Buenas noches, quise descargar un programa y cuando abrí un .rar automáticamente se me abrieron e instalaron miles de programitas y la pc ya está toda infectada. Todos mis íconos en el escritorio tienen .Ink.moresa de “extensión”. Pasé el malwarebyte y me reconoció más de 300 malwares y los eliminé pero el problema sigue estando. Desde ya agradezco su ayuda. Les mando los datos de mi PC: Windows 7 ultimate SP 1 Procesador AMD FX™-8320 Eight-core 3.50GHz RAM 8GB Sistema operativo de 64bits
Hola @Hellfield bienvenid@ al nuevo foro
Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:
1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.
- Realiza un Análisis de amenazas, actualizando si te lo pide.
- Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
- En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.
2) Descarga AdwCleaner | InfoSpyware en el escritorio.
- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
- Cierra también todos los programas que tengas abiertos.
- Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
- Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
- Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
- Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
- El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt
3) Descarga CCleaner
- Instala Ccleaner
- Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
- Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
- Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.
Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.
¿Cómo pegar reportes en el foro?
Un saludo
Buenas de nuevo, muchas gracias por darme una mano. Pasé todos los programas que me dijiste, la pc me sigue abriendo programas raros y el malwarebyte me bloquea varias ventanas que quieren abrirse solas. Los íconos del escritorio siguen saliendo con la extensión y están en blanco (el ícono es una hoja en blanco). Te pego los reportes de los programas para que los veas. Muchas gracias
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 22/4/19
Hora del análisis: 19:56
Archivo de registro: e076be5c-6551-11e9-bd07-003067f87a72.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10282
Licencia: Prueba
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Cristian-PC\Cristian
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 472189
Amenazas detectadas: 331
Amenazas en cuarentena: 331
Tiempo transcurrido: 2 hr, 28 min, 8 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 15
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [3702], [667274],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [3702], [447063],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [3702], [521959],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE\SET.EXE, En cuarentena, [376], [379533],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\PREFSSECURE\NETTRANS.EXE, En cuarentena, [376], [377398],1.0.10282
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, En cuarentena, [0], [392687],1.0.10282
Adware.ICLoader, C:\PROGRAMDATA\LOCALNETSERVICE\LOCALNETSERVICE.EXE, En cuarentena, [460], [673215],1.0.10282
Adware.Zdengo, C:\PROGRAM FILES\NJBKNGZIMGZ\MZA1YZQY.EXE, En cuarentena, [510], [671707],1.0.10282
DDoSTool.Yoddos, C:\WINDOWS\SYSACMK.EXE, En cuarentena, [12145], [673263],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\TOLNIX\TOLNIX.EXE, En cuarentena, [376], [475745],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\ZNLUFFOD6K\ZNLUFFOD6.EXE, En cuarentena, [2905], [648561],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\NDDKOI19RX\NDDKOI19R.EXE, En cuarentena, [2905], [648561],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [0], [392686],1.0.10282
Módulo: 17
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [3702], [667274],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [3702], [447063],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [3702], [521959],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE\SET.EXE, En cuarentena, [376], [379533],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\PREFSSECURE\NETTRANS.EXE, En cuarentena, [376], [377398],1.0.10282
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, En cuarentena, [0], [392687],1.0.10282
Adware.ICLoader, C:\PROGRAMDATA\LOCALNETSERVICE\LOCALNETSERVICE.EXE, En cuarentena, [460], [673215],1.0.10282
Adware.Zdengo, C:\PROGRAM FILES\NJBKNGZIMGZ\MZA1YZQY.EXE, En cuarentena, [510], [671707],1.0.10282
DDoSTool.Yoddos, C:\WINDOWS\SYSACMK.EXE, En cuarentena, [12145], [673263],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE\X86\SQLITE.INTEROP.DLL, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\TOLNIX\TOLNIX.EXE, En cuarentena, [376], [475745],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\ZNLUFFOD6K\ZNLUFFOD6.EXE, En cuarentena, [2905], [648561],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\NDDKOI19RX\NDDKOI19R.EXE, En cuarentena, [2905], [648561],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [0], [392686],1.0.10282
Adware.Zdengo.Generic, C:\WINDOWS\WMVUOCIUKJTU.JMV, En cuarentena, [9688], [608505],1.0.10282
Clave del registro: 56
Adware.FastDataX, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\FastDataX, En cuarentena, [3944], [484533],1.0.10282
Adware.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\mtTolnix, En cuarentena, [804], [662637],1.0.10282
PUP.Optional.Wajam, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\WajIEnhance, En cuarentena, [199], [244670],1.0.10282
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [199], [-1],0.0.0
PUP.Optional.Linkury, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, En cuarentena, [252], [259313],1.0.10282
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, En cuarentena, [7122], [509886],1.0.10282
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, En cuarentena, [460], [584322],1.0.10282
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, En cuarentena, [460], [518478],1.0.10282
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, En cuarentena, [460], [518476],1.0.10282
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, En cuarentena, [460], [518473],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A12F34F-60A9-4A92-B57D-5A22A4C3F99E}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{0A12F34F-60A9-4A92-B57D-5A22A4C3F99E}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Delayed, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{05D3483F-FA3D-4D26-A0E1-672CB885FC2D}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{05D3483F-FA3D-4D26-A0E1-672CB885FC2D}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Monitor, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, En cuarentena, [822], [259989],1.0.10282
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, En cuarentena, [460], [518479],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9DC7483D-BFCB-4321-849C-3BA1F73D8B84}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9DC7483D-BFCB-4321-849C-3BA1F73D8B84}, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, En cuarentena, [636], [241385],1.0.10282
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtTolnix, En cuarentena, [804], [662642],1.0.10282
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, En cuarentena, [7122], [509886],1.0.10282
Adware.FastDataX.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FastDataX_is1, En cuarentena, [2127], [407193],1.0.10282
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKLH, En cuarentena, [376], [379533],1.0.10282
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTRANS, En cuarentena, [376], [377398],1.0.10282
Adware.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TOLNIX, En cuarentena, [804], [662638],1.0.10282
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Tolnix_RASAPI32, En cuarentena, [804], [662640],1.0.10282
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Tolnix_RASMANCS, En cuarentena, [804], [662640],1.0.10282
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C820E28E-EA5E-49DF-93E6-9110D4EAB5A0}, En cuarentena, [252], [239939],1.0.10282
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, En cuarentena, [822], [259928],1.0.10282
MachineLearning/Anomalous.100%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Monitor, En cuarentena, [0], [392687],1.0.10282
MachineLearning/Anomalous.100%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{05D3483F-FA3D-4D26-A0E1-672CB885FC2D}, En cuarentena, [0], [392687],1.0.10282
MachineLearning/Anomalous.100%, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{05D3483F-FA3D-4D26-A0E1-672CB885FC2D}, En cuarentena, [0], [392687],1.0.10282
Adware.ICLoader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\localNETService, En cuarentena, [460], [673215],1.0.10282
Adware.Zdengo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NjBkNGZiMGZ, En cuarentena, [510], [671707],1.0.10282
DDoSTool.Yoddos, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VMware Snapshot Provider., En cuarentena, [12145], [673263],1.0.10282
Adware.Zdengo.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NDMzNDI0M, En cuarentena, [9688], [608505],1.0.10282
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Opera scheduled Autoupdate 711520318, En cuarentena, [3706], [544757],1.0.10282
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE84885C-DFBA-487E-85D9-44C4DA4413C5}, En cuarentena, [3706], [544757],1.0.10282
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AE84885C-DFBA-487E-85D9-44C4DA4413C5}, En cuarentena, [3706], [544757],1.0.10282
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [199], [170024],1.0.10282
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [199], [170024],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Delayed, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A12F34F-60A9-4A92-B57D-5A22A4C3F99E}, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{0A12F34F-60A9-4A92-B57D-5A22A4C3F99E}, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9DC7483D-BFCB-4321-849C-3BA1F73D8B84}, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9DC7483D-BFCB-4321-849C-3BA1F73D8B84}, En cuarentena, [0], [392686],1.0.10282
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{6KDIZ9AD-3VFC-4344-UI1H-I9OIH1TGDZ5M}, En cuarentena, [14544], [555894],1.0.10282
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{84AE1F9F-0F2E-4A7B-8906-9614A548E53A}, En cuarentena, [14544], [555894],1.0.10282
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{84AE1F9F-0F2E-4A7B-8906-9614A548E53A}, En cuarentena, [14544], [555894],1.0.10282
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En cuarentena, [199], [170024],1.0.10282
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, En cuarentena, [2818], [474048],1.0.10282
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, En cuarentena, [2554], [-1],0.0.0
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, En cuarentena, [2554], [-1],0.0.0
Valor del registro: 38
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [804], [-1],0.0.0
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [804], [-1],0.0.0
Adware.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\ENVIRONMENT|SNF, En cuarentena, [804], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [199], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [199], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, En cuarentena, [199], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [199], [-1],0.0.0
PUP.Optional.Linkury, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, En cuarentena, [252], [259313],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, En cuarentena, [822], [259988],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\ENVIRONMENT|SNP, En cuarentena, [822], [259518],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\ENVIRONMENT|SNF, En cuarentena, [822], [259517],1.0.10282
Adware.Tuto4PC.Generic, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8156131, En cuarentena, [3702], [667274],1.0.10282
Adware.Tuto4PC.Generic, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FMW1TLHJHULUP66, En cuarentena, [3702], [392931],1.0.10282
Adware.Tuto4PC.Generic, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|995276, En cuarentena, [3702], [447063],1.0.10282
Adware.Tuto4PC.Generic, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|G41D0ZLI8756ZQ0, En cuarentena, [3702], [392931],1.0.10282
Adware.Tuto4PC.Generic, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|4543399, En cuarentena, [3702], [521959],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, En cuarentena, [822], [259987],1.0.10282
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, En cuarentena, [822], [259989],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{05D3483F-FA3D-4D26-A0E1-672CB885FC2D}|PATH, En cuarentena, [636], [258705],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A12F34F-60A9-4A92-B57D-5A22A4C3F99E}|PATH, En cuarentena, [636], [258705],1.0.10282
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9DC7483D-BFCB-4321-849C-3BA1F73D8B84}|PATH, En cuarentena, [636], [258705],1.0.10282
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_, En cuarentena, [712], [314799],1.0.10282
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKLH|IMAGEPATH, En cuarentena, [376], [379533],1.0.10282
Adware.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTRANS|IMAGEPATH, En cuarentena, [376], [377398],1.0.10282
Adware.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TOLNIX|IMAGEPATH, En cuarentena, [804], [662638],1.0.10282
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, En cuarentena, [252], [259314],1.0.10282
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C820E28E-EA5E-49DF-93E6-9110D4EAB5A0}|PUBLISHER, En cuarentena, [252], [239939],1.0.10282
Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCALNETSERVICE|IMAGEPATH, En cuarentena, [98], [603754],1.0.10282
Adware.Csdimonetize, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FMW1TLHJHULUP66, En cuarentena, [2905], [648561],1.0.10282
Adware.Csdimonetize, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|G41D0ZLI8756ZQ0, En cuarentena, [2905], [648561],1.0.10282
Generic.Malware/Suspicious, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8156131, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|995276, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|4543399, En cuarentena, [0], [392686],1.0.10282
Adware.Tuto4PC, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|6&v7QiZo6T.exe, En cuarentena, [2818], [507905],1.0.10282
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallWhitelist|1, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\ExtensionInstallWhitelist|1, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|eilodkapobdpekjngcndglmbamdlmjim, En cuarentena, [2554], [641228],1.0.10282
PUP.Optional.BazzSearch, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|inafjghmmkmiobijhbgkfekenbfbklhb, En cuarentena, [223], [470343],1.0.10282
Datos del registro: 7
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Sustituido, [822], [293486],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Sustituido, [822], [293485],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [822], [293485],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Sustituido, [822], [293485],1.0.10282
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Sustituido, [822], [293485],1.0.10282
PUP.Optional.Linkury, HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Sustituido, [252], [293476],1.0.10282
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Sustituido, [252], [293477],1.0.10282
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 24
Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\DENTOBAM, En cuarentena, [14576], [444931],1.0.10282
Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX, En cuarentena, [2127], [407194],1.0.10282
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER, En cuarentena, [2818], [474048],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\_metadata, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EILODKAPOBDPEKJNGCNDGLMBAMDLMJIM, En cuarentena, [2554], [641228],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\_metadata, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\icons, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\INAFJGHMMKMIOBIJHBGKFEKENBFBKLHB, En cuarentena, [223], [470343],1.0.10282
Adware.Wajam, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\QZY42ZGP.EDN, En cuarentena, [509], [450113],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\WL, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care, En cuarentena, [636], [178764],1.0.10282
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\ZNLUFFOD6K, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\NDDKOI19RX, En cuarentena, [3702], [357599],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\X64, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\X86, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble, En cuarentena, [376], [431817],1.0.10282
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE, En cuarentena, [636], [241379],1.0.10282
Adware.Linkury, C:\ProgramData\PrefsSecure, En cuarentena, [376], [377396],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\ondemand, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix, En cuarentena, [804], [662636],1.0.10282
Adware.Wajam, C:\WINDOWS\SYSWOW64\SSL, En cuarentena, [509], [533889],1.0.10282
Archivo: 174
Adware.Zdengo, C:\Windows\System32\drivers\OWM0MzUzYzQwYm, En cuarentena, [510], [671707],0.0.0
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [3702], [667274],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [3702], [447063],1.0.10282
Adware.Tuto4PC.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [3702], [521959],1.0.10282
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ONE SYSTEM CARE DELAYED, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ONE SYSTEM CARE MONITOR, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, C:\WINDOWS\TASKS\ONE SYSTEM CAREPERIOD.job, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ONE SYSTEM CAREPERIOD, En cuarentena, [636], [241385],1.0.10282
PUP.Optional.Tuto4PC, C:\PROGRAM FILES\BONJOUR\Z718EE2\QZHMQP3+&Y.EXE, En cuarentena, [712], [314799],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE\SET.EXE, En cuarentena, [376], [379533],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\PREFSSECURE\NETTRANS.EXE, En cuarentena, [376], [377398],1.0.10282
Adware.Linkury.ACMB1, C:\PROGRAMDATA\TOLNIX\TOLNIX.DAT, En cuarentena, [804], [662638],1.0.10282
MachineLearning/Anomalous.100%, C:\WINDOWS\SYSTEM32\TASKS\One System Care Monitor, En cuarentena, [0], [392687],1.0.10282
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\CLEANUPCONSOLE.EXE, En cuarentena, [0], [392687],1.0.10282
Adware.ICLoader, C:\PROGRAMDATA\LOCALNETSERVICE\LOCALNETSERVICE.EXE, En cuarentena, [460], [673215],1.0.10282
Adware.Zdengo, C:\PROGRAM FILES\NJBKNGZIMGZ\MZA1YZQY.EXE, En cuarentena, [510], [671707],1.0.10282
DDoSTool.Yoddos, C:\WINDOWS\SYSACMK.EXE, En cuarentena, [12145], [673263],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\LOGIC CRAMBLE\X86\SQLITE.INTEROP.DLL, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\PROGRAMDATA\TOLNIX\TOLNIX.EXE, En cuarentena, [376], [475745],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\ZNLUFFOD6K\ZNLUFFOD6.EXE, En cuarentena, [2905], [648561],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\NDDKOI19RX\NDDKOI19R.EXE, En cuarentena, [2905], [648561],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\EVILAD.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\ARRPHAQ1PF2\K45TDYH0FYO.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\ROAMING\WBY11IBBM2L\XY2WGP2P1XV.EXE, En cuarentena, [0], [392686],1.0.10282
Adware.Zdengo.Generic, C:\WINDOWS\WMVUOCIUKJTU.JMV, En cuarentena, [9688], [608505],1.0.10282
Adware.Tuto4PC, C:\PROGRAM FILES\BONJOUR\Z718EE2\6&V7QIZO6T.EXE, En cuarentena, [2818], [507905],1.0.10282
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\Opera scheduled Autoupdate 711520318, En cuarentena, [3706], [544757],1.0.10282
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\One System Care Delayed, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\WINDOWS\TASKS\One System CarePeriod.job, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\One System CarePeriod, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\ONESYSTEMCARE.EXE, En cuarentena, [0], [392686],1.0.10282
Trojan.StartPage.BatBitRst, C:\WINDOWS\TASKS\{6KDIZ9AD-3VFC-4344-UI1H-I9OIH1TGDZ5M}.job, En cuarentena, [14544], [555894],1.0.10282
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{6KDIZ9AD-3VFC-4344-UI1H-I9OIH1TGDZ5M}, En cuarentena, [14544], [555894],1.0.10282
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En cuarentena, [14544], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En cuarentena, [14544], [-1],0.0.0
Adware.Linkury.TskLnk, C:\PROGRAM FILES (X86)\COMMON FILES\DENTOBAM\INSTALLATIONCONFIGURATION.XML, En cuarentena, [14576], [444931],1.0.10282
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Dentobam\uninstall.dat, En cuarentena, [14576], [444931],1.0.10282
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Dentobam\uninstall.exe, En cuarentena, [14576], [444931],1.0.10282
Adware.Linkury.TskLnk, C:\Program Files (x86)\Common Files\Dentobam\uninstall.ico, En cuarentena, [14576], [444931],1.0.10282
Adware.FastDataX.EncJob, C:\PROGRAM FILES (X86)\FASTDATAX\UNINS000.DAT, En cuarentena, [2127], [407194],1.0.10282
Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\qeqpx.dll, En cuarentena, [2127], [407194],1.0.10282
Adware.FastDataX.EncJob, C:\Program Files (x86)\FastDataX\unins000.exe, En cuarentena, [2127], [407194],1.0.10282
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MULTITIMER\UNINS000.DAT, En cuarentena, [2818], [474048],1.0.10282
Adware.Tuto4PC, C:\Program Files (x86)\Multitimer\unins000.exe, En cuarentena, [2818], [474048],1.0.10282
Adware.Adposhel, C:\PROGRAM FILES (X86)\ONESYSTEMCARE\OMAP.DLL, En cuarentena, [496], [672072],1.0.10282
Adware.Neoreklami.ChrPRST, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\EILODKAPOBDPEKJNGCNDGLMBAMDLMJIM\1.0.0.0_0\MANIFEST.JSON, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\_metadata\verified_contents.json, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\background.js, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\icon.png, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\icon48.png, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\jquery-1.8.3.min.js, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\m_inc.js, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\popup.html, En cuarentena, [2554], [641228],1.0.10282
Adware.Neoreklami.ChrPRST, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilodkapobdpekjngcndglmbamdlmjim\1.0.0.0_0\popup.js, En cuarentena, [2554], [641228],1.0.10282
PUP.Optional.BazzSearch, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\USERS\CRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\INAFJGHMMKMIOBIJHBGKFEKENBFBKLHB\2.0.2_0\MANIFEST.JSON, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\icons\128x128.png, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\icons\16x16.png, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\icons\favicon.ico, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\_metadata\computed_hashes.json, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\_metadata\verified_contents.json, En cuarentena, [223], [470343],1.0.10282
PUP.Optional.BazzSearch, C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\inafjghmmkmiobijhbgkfekenbfbklhb\2.0.2_0\background.js, En cuarentena, [223], [470343],1.0.10282
Adware.Csdimonetize, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\JP51HRSHP2M\5J2L55T12R2.EXE, En cuarentena, [2905], [617668],1.0.10282
Spyware.Socelars, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\ULJW4B1GSJM\SETUP.EXE, En cuarentena, [669], [669486],1.0.10282
Spyware.Socelars, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\5NRGNLHL.22X\SETUP.EXE, En cuarentena, [669], [669486],1.0.10282
Trojan.Dropper, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\MCF0CJHF.1YL\DREAMTRIPS_MIX.EXE, En cuarentena, [739], [653844],1.0.10282
Adware.Csdimonetize, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\C5OD1Y1Z4AB\SLJPEXG0CIY.EXE, En cuarentena, [2905], [617668],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\BMDMKG2B.YFH\GCLEANER.EXE, En cuarentena, [0], [392686],1.0.10282
Adware.Csdimonetize, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IIPEONHDWWL\FWLXW0KLC3Z.EXE, En cuarentena, [2905], [648561],1.0.10282
Adware.Linkury, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\RARSFX0\LOGICHANDLER.EXE, En cuarentena, [376], [504848],1.0.10282
Adware.Wajam, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\QZY42ZGP.EDN\S2S_INSTALL.EXE, En cuarentena, [509], [450113],1.0.10282
Adware.Csdimonetize, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\XP0PQRRS5HU\QQME5VFVMK1.EXE, En cuarentena, [2905], [648561],1.0.10282
Spyware.Socelars, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\YZ1T4A34VSI\SETUP.EXE, En cuarentena, [669], [669486],1.0.10282
Adware.Tuto4PC, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\IS-E9FH7.TMP\COPYMATOUS.EXE, En cuarentena, [2818], [551717],1.0.10282
Spyware.PasswordStealer, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\SEESCENICELFE.EXE, En cuarentena, [484], [672473],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\2581430006.EXE, En cuarentena, [0], [392686],1.0.10282
Adware.Linkury, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\SETUP.EXE, En cuarentena, [376], [475745],1.0.10282
Adware.ExtenBro, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\INSTALLER.EXE, En cuarentena, [2059], [593685],1.0.10282
Trojan.Agent, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\RCDLL.DLL, En cuarentena, [428], [659776],1.0.10282
Adware.IndiLoadz, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\BLOOMBERG.EXE, En cuarentena, [7803], [670940],1.0.10282
Adware.Agent, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\ZERNVO.EXE, En cuarentena, [98], [655968],1.0.10282
Adware.Tuto4PC, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\PE0M2YYALQG.EXE, En cuarentena, [2818], [474076],1.0.10282
Adware.Wajam, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\S2S.EXE, En cuarentena, [509], [455164],1.0.10282
Adware.ICLoader, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\MCASIN.EXE, En cuarentena, [460], [673215],1.0.10282
Adware.IndiLoadz, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\ZERO.EXE, En cuarentena, [7803], [665041],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\NOAH.DAT, En cuarentena, [3743], [404865],1.0.10282
Adware.Bundler, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\XELPI.EXE, En cuarentena, [718], [527266],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, En cuarentena, [3743], [404862],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\CONFIG.XML, En cuarentena, [3743], [404859],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\MD.XML, En cuarentena, [3743], [404866],1.0.10282
Trojan.BitCoinMiner, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\A3DE.TMP.EXE, En cuarentena, [618], [666494],1.0.10282
Adware.Linkury.TskLnk, C:\USERS\CRISTIAN\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, En cuarentena, [14576], [444923],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\AGENT.DAT, En cuarentena, [3743], [404872],1.0.10282
Adware.Linkury, C:\USERS\CRISTIAN\APPDATA\LOCAL\PHYSIS.EXE, En cuarentena, [376], [475745],1.0.10282
Adware.ICLoader.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\XVID.EXE, En cuarentena, [10400], [673729],1.0.10282
PUP.Optional.Linkury, C:\USERS\CRISTIAN\APPDATA\LOCAL\KONKTECH.BIN, En cuarentena, [252], [331415],1.0.10282
Adware.Linkury, C:\USERS\CRISTIAN\APPDATA\LOCAL\QVOTONE.BIN, En cuarentena, [376], [504848],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\MAIN.DAT, En cuarentena, [3743], [442900],1.0.10282
Adware.Linkury.Generic, C:\USERS\CRISTIAN\APPDATA\LOCAL\PHYSIS.TST, En cuarentena, [3743], [404871],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\MULTITIMER.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\68D1.TMP.EXE, En cuarentena, [0], [392686],1.0.10282
Generic.Malware/Suspicious, C:\USERS\CRISTIAN\APPDATA\LOCAL\TEMP\8519235764.EXE, En cuarentena, [0], [392686],1.0.10282
Trojan.Agent.Generic, C:\USERS\CRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CWFRDAJT.LNK, En cuarentena, [3706], [536200],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Danish.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Dutch.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\English.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\EnglishPC.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\French.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\German.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Italian.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Norwegian.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Parameters.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Portuguese.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Spanish.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\Swedish.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\tmpLang.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\Languages\tmpParam.json, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\CallBanner.png, En cuarentena, [636], [178764],1.0.10282
PUP.Optional.OneSystemCare, C:\Users\Cristian\AppData\Roaming\One System Care\FinishedScan.png, En cuarentena, [636], [178764],1.0.10282
Trojan.BitCoinMiner, C:\USERS\CRISTIAN\DOCUMENTS\TRANSACTIONSERVICES INC\TRANSACTIONSERVICESHELPER.EXE.MORESA, En cuarentena, [618], [666494],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\BONJOUR\Z718EE2\UPDATEINSTALL.EXE, En cuarentena, [2905], [672010],1.0.10282
Adware.Csdimonetize, C:\PROGRAM FILES\BONJOUR\Z718EE2\VP#VFCNKWK.EXE, En cuarentena, [2905], [662948],1.0.10282
Trojan.Agent, C:\PROGRAM FILES\WINDOWS NT\SYMSRV.DLL, En cuarentena, [428], [659776],1.0.10282
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\ZNLUFFOD6K\CAST.CONFIG, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\ZNLUFFOD6K\uninstaller.exe, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\ZNLUFFOD6K\uninstaller.exe.config, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\ZNLUFFOD6K\ZNLUFFOD6.exe.config, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\PROGRAM FILES\NDDKOI19RX\CAST.CONFIG, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\NDDKOI19RX\NDDKOI19R.exe.config, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\NDDKOI19RX\uninstaller.exe, En cuarentena, [3702], [357599],1.0.10282
Adware.Tuto4PC.Generic, C:\Program Files\NDDKOI19RX\uninstaller.exe.config, En cuarentena, [3702], [357599],1.0.10282
Adware.Zdengo, C:\PROGRAM FILES\NJBKNGZIMGZ\MDHHM.EXE, En cuarentena, [510], [671707],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\X64\SQLite.Interop.dll, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\Config.json, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\set.exe.config, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.dll, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.Linq.dll, En cuarentena, [376], [431817],1.0.10282
Adware.Linkury, C:\ProgramData\Logic Cramble\System.Data.SQLite.xml, En cuarentena, [376], [431817],1.0.10282
Generic.Malware/Suspicious, C:\PROGRAMDATA\GARBAGE CLEANER\GARBAGE CLEANER.EXE, En cuarentena, [0], [392686],1.0.10282
PUP.Optional.OneSystemCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ONE SYSTEM CARE\LAUNCH ONE SYSTEM CARE.LNK, En cuarentena, [636], [241379],1.0.10282
PUP.Optional.OneSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care\One System Care on the Web.url, En cuarentena, [636], [241379],1.0.10282
Adware.Linkury, C:\ProgramData\PrefsSecure\Nettrans.exe.config, En cuarentena, [376], [377396],1.0.10282
Adware.Linkury, C:\ProgramData\PrefsSecure\prefs.xml, En cuarentena, [376], [377396],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Rankair.dat, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\1xg0n3rr.xml, Se eliminará al reiniciar, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\conf.config, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\FlexWarm.exe.config, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Lab-Cof.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Lexitam.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Lighttax.dat, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\md.xml, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\New-Tip.exe, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\New-Tip.exe.config, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Overlax.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Saltlatcore.dat, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Saltlex.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Silverit.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Tolnix.d.dat, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\uninstall.dat, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Voyait.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.ACMB1, C:\ProgramData\Tolnix\Zonehold.bin, En cuarentena, [804], [662636],1.0.10282
Adware.Linkury.TskLnk, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, En cuarentena, [14576], [444922],1.0.10282
Adware.Wajam, C:\WINDOWS\SYSWOW64\SSL\CERT.DB, En cuarentena, [509], [533889],1.0.10282
Adware.Wajam, C:\Windows\SysWOW64\SSL\YmRjNzkwYzk4MTI2 2.cer, En cuarentena, [509], [533889],1.0.10282
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, En cuarentena, [822], [259512],1.0.10282
Generic.Malware/Suspicious, C:\WINDOWS\TEMP\SYSCHECK.EXE, En cuarentena, [0], [392686],1.0.10282
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-23-2019
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 13
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\OneSystemCare
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\Users\Cristian\AppData\Roaming\WidModule
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Conduit
Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\quick_cleaner
Deleted HKLM\Software\Classes\tsckmna
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|Multitimