Y el otro de FRST que dice Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Abel (28-09-2019 11:53:17)
Running from C:\Users\Abel\Pictures
Windows 10 Pro Version 1809 17763.737 (X64) (2018-12-29 20:17:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Abel (S-1-5-21-2873761170-1005967962-895602886-1001 - Administrator - Enabled) => C:\Users\Abel
Administrador (S-1-5-21-2873761170-1005967962-895602886-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2873761170-1005967962-895602886-503 - Limited - Disabled)
Invitado (S-1-5-21-2873761170-1005967962-895602886-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2873761170-1005967962-895602886-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Small Office Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Small Office Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Small Office Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_4) (Version: 19.1.4 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.50.2058, 27.12.2017 - AIMP DevTeam)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.9.2 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.1.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{D19DBA3B-7451-49DB-98C4-E22F824663D9}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Chrome (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Kaspersky Small Office Security (HKLM-x32\...\{C0758BA0-EC9D-4A07-AADE-105376FC82FC}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Small Office Security (HKLM-x32\...\InstallWIX_{C0758BA0-EC9D-4A07-AADE-105376FC82FC}) (Version: 19.0.0.1088 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 Business - es-es (HKLM\...\O365BusinessRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Teams) (Version: 1.2.00.17057 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Server versión 1.7.7.7 (HKLM-x32\...\{7AFAA880-BB05-4E38-9279-C53EECE1B7BE}_is1) (Version: 1.7.7.7 - Necta Inc.)
Mozilla Firefox 69.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 69.0.1 (x64 es-ES)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.6.1 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Opera GX Stable 63.0.3368.55666 (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Opera GX 63.0.3368.55666) (Version: 63.0.3368.55666 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Spotify (HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\Spotify) (Version: 1.1.16.522.g55a4b852 - Spotify AB)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.6.2452 - TeamViewer)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Packages:
=========
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2058.0_x64__rz1tebttyb220 [2019-09-04] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-29] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-30] (Microsoft Studios) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-10] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{04271989-C4D2-3EB8-757D-69A08D751E9F} -> [OneDrive - Aqua Ril S.A] => E:\OneDrive\OneDrive - Aqua Ril S.A.C [2018-12-30 17:41]
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{04271989-C4D2-FFB7-356B-CBCDD8C5F7BE} -> [Aqua Ril S.A] => E:\OneDrive\Aqua Ril S.A.C [2019-01-16 19:44]
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Abel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Abel\AppData\Local\Google\Chrome\Application\70.0.3538.110\notification_helper.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Abel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873761170-1005967962-895602886-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-29] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-29] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 19.0.0\x64\ShellEx.dll [2019-04-18] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2019-01-08 12:54 - 2019-01-08 12:54 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-09-10 17:47 - 2019-09-10 17:47 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:54 - 2019-01-08 12:54 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:55 - 2019-01-08 12:55 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\sharepoint.com -> hxxps://aquaril-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\Control Panel\Desktop\\Wallpaper -> E:\Mis Imágenes\bakemonogatari_forest_by_jaredharper-d4lnqvl.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2873761170-1005967962-895602886-1001\...\StartupApproved\Run: => "Parsec.App.0"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{17AD1BE5-671F-4CAC-93E4-AE20BF56B237}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{995BCC29-719D-4794-ADE2-32A5EE03B56D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E065F7A7-A345-42F1-B27C-478409B20A85}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{997967E9-EF74-4557-9CDA-69A75341150D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4F6598DF-D5FE-4E68-AD0E-C5DB986735C0}] => (Allow) E:\Juegos\Dota2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{1721B874-FF84-48AB-8993-6599F03A57A1}] => (Allow) E:\Juegos\Dota2\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{20DCBF95-222B-4CCB-9886-672559C43FA2}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{87926216-FEA0-4F67-9974-78D0A93407A7}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{94CE78A4-770B-446C-9AF4-38529E19558E}] => (Allow) E:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{518F443C-AEE3-4EB3-A855-E921FC00C62C}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
FirewallRules: [{CCAB0711-DE12-4AB6-9CD0-770C9996F59B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D4D3586E-CE41-4DB6-B73B-FF12427A89F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7792331D-F376-44E4-B601-C090D6081FC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6AD33158-8560-44E7-A712-5E6DF36F0D7F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{C3CFE68F-7191-44F9-B2E7-7D384C11984F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{D89F5677-845A-4B11-BDCE-377948F1D212}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{541E397B-9E1F-47F5-8ACA-1910FD9D0409}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7AEE78F-08BE-434F-8BED-080233CD53DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A1CF93A-AC11-474B-A13E-AAC645A2D582}] => (Allow) E:\Juegos\Dota2\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{6F93DC1B-F95C-4DF4-86CC-C38B773C3D3D}] => (Allow) E:\Juegos\Dota2\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{89AD6D5B-710B-4CF2-ABF8-8377100024D7}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{09618E68-3BC6-4200-9C41-5830F81D01AC}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{282AFC14-EB89-4B2F-8669-894EA6A20FF4}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BBB632A5-B418-48B0-ACCB-9E1D926476AA}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B2F2EE4C-4C1D-4F40-B8AA-369376198FD7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A2E62E98-4BC6-407B-AA52-1363DA9FFABB}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{021FCE67-3DB8-47E0-A9BE-2D0FD16B7182}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{99D3E950-613F-44C7-8EAC-B4300B894BF0}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [UDP Query User{2F42976D-ADB1-498D-A4F5-23553F34B890}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [TCP Query User{CD9FA41F-B5DE-4CD3-99C4-548E82AC295C}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{58183B5D-DC6F-4FD5-93F8-C44F1B425C29}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{79035C44-8B3F-4AA9-A7EE-F4CE46BA600F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E48ECB47-13ED-46B1-B9CB-F1FB95F0BD2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FD955571-CFE4-4A7D-8CB3-87288391AD0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DF44D4AC-3A7C-4833-AC34-5EEB64464F3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{A40FDFA5-35F8-49DE-9FF3-3EF6C5AB5A59}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C035DF4C-7BA4-4B90-B1B0-2D84173DAD1E}C:\users\abel\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{77712D1C-D228-4C9C-8F1C-E8F9B7938684}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [UDP Query User{EE6DC7D8-73CA-411C-8620-E4E68E9D6809}C:\program files (x86)\mouse server\mouseserver.exe] => (Block) C:\program files (x86)\mouse server\mouseserver.exe (wifimouse.necta.us) [File not signed]
