-02-06 00:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 16:56 - 2019-02-06 00:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 16:56 - 2019-02-05 23:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 16:56 - 2019-02-05 23:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 16:56 - 2019-02-05 23:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 16:56 - 2019-02-05 23:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 16:56 - 2019-02-05 23:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 16:56 - 2019-02-05 23:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 16:56 - 2019-02-05 23:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 16:56 - 2019-02-05 23:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 16:56 - 2019-02-05 23:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 16:56 - 2019-02-05 22:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 16:56 - 2019-01-12 05:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-09 14:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 16:56 - 2019-01-09 14:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 16:56 - 2019-01-09 14:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 16:56 - 2019-01-09 07:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 16:56 - 2019-01-09 06:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 16:56 - 2019-01-09 05:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 16:56 - 2019-01-09 05:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 16:56 - 2019-01-09 02:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 16:56 - 2019-01-09 02:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 16:56 - 2019-01-09 02:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 16:56 - 2019-01-09 02:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 16:56 - 2019-01-09 02:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-08 06:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-08 00:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 16:55 - 2019-01-08 00:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:58 - 2019-02-14 15:58 - 000000011 _____ C:\Users\Caro\setup24.ini
2019-02-14 15:57 - 2019-02-14 15:57 - 000000009 _____ C:\Users\Caro\rstr4.ini
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ C:\Users\Caro\AppData\Local\dump007.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 000000011 _____ C:\Users\Caro\setup22.ini
2019-02-10 04:52 - 2019-02-10 04:52 - 000000009 _____ C:\Users\Caro\rstr3.ini
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ C:\Users\Caro\AppData\Local\wbem.ini
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-02-10 03:08 - 2019-02-10 03:10 - 000000000 ___RD C:\Users\Caro\Box Sync
2019-02-10 03:03 - 2019-02-10 04:56 - 000000000 ____D C:\Users\Caro\AppData\Local\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\Program Files\Box
2019-02-10 02:26 - 2019-02-10 02:26 - 000000882 _____ C:\Users\Caro\Downloads\Documentos - Acceso directo.lnk
2019-02-09 08:53 - 2019-02-09 08:53 - 000101737 _____ C:\WINDOWS\uninstaller.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 23:14 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-11 16:46 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 16:39 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-11 02:12 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-10 21:09 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-10 21:09 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-10 21:07 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-10 21:07 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-10 21:03 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-10 21:03 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-10 21:02 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-10 21:02 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-10 21:01 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-10 19:05 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 17:26 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-10 17:22 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-10 17:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-09 01:03 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 23:04 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-07 23:04 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-07 23:04 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-01 23:07 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-20 18:04 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-02-14 18:39 - 2018-05-29 02:41 - 000004026 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-14 18:39 - 2018-05-29 02:41 - 000003794 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-14 18:37 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 18:20 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-10 04:47 - 2017-04-10 02:31 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-02-10 03:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-02-10 03:48 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-10 03:04 - 2015-08-15 06:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-10 02:33 - 2017-04-10 02:32 - 000000000 ____D C:\ProgramData\NCH Software
2019-02-10 02:26 - 2017-04-10 02:31 - 000000000 ____D C:\Users\Caro\AppData\Roaming\NCH Software
2019-02-10 02:09 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================

Hasta aqui San el FRST. Eral muy largo asi que lo dividi

El adition


2019-03-11 23:26 - 2019-03-11 23:28 - 000045618 _____ C:\Users\Caro\Downloads\FRST.txt
2019-03-11 23:25 - 2019-03-11 23:26 - 000000000 ____D C:\FRST
2019-03-11 23:24 - 2019-03-11 23:24 - 002434560 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2019-03-11 16:19 - 2019-03-11 16:19 - 000001752 _____ C:\Users\Caro\Downloads\marzo11 malware.txt
2019-03-10 23:13 - 2019-03-10 23:13 - 019384632 _____ (Piriform Software Ltd) C:\Users\Caro\Downloads\ccsetup553.exe
2019-03-10 23:13 - 2019-03-10 23:13 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-10 23:13 - 2019-03-10 23:13 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-10 23:13 - 2019-03-10 23:13 - 000000000 ____D C:\Program Files\CCleaner
2019-03-10 21:03 - 2019-03-10 21:03 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-10 21:03 - 2019-03-10 21:03 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-10 21:02 - 2019-03-10 21:02 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-10 20:25 - 2019-03-10 21:00 - 000000000 ____D C:\Users\Caro\AppData\Roaming\ZHP
2019-03-10 20:25 - 2019-03-10 20:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ZHP
2019-03-10 20:21 - 2019-03-10 20:21 - 003321728 _____ C:\Users\Caro\Downloads\ZHPCleaner.exe
2019-03-10 20:16 - 2019-03-10 20:16 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0 (1).exe
2019-03-10 19:35 - 2019-03-10 19:37 - 000000000 ____D C:\AdwCleaner
2019-03-10 19:33 - 2019-03-10 19:34 - 007316688 _____ (Malwarebytes) C:\Users\Caro\Downloads\adwcleaner_7.2.7.0.exe
2019-03-10 19:08 - 2019-03-10 19:08 - 000042734 _____ C:\Users\Caro\Downloads\marzo10Malware.txt
2019-03-10 19:02 - 2019-03-10 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-10 18:07 - 2019-03-10 18:07 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-10 18:07 - 2019-03-10 18:07 - 000000000 ____D C:\Users\Caro\AppData\Local\mbam
2019-03-10 18:06 - 2019-03-10 18:06 - 000000000 ____D C:\Users\Caro\AppData\Local\mbamtray
2019-03-10 18:05 - 2019-03-10 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 18:05 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-10 18:05 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-10 18:01 - 2019-03-10 18:01 - 062400056 _____ (Malwarebytes ) C:\Users\Caro\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-10 17:24 - 2019-03-10 17:24 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-10 17:24 - 2019-03-10 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-07 22:54 - 2019-03-07 22:54 - 000000012 _____ C:\Users\Caro\setup_01.ini
2019-03-04 10:17 - 2019-03-04 10:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-03-04 10:17 - 2019-03-04 10:17 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-02-14 18:32 - 2019-02-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iTunes
2019-02-14 18:31 - 2019-02-14 18:31 - 000000000 ____D C:\Program Files\iPod
2019-02-14 18:22 - 2019-02-14 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-02-14 18:08 - 2019-02-06 04:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 18:08 - 2019-02-06 04:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 04:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 18:08 - 2019-02-06 04:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 18:08 - 2019-02-06 03:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 18:08 - 2019-02-06 03:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 18:08 - 2019-02-06 00:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 18:08 - 2019-02-06 00:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 18:08 - 2019-02-06 00:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 18:08 - 2019-02-06 00:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 18:08 - 2019-02-05 23:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 18:08 - 2019-02-05 23:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 18:08 - 2019-02-05 23:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 18:08 - 2019-02-05 23:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 18:08 - 2019-02-05 23:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 18:08 - 2019-02-05 23:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 18:08 - 2019-02-05 23:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 18:08 - 2019-02-05 23:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 18:08 - 2019-01-11 23:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 18:08 - 2019-01-09 14:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 18:08 - 2019-01-09 14:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 18:08 - 2019-01-09 14:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 18:08 - 2019-01-09 14:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 18:08 - 2019-01-09 06:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 18:08 - 2019-01-09 02:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 18:08 - 2019-01-09 02:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 18:08 - 2019-01-09 02:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 18:08 - 2019-01-09 02:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 18:08 - 2019-01-09 02:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 18:08 - 2019-01-09 02:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 18:08 - 2019-01-09 02:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 18:08 - 2019-01-09 02:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 18:08 - 2019-01-09 02:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:08 - 2019-01-09 02:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 18:07 - 2019-02-06 04:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 18:07 - 2019-02-06 04:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 18:07 - 2019-02-06 03:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 18:07 - 2019-02-06 00:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 18:07 - 2019-02-06 00:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 18:07 - 2019-02-06 00:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 18:07 - 2019-02-06 00:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 18:07 - 2019-02-06 00:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 18:07 - 2019-02-05 23:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 18:07 - 2019-02-05 23:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 18:07 - 2019-02-05 23:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 18:07 - 2019-02-05 23:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 18:07 - 2019-02-05 23:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 18:07 - 2019-02-05 23:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 18:07 - 2019-01-09 15:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 18:07 - 2019-01-09 02:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 18:07 - 2019-01-09 02:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 18:07 - 2019-01-09 02:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 18:07 - 2019-01-09 02:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 18:07 - 2019-01-09 02:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 18:07 - 2019-01-09 02:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 18:07 - 2019-01-09 02:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 18:07 - 2019-01-09 02:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 18:07 - 2019-01-09 02:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 18:07 - 2019-01-09 01:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 18:07 - 2019-01-08 00:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 16:56 - 2019-02-06 04:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 16:56 - 2019-02-06 03:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 16:56 - 2019-02-06 00:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 16:56 - 2019-02-06 00:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 16:56 - 2019-02-06 00:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 16:56 - 2019-02-06 00:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 16:56 - 2019-02-06 00:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 16:56 - 2019-02-06 00:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 16:56 - 2019-02-05 23:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 16:56 - 2019-02-05 23:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 16:56 - 2019-02-05 23:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 16:56 - 2019-02-05 23:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 16:56 - 2019-02-05 23:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 16:56 - 2019-02-05 23:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 16:56 - 2019-02-05 23:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 16:56 - 2019-02-05 23:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 16:56 - 2019-02-05 23:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 16:56 - 2019-02-05 23:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 16:56 - 2019-02-05 23:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 16:56 - 2019-02-05 23:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 16:56 - 2019-02-05 22:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 16:56 - 2019-01-12 05:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-09 14:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 16:56 - 2019-01-09 14:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 16:56 - 2019-01-09 14:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 16:56 - 2019-01-09 07:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 16:56 - 2019-01-09 06:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 16:56 - 2019-01-09 05:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 16:56 - 2019-01-09 05:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 16:56 - 2019-01-09 02:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 16:56 - 2019-01-09 02:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 16:56 - 2019-01-09 02:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 16:56 - 2019-01-09 02:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 16:56 - 2019-01-09 02:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 16:56 - 2019-01-09 02:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 16:56 - 2019-01-09 02:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 16:56 - 2019-01-09 02:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-09 02:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 16:56 - 2019-01-09 02:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 16:56 - 2019-01-08 06:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 16:56 - 2019-01-08 00:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 16:55 - 2019-01-08 00:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:58 - 2019-02-14 15:58 - 000000011 _____ C:\Users\Caro\setup24.ini
2019-02-14 15:57 - 2019-02-14 15:57 - 000000009 _____ C:\Users\Caro\rstr4.ini
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ C:\Users\Caro\AppData\Local\dump007.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 000000011 _____ C:\Users\Caro\setup22.ini
2019-02-10 04:52 - 2019-02-10 04:52 - 000000009 _____ C:\Users\Caro\rstr3.ini
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ C:\Users\Caro\AppData\Local\wbem.ini
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-02-10 03:08 - 2019-02-10 03:10 - 000000000 ___RD C:\Users\Caro\Box Sync
2019-02-10 03:03 - 2019-02-10 04:56 - 000000000 ____D C:\Users\Caro\AppData\Local\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2019-02-10 03:03 - 2019-02-10 03:03 - 000000000 ____D C:\Program Files\Box
2019-02-10 02:26 - 2019-02-10 02:26 - 000000882 _____ C:\Users\Caro\Downloads\Documentos - Acceso directo.lnk
2019-02-09 08:53 - 2019-02-09 08:53 - 000101737 _____ C:\WINDOWS\uninstaller.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-11 23:14 - 2018-05-29 02:41 - 000004204 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6F4BD55-6BCC-4B51-BBE7-346301359930}
2019-03-11 16:46 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 16:39 - 2018-05-29 02:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-11 02:12 - 2018-05-20 14:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-11 02:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-11 02:12 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-10 21:09 - 2016-04-28 01:30 - 000000000 ___RD C:\Users\Caro\Google Drive
2019-03-10 21:09 - 2016-01-25 23:32 - 000000000 ___RD C:\Users\Caro\Dropbox
2019-03-10 21:07 - 2016-11-03 14:16 - 000000000 ___RD C:\Users\Caro\iCloudDrive
2019-03-10 21:07 - 2016-01-25 15:03 - 000000000 ___RD C:\Users\Caro\OneDrive
2019-03-10 21:03 - 2017-06-02 15:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-10 21:03 - 2016-01-25 15:01 - 000000000 __SHD C:\Users\Caro\IntelGraphicsProfiles
2019-03-10 21:02 - 2018-05-29 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-10 21:02 - 2016-08-22 22:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-10 21:01 - 2018-04-11 18:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-10 19:05 - 2016-01-25 23:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-10 18:54 - 2018-07-26 22:05 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:54 - 2018-07-26 22:05 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job
2019-03-10 18:53 - 2018-05-29 02:14 - 000000000 ____D C:\Users\Caro
2019-03-10 18:05 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 17:26 - 2018-04-11 18:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-10 17:22 - 2015-08-15 06:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-10 17:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-09 01:45 - 2018-07-26 22:05 - 000003802 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000003706 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009
2019-03-09 01:45 - 2018-07-26 22:05 - 000000000 ____D C:\Users\Caro\AppData\Local\GoToMeeting
2019-03-09 01:03 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 23:28 - 2017-12-15 02:08 - 000000000 ____D C:\Users\Caro\AppData\Local\PlaceholderTileLogoFolder
2019-03-07 23:28 - 2017-12-01 14:57 - 000000000 ____D C:\Users\Caro\AppData\Local\Packages
2019-03-07 23:08 - 2015-11-10 23:51 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-07 23:04 - 2018-05-29 02:26 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-07 23:04 - 2018-04-12 13:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-07 23:04 - 2018-04-12 13:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-07 22:56 - 2016-01-25 23:20 - 000000966 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-07 22:56 - 2016-01-25 23:20 - 000000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-07 22:16 - 2016-05-16 23:47 - 000000000 ____D C:\Users\Caro\AppData\Local\ElevatedDiagnostics
2019-03-06 20:12 - 2018-05-29 02:14 - 000002445 _____ C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-01 23:07 - 2018-11-16 22:28 - 000000000 ____D C:\Program Files\rempl
2019-02-23 23:35 - 2018-02-27 00:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-20 18:04 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-02-14 18:39 - 2018-05-29 02:41 - 000004026 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-14 18:39 - 2018-05-29 02:41 - 000003794 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-14 18:37 - 2018-05-29 02:06 - 000464120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 18:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 18:20 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-10 04:47 - 2017-04-10 02:31 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-02-10 03:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-02-10 03:48 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-10 03:04 - 2015-08-15 06:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-10 02:33 - 2017-04-10 02:32 - 000000000 ____D C:\ProgramData\NCH Software
2019-02-10 02:26 - 2017-04-10 02:31 - 000000000 ____D C:\Users\Caro\AppData\Roaming\NCH Software
2019-02-10 02:09 - 2018-05-29 02:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

==================== Files in the root of some directories =======

2016-10-24 20:07 - 2016-11-24 15:21 - 000000033 _____ () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2019-02-10 04:54 - 2019-02-10 04:54 - 006161408 _____ () C:\Users\Caro\AppData\Local\dump007.dat
2018-10-05 22:20 - 2018-10-05 22:20 - 000000000 _____ () C:\Users\Caro\AppData\Local\oobelibMkey.log
2019-02-10 03:49 - 2019-02-10 03:49 - 000000003 _____ () C:\Users\Caro\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\mysqld.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-29 02:06

==================== End of FRST.txt ============================

Bueno ahi conclui lo que me has pedido que realice. Te super agradezco la info y el tiempo dedicado. Te cuento que cuando la prendi hoy se activo el Malware porque esta en version premium trial y me detecto 2 troyanos. Nos vemos por aqui , te mando un saludo . Gracias

Hola @Carolina_Saggio

Seguramente por error se te pego la segunda parte del FRST en lugar del Addition.

Por favor necesito ambos, así que pegarlo en tu próxima respuesta.

La infección aun continua, usa el equipo lo menos posible, comentantes mas arriba que usas Panda pero tienes muchas entradas de McAfee??

Mientras tanto revisa tu Onedrive, especialmente elimina lo que veas con caracteres rusos o raros, aunque ya Malwarebytes elimino algo, revisa tu manualmente también archivos de este estilo:

Искать в Интернете.URL

Salu2.

Hola San , aun despierta por aqui. te pego el Adittion y te ceunto el MCAfee yo lo habia comprado y hasta que vencio y solo me quedo la parte de una extension del Chromee que hace el chequeo. Instalado tengo el panda y recien quise abrir el MSAfee y pone acceso eliminado , asi que no recuerdo si lo elimine. Una vez ingrese a unas paginas buscando libros de ingles rusas y posiblemente en la web me haya infectado.

Lo que me pides del Onedrive es las carpetas que tengo en mi pc? Revisare ahi . Gracias por estar atenta. Ahora me voy a descansar. Te deseo un muy buen martes para ti , saludos


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Caro (11-03-2019 23:28:34)
Running from C:\Users\Caro\Downloads
Windows 10 Home Single Language Version 1803 17134.590 (X64) (2018-05-29 05:43:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4145286444-108475074-2886558672-500 - Administrator - Disabled)
Caro (S-1-5-21-4145286444-108475074-2886558672-1009 - Administrator - Enabled) => C:\Users\Caro
DefaultAccount (S-1-5-21-4145286444-108475074-2886558672-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4145286444-108475074-2886558672-1005 - Limited - Enabled)
Invitado (S-1-5-21-4145286444-108475074-2886558672-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4145286444-108475074-2886558672-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Actualización de NVIDIA 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_1_0) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CD5CB679-159B-4E4C-B847-B29B492D106E}) (Version: 4.0.7929.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{ee10352e-1caf-4132-add1-3809a8ea6d43}) (Version: 4.0.7929.0 - Box Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 68.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo)
Enterprise Architect (HKLM-x32\...\{71A2AAC1-8DB5-40B4-AEF5-99C23238D37C}) (Version: 12.0.1210.14 - Sparx Systems)
Express Scribe, software para transcripciones (HKLM-x32\...\Scribe) (Version: 6.02 - NCH Software)
Gear IconX (HKLM-x32\...\Gear IconX) (Version: 2.0.170927.51 - Samsung Electronics Co, Ltd.)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 8.40.1.12023 (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\GoToMeeting) (Version: 8.40.1.12023 - LogMeIn, Inc.)
iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
iTunes (HKLM\...\{514BCD3A-B38B-4835-8B8C-69DA8C48A7A7}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.5.2624.01 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Nombre de su organización)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manuales de usuario (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.26 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4145286444-108475074-2886558672-1009\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Panel de control de NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Polar FlowSync versión 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.031214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0251 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.62.0 - Samsung Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
x86_64-5.3.0-win32-seh-rt_v4-rev0 (HKLM-x32\...\x86_64-5.3.0-win32-seh-rt_v4-rev0) (Version:  - MinGW-W64)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Caro\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{4A8FCD9F-623C-4283-96F0-10F41846A98A} -> [Box Sync] => C:\Users\Caro\Box Sync [2019-02-10 03:08]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Caro\Dropbox [2016-01-25 23:32]
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {06395f73-8d75-3c47-ac2f-93524a83ce03} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {072d2f45-ddf0-35bd-a911-38b853695def} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {88092007-0d01-3d32-a4b4-56f7e19a1c49} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {507a0531-fd10-3efc-8eb8-64e35606e542} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {b9b9e487-7684-373f-a7a2-6b04c8d772a8} => C:\Program Files\Box\Box Sync\IconOverlayClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-28] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BoxContextMenuClient] -> {53792c99-3144-3699-8968-fa4278ad3c1e} => C:\Program Files\Box\Box Sync\ContextMenuClient.DLL [2018-11-30] (Box, Inc. -> Box, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D8E194-8467-48F3-A8BE-B0C7197751E5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0AD276D0-920B-4DA2-A6C9-488E9472E393} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14FFCA24-7FEB-4F0F-BE4A-A2E06176D3CE} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {1BBE00ED-04AD-4878-B989-60536A431F13} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C8BBC1E-06BD-4516-A0EF-1C93F300DC78} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (LENOVO -> Lenovo)
Task: {2F03F9F4-39F6-4FA0-A2DE-731C685D41EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {34FEBD07-6327-4947-866D-478F20A5902D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {3EAEC50B-E51D-41CA-AB0F-E697FF87CB81} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {426AAB97-E52F-44AC-98F1-FC6A0C0E3A2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4E8805D4-8EBF-4629-8EC1-34ADCA156434} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {586157A8-2B25-451B-8B51-8303345EE681} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {705E20AC-120B-4781-9EE0-8C034F946EB9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {73C1812B-0822-4CE7-8B73-61B7EF8F0385} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7AF5003E-30F5-417A-9C94-CF8FF376811C} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {7F2AAA77-8FD0-47BA-AFF8-BC57991DE983} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
Task: {848EBB28-3284-42CC-B4CF-FE6ECBCC8A09} - System32\Tasks\S-1-5-21-4145286444-108475074-2886558672-1009\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {85C4818D-D1EA-4DB9-B38B-BF99FC2662E3} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {87D3C943-57A6-456B-BA90-C35347BDA291} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.)
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A0E5B763-191F-4993-BAC4-6AC8E87B314C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {A62CF881-4D6D-4982-8555-70A5AF2542C1} - System32\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009 => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B21855B7-6224-41CE-82F2-DFA267868E8B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B2CF33F5-A43A-4E79-B044-3C01B60D6D38} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {B9DFFC09-557F-4842-8C1F-A83EF18E7415} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C7384652-FA3F-4129-82D5-D2FDCC1A6E45} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C9F89DD1-9386-4252-B170-9F1A1545F96F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (LENOVO -> Lenovo)
Task: {E9ACBDFE-EC5A-4414-8D84-1B85C032B7EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4145286444-108475074-2886558672-1009.job => C:\Users\Caro\AppData\Local\GoToMeeting\12023\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\{8931EFDE-73C7-49A3-B6A1-FA8FAF40E1E9}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
Task: C:\WINDOWS\Tasks\{C89190C7-347E-4BF6-B85D-E4DA12014C0C}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Caro\Google Drive\Documentos_TRABAJO\TRABAJO2\info varias\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Caro\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hangouts de Google (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Caro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->   --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2013-08-27 09:32 - 2013-08-27 09:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2017-02-10 00:58 - 2016-12-29 09:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2016-10-18 17:46 - 2016-10-04 11:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-05-01 11:13 - 2016-11-14 00:11 - 000592384 _____ () [File not signed] C:\Users\Caro\AppData\Local\MEGAsync\ShellExtX64.dll
2019-02-14 19:29 - 2019-02-14 19:29 - 000931328 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\log4net\0250960b8fb57f293d3ecf997cd74192\log4net.ni.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\python27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000113664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_ctypes.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000080896 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\bz2.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001792512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_hashlib.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000128512 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32api.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000137728 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pywintypes27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000548864 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pythoncom27.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000689664 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\unicodedata.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000438784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32com.shell.shell.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001489408 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._core_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxbase30u_net_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxbase30u_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_adv_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_core_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001007104 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._gdi_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001039872 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._windows_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_html_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 001325056 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._controls_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000916992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._misc_.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 001084416 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pysqlite2._sqlite.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000149504 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32file.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000136192 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32security.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000007680 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\hashobjs_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020992 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\thumbnails_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000118784 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\usb_ext.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000047616 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_socket.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 002224640 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_ssl.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000014848 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\common.time34.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000023040 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32event.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000034304 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.conditional.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.winwrap.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000110080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.volumes.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000223232 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32gui.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000173568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_elementtree.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000169472 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\pyexpat.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000048128 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32inet.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000103424 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wx._html2.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\wxmsw30u_webview_vc90_x64.dll
2019-03-10 21:06 - 2019-03-10 21:06 - 000046080 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_psutil_windows.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000011776 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32crypt.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000301568 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\PIL._imaging.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000032256 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_multiprocessing.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 005752320 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\cello.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000026112 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\_yappi.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000044032 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32process.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000027648 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32pipe.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000010752 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\select.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000029696 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32pdh.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000038400 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.connectivity.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000073216 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\windows.device_monitor.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000020480 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32profile.pyd
2019-03-10 21:06 - 2019-03-10 21:06 - 000026624 _____ () [File not signed] C:\Users\Caro\AppData\Local\Temp\_MEI134242\win32ts.pyd
2015-08-15 06:51 - 2015-08-15 06:51 - 000815104 _____ () [File not signed] C:\Program Files\Lenovo PhoneCompanion\adb.exe
2015-08-15 06:18 - 2014-01-20 21:24 - 001179576 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
2013-08-27 08:57 - 2013-08-27 08:57 - 001199104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-10 18:05 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2015-08-15 06:51 - 2015-08-15 06:51 - 000096256 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinApi.dll
2015-08-15 06:51 - 2015-08-15 06:51 - 000060928 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinUsbApi.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2019-03-10 18:05 - 2019-02-01 10:56 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2017-03-20 00:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2016-11-28 23:04 - 2018-07-29 19:18 - 000000504 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

2.168.137.25 LGSmartTV.mshome.net # 2017 11 1 27 1 38 23 420

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Users\Caro\Documents\Software\mysql-5.7.11-winx64\MySQL\bin;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4145286444-108475074-2886558672-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.42.4.207 - 200.49.130.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6445E2B3-C093-4CC7-BC58-BC2DA17CED42}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2F2A4B23-3D83-4182-B9B1-2A3FB06E2BF3}C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\caro\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8BE0E86-CEA7-452F-BC64-BEE87368C2FB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14A8C27A-7CCA-409A-B7A8-48FB6D981D92}] => (Allow) LPort=5354
FirewallRules: [{4145152B-A374-4F0F-A876-39009026ED1F}] => (Allow) LPort=5354
FirewallRules: [{0674A708-5DEE-4861-A3BB-4BA272DB92A3}] => (Allow) LPort=5354
FirewallRules: [{27D6803F-4825-4B84-BDA6-4EE002D2DBC3}] => (Allow) LPort=5354
FirewallRules: [{DD97A0C5-8919-40FE-98A7-729325A92EF9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F906C73-765C-4552-881F-43CB181783E9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{15036AA2-E78D-4364-9416-8D5A3D062637}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6DDA5088-8A04-46B3-B968-1CBA466AADB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1EFA5A45-210F-4FA3-BC43-A97D2AECE0BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBBDDB4B-CF12-4C1E-A4EB-2074D1B375A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EA093CDC-31F8-49D4-9655-1682E93C10DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B6B033C-07C2-4858-95EB-2C591C697258}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2D0273FB-A271-48EB-8F19-AA3E18D61678}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7EB91165-18C1-48C1-AC9D-56ACA1478890}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AC9DE88E-B852-4A2E-B7E9-3E4D8D925E82}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{110771D7-3E77-4252-A90B-E16779580AB6}] => (Allow) LPort=55100
FirewallRules: [{8CA91650-DBBE-4649-8970-B657B1E21C54}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [TCP Query User{12A3A7F4-6A6B-439C-AC71-836AED5B5305}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{93E4A2C4-8ABA-45CA-8E67-CD1B5C4CD218}C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe] => (Allow) C:\users\caro\documents\software\mysql-5.7.11-winx64\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [{7361BA51-FAA9-4046-9F08-83C7C7F4F7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9269BC9-5D5C-436C-B1C9-1AB24263A7B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C527C130-C338-401B-A37E-807FCF634468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CEF4505-F8EC-40BE-A8AF-FB3CA6F5D00D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B36AC524-C865-403D-B6CE-0A822332CB9B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{8128852A-27D9-436E-A5A8-694868766F70}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{D695AC39-8CD1-4705-B275-F7D2208B81E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{6A5E8FDA-A157-4006-836B-22DF5300B1E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{440E1684-EC4E-43DF-A50D-59B0BEFD88D7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{F485ED72-1381-4C95-80C6-65E984914B0D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{8716827E-2E53-40C7-8E9C-4ECFE53D9A41}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9D76EC6-5FB7-4A05-B6CF-9F284DE8200A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3654873E-FFB1-4473-919F-8FEC82C5E7CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57E99ECD-02CA-4FDF-A583-3C1DB32AC343}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B8475F2-E966-4E9F-9C15-D8E2EF3C7FC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E0EB971-9FA2-422B-B0BC-15898F2ADA81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{75F9EDB9-69CB-4B63-A784-DCAE77C2B107}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
FirewallRules: [{C8926869-E834-4D9E-9C37-D1C7FAFE71B7}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18700AA6-4DBC-4A43-9ABE-FF55893EF0F9}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7E76F635-6C83-420E-ADAE-E11120D984C6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{309CACE3-3B76-46EE-B0EA-2A365358E90C}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CC54563-AFF5-463D-81C8-EC36B85DD458}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{128B646B-C489-4EDB-B094-6197404FE9DE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{088EAE30-D4C5-4F35-96DE-B719088158D6}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6007436F-1402-45A7-9FE8-F22AAFBDF9FF}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DCF01053-205A-4F1D-9EC6-752407EA8DFF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{8C631CE0-CE04-49F1-9EA3-D8AECD40ABF8}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{95CCCDE5-F74D-4B30-9BF1-C2E0F5FD286A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3110D8E8-9527-4D6C-B0B0-FE1DF3398503}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B78B9F83-6EE6-43B0-A035-5A8133EF4923}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{EF38372C-8C43-4A2D-95FE-00629357988D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6BEA2E63-8DA2-470C-B9A0-AEABDF21B16A}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C27330F4-EFFF-407B-9A62-10D03790C2AB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{3C580D35-09EF-4E4D-A47A-F50BD9DF2255}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{0CF69197-17C3-4F59-BAFC-1B94FB35C494}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{72796C39-C1BF-4979-AD4C-D88CA1707C01}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{D21DA473-B5EE-4DBB-9B9C-FF51A7D470EB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{2B6BC4E9-CEEF-4AA5-AF06-62B863C7144A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{C264845E-F511-4172-B9F5-85CADB7EA6C4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{0594888D-C034-4CA2-9F5C-228EE1911F48}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{69299F49-8794-453F-9CC8-7472FD35B03D}] => (Allow) C:\WINDOWS\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{98859968-459A-4920-84BB-683523FEAADF}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
FirewallRules: [{75FD8EC7-A0AA-4194-94BA-ACE306B67FE8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

18-02-2019 00:39:58 Windows Update
01-03-2019 23:04:25 Windows Update
10-03-2019 19:31:16 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2019 11:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x64c8
Hora de inicio de la aplicación con errores: 0x01d4d87a2b8d328a
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: cac1085c-e452-4c90-86c6-5c079ffd203b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22155500

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22155500

Error: (03/11/2019 11:11:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2019 04:16:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa mbam.exe, versión 3.1.0.1731, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 2a04

Hora de inicio: 01d4d83a8e7d0fc7

Hora de finalización: 60000

Ruta de la aplicación: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Identificador de informe: bdb3fc88-b5d4-452d-b022-c46cf249405c

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 04:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PickerHost.Exe, versión: 10.0.17134.1, marca de tiempo: 0x2fa59209
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x41d8
Hora de inicio de la aplicación con errores: 0x01d4d83e4141f6b1
Ruta de acceso de la aplicación con errores: C:\Windows\System32\PickerHost.Exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 04b605b1-7843-411d-99cc-8c8fa040d009
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/11/2019 04:09:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 560078

Error: (03/11/2019 04:09:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 560078


System errors:
=============
Error: (03/11/2019 11:31:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:30:43 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:30:12 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:29:41 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:29:10 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:28:08 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/11/2019 11:27:37 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: El servidor {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-03-06 20:28:42.520
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/DealPly&threatid=194668&enterprise=0
Nombre: Adware:Win32/DealPly
Id.: 194668
Gravedad: Alta
Categoría: Adware
Ruta de acceso: file:_C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\ic64.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: Lenovo-PC\Caro
Nombre de proceso: C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll\z.exe
Versión de firma: AV: 1.289.589.0, AS: 1.289.589.0, NIS: 1.289.589.0
Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-02-10 04:08:59.813
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F0E4D0A6-F5F2-40ED-9629-0B879E9F823F}
Tipo de examen: Antimalware
Parámetros de examen: Examen completo
Usuario: Lenovo-PC\Caro

Date: 2019-02-10 04:08:59.813
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Usuario
Usuario: Lenovo-PC\Caro
Nombre de proceso: Unknown
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-10 04:07:06.839
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2C2AE1-C69C-40AD-8AAD-7F100C1BB380}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB90BE6-E075-4EDB-892C-58E8AA462B5A}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-10 04:04:55.083
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Nombre: Program:Win32/Unwaders.C!ml
Id.: 242874
Gravedad: Grave
Categoría: Software potencialmente no deseado
Ruta de acceso: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.285.1247.0, AS: 1.285.1247.0, NIS: 1.285.1247.0
Versión de motor: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-03-10 17:26:27.748
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80508023
Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-02-18 00:53:46.415
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.285.1563.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-01-21 00:26:07.047
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.3310.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-12-15 20:36:14.789
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.320.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240022
Descripción del error: El programa no puede buscar actualizaciones de definiciones. 

Date: 2018-12-15 20:36:14.789
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.283.320.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80240022
Descripción del error: El programa no puede buscar actualizaciones de definiciones. 

CodeIntegrity:
===================================

Date: 2019-03-10 23:14:24.606
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-10 03:48:10.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-22 01:15:26.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-30 15:01:25.585
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-07 23:52:36.313
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-17 01:06:01.679
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-12 16:58:48.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-09-25 22:45:20.449
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 74%
Total physical RAM: 8104.27 MB
Available physical RAM: 2026.58 MB
Total Virtual: 17320.27 MB
Available Virtual: 10107.04 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.27 GB) (Free:650.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS
Drive g: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{a952e48a-011d-491b-b9cc-10f42f2f561f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{19b15c48-1489-4267-85aa-446ab421d461}\ (PBR_DRV) (Fixed) (Total:13.91 GB) (Free:3.08 GB) NTFS
\\?\Volume{edf34597-8577-491a-a98e-38b5a892180e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24332868)

Partition: GPT.

==================== End of Addition.txt ============================

esto es lo que continua del adittion . Salu2

Hola @Carolina_Saggio

Desinstala con su Herramienta Especifica >>> McAffe, por que aunque lo creas desinstalado aun se ve mucho de el.

Luego:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Caro\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-03-21]
CHR HKU\S-1-5-21-4145286444-108475074-2886558672-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S1 ZmQ1OTY5NzQ2MmViZjA0; \??\C:\WINDOWS\system32\drivers\ZmQ1OTY5NzQ2MmViZjA0 [X]
2019-02-10 04:52 - 2019-03-11 02:12 - 000000000 ____D () C:\Users\Caro\AppData\Local\Temp\ImagingEngine.dll
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {5E1F9D01-1F53-47CF-89E6-303C4E5107EC} - no filepath
Task: {A8893BE7-F8EA-4F68-AA71-446252EB2BD2} - no filepath
Task: {B8AFEEA4-E809-479B-8555-D02183ECA6F6} - no filepath
Task: {F84AE722-1E42-4351-B7BE-3DEF1499004C} - no filepath
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Lenovo:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\Plantillas personalizadas de Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Caro\OneDrive\Documentos\WBS Schedule Pro:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
FirewallRules: [{4964FC4B-F48F-4934-9E84-65641CB9287D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{AD90C594-2F9E-412E-87A3-9D49110727B6}] => (Allow) C:\Program Files (x86)\lXAYLUeDDfS.exe No File
FirewallRules: [{3AAFFCE5-D672-45B3-AAE9-051CE33B9229}] => (Allow) C:\Program Files (x86)\TZEA.exe No File
Task: {A8095E53-C258-4B9F-AC53-55A50622B67D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8C4298DB-5950-4E87-AC81-36679A0AF032} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4145286444-108475074-2886558672-1009_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Caro\AppData\Local\GoToMeeting\8953\G2MOutlookAddin64.dll => No File
2019-02-10 03:48 - 2019-02-18 01:07 - 000000000 ____D C:\Users\Caro\AppData\Local\Mail.Ru
2019-02-10 03:48 - 2019-02-10 03:48 - 000000000 ____D C:\ProgramData\Mail.Ru

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Hola San , como estas? Espero que bien, gracias por tu respuesta.

Te cuento que cada vez que quiero entrar al ONEDRIVE que me marcaste en el msj anterior la pc se me queda tildada " no responde" no pudiendo ingresar a la carpeta para ir a borrar documentos escritos en ruso por lo cual eso no pude hacerlo , que fue un pedido tuyo, ya que no puedo acceder a ninguna carpeta y a simple vista no se ve nada raro.

En una carpeta de ingles tengo unos archivos de audio que estan escritos “15 Ścieżka 15” pero a esa carpeta sí puedo acceder y no a onedrive.

Luego desde configuracion si vi que MCAffe tenia un aceeso Web advisor y una parte que no se desinstalaba por lo que termine bajando el desinstalador y ejecutandolo y lo elimino completamente.

Ahora bien cuanbdo corro el CCLeaner se me queda tildado y no avanza al 13 % , cosa que ayer habia ocurrido lo mismo. Cuando lo inicio pasa que me pide una actualizacion, y cuando accedo a la pagina me pide comprar asi no lo actualizo, no se porque me ocurre eso. Y tarda una eternidad siendo que habia sido ejecutado ayer. Con lo que me genera la duda si esta borrando lo que esta tildado que borre porque en la paelera de reciclaje no borro nada automaticamente por lo que acabo de chequear recien manualmente.

Asi que creo no esta funcionando … que hago ? porque en el paso del enlace de desinstalacion del antivirus dice que ay que ejecutar el CCLeaner para limpiar los archivos.

Aun no ejecute el DELFIX, pero quisiera saber tu opinion al respecto ya que eres quien sabe de estas coas… y muy agradecida por ello . Un beso espero tu comentario :star_struck:

Hola Caro:

Todo bien por aqui :+1: .

No te preocupes, te dejo un enlace que yo utilizo habitualmente, cuando el programa anuncia que hay nueva versión, no actualizo directamente desde el programa si no que voy a la pagina, y me evito las confusiones de las publicidades pidiéndote que lo compres, guárdala en tus marcadores o bien la encuentras buscando en Google escribiendo Cclener + build.:+1:

La instalas, ejecutas y sigues con los pasos.

Sobre Ondrive, logueate con tu cuenta desde tu navegador, y revisa si desde allí puedes eliminar los archivos que comentas.

Salu2.

Querida San, elimine el CCLeaner que tenia instalado, descargue el de la pagina que me dijiste y me vuelve a pasar lo mismo, se queda en el 13% tildado ahi , por ahora lleva como 2 horas ahi, y no avanza. Si me das el ok sigo con los pasos del DELFIX sin terminar lo de la limpieza.

Por otro lado abri online el ONEDRIVE sin ningun problema y no veo en la nube nada raro. Tu me habias dicho que veias archivos con escritura en ruso… yo aqui no veo nada. Por otro lado cuando accedo adonde esta esta la carpeta en mi equipo, al onedrive y paso el cursor por encima tilda la pc y no me deja abrir ningun archivo . Respecto a los archivos de musica escritos con z y algun caracter raro estan en la nube y en mi equipo y son audios de ingles que necesito y que habia bajado. Pero no estan en onedrive sino en box- De acuerdo a lo que me indiques continuo Saludos

Hola:

Sigue con los pasos de DelFix y el Fixlist, luego eliminaremos los otros restos y veremos lo de Ccleaner.

Salu2.

Hola San como andas? Pcon un monton de problemas para descargar el DELFIX , ya que no se porque no lo quiere descargar en el escritorio y ademas el escritorio se ve sin iconos— Cuando termino de ejecutarse me mostro un mensaje sin info… esta bien? Te copio y pego el Registro


# DelFix v1.013 - Logfile created 16/03/2019 at 01:58:30
# Updated 17/04/2016 by Xplode
# Username : Caro - LENOVO-PC
# Operating System : Windows 10 Home  (64 bits)

~ Creating registry backup ... OK

########## - EOF - ##########

Hasta aca el DElFIX no se porque no me lo descarga en el escritorio … ninguno pude y ahora quiero bajar el FIXLIST y no me anda la pagina ´para poder descargarlo … estoy teniendo muchos problemas , primero pense que era internet pero con la descarga y que el escritorio se ve raro tal vez sea pc. La pregunta es si sirve tener el software de la carpeta de descarga y no en el escritorio … quise cambiarle el lugar donde descargar pero algo impide bajarlo con el DELFIX me fue imposible, por eso tarde tanto en responderte Sandra. Te mando un beso y que tengas un hermoso fin de semana

Hola Caro:

Puedes descargar cualquier ejecutable a la carpeta Descargas y luego lo seleccionas con un clic, presionas botón derecho sobre el >>> cortar, y lo pegas en el escritorio.

Delfix esta perfecto.

quise cambiarle el lugar donde descargar pero algo impide bajarlo

Seguramente tu navegador esta configurado para que todo se descargue allí.

Solo tienes que copiar y pegar el Fixlist a un notepad, lee bien los pasos.

Ya hace tres días que te lo indique y te podrías estar re-infectando.

Salu2

Hola, hice lo de copiar y pegar y funciono , pero el txt no me responde al guardar … esto esta andando muy mal y no me deja trabajar, si no lo hubiera antes Sandra… la maquina no responde… aparentemente el explorador de windows. Creo que el problema es que guarda una copia en el onedrive y si esa carpeta esta infectada en mi pc , cada vez que quiero guardar algo lo hace en ese lugar … desactive la sincronizacion con Onedrive pero aun asi el guardar como NO FUNCIONA por lo que no me deja guardar el archivo txt que tengo que guardar para ejecutar el FRST — ¿como lo soluciono?