FirewallRules: [{81CADE1A-896D-47EA-8D56-BC5A28937A57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
21-09-2019 23:17:20 Punto de control programado
28-09-2019 11:48:23 ZHPcleaner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/27/2019 10:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1840, marca de tiempo: 0x5d5c13ae
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Identificador del proceso con errores: 0x2fc0
Hora de inicio de la aplicación con errores: 0x01d575afbcf267e5
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: 3d2567d4-8f8e-4002-8ce1-f933d42a99a7
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (09/27/2019 10:51:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.17763.1, marca de tiempo: 0x1244354f
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x1a1c
Hora de inicio de la aplicación con errores: 0x01d575b00955a8d6
Ruta de acceso de la aplicación con errores: C:\Windows\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 252d24d6-9b48-4ddd-be7e-00602c6db2a2
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge
Error: (09/27/2019 10:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Spotify.exe, versión: 1.1.16.522, marca de tiempo: 0x5d84002a
Nombre del módulo con errores: Spotify.exe, versión: 1.1.16.522, marca de tiempo: 0x5d84002a
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x001371fc
Identificador del proceso con errores: 0x32d0
Hora de inicio de la aplicación con errores: 0x01d575ac66fb7a3f
Ruta de acceso de la aplicación con errores: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
Ruta de acceso del módulo con errores: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
Identificador del informe: d2a89e80-0a3c-4c1f-b286-ee5c74eaaca8
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (09/19/2019 09:33:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (09/15/2019 02:28:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Spotify.exe (versión 1.1.15.448) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.
Id. de proceso: 2678
Hora de Inicio: 01d56bf166faf096
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Users\Abel\AppData\Roaming\Spotify\Spotify.exe
Id. de informe: adc07e81-7f56-43ff-9083-d3f5e92e3491
Nombre completo del paquete con errores:
Id. de la aplicación relativa al paquete con errores:
Tipo de bloqueo: Cross-thread
Error: (09/15/2019 12:47:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) No puede encontrar el objeto o propiedad
Error: (09/15/2019 12:47:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) No puede encontrar el objeto o propiedad
Error: (09/08/2019 03:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MicrosoftEdgeSH.exe, versión: 11.0.17763.1, marca de tiempo: 0x1244354f
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000000000000008c
Identificador del proceso con errores: 0x6d4
Hora de inicio de la aplicación con errores: 0x01d56682c2bcd59b
Ruta de acceso de la aplicación con errores: C:\Windows\system32\MicrosoftEdgeSH.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: b6d1b59f-66e7-423e-88a2-e7a68fec440a
Nombre completo del paquete con errores: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Identificador de aplicación relativa del paquete con errores: MicrosoftEdge
System errors:
=============
Error: (09/28/2019 11:49:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/28/2019 11:46:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/28/2019 11:45:33 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/28/2019 12:14:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/27/2019 11:24:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/27/2019 11:18:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/27/2019 11:08:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (09/27/2019 10:51:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9QVTFHA)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-9QVTFHA\Abel con SID (S-1-5-21-2873761170-1005967962-895602886-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Windows Defender:
===================================
Date: 2019-01-06 14:06:29.261
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {9E10981B-CD02-4552-ACC8-F3574DD1A5BD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-01-06 13:59:02.880
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {49309E73-50AB-41B1-B686-404BFE44FFED}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2018-12-31 18:30:59.904
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nombre: HackTool:Win64/AutoKMS
Id.: 2147723334
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.1927.0, AS: 1.283.1927.0, NIS: 1.283.1927.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-31 15:04:40.562
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B3E29B6D-C8EA-4CCD-BAA1-2C8EDCD29AF1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2018-12-31 14:51:28.562
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F2426844-D20A-45B0-A11D-044C38E6800B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
CodeIntegrity:
===================================
Date: 2019-09-27 22:53:01.711
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:52:13.085
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:52:06.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:51:56.089
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:51:55.931
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:51:40.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-09-27 22:25:39.986
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-27 22:25:39.970
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3802 03/15/2018
Motherboard: ASUSTeK COMPUTER INC. Z170-A
Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 23%
Total physical RAM: 16323.13 MB
Available physical RAM: 12472.8 MB
Total Virtual: 18883.13 MB
Available Virtual: 12481.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.97 GB) (Free:21.1 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:465.54 GB) NTFS
Drive e: (Nuevo vol) (Fixed) (Total:1863 GB) (Free:1648.08 GB) NTFS
\\?\Volume{244d57ef-2b7a-4de9-a718-0c93066eefe2}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{a6855e64-eff7-4ff5-8fa7-7819e1775849}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 9E0F88FC)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: CCC25131)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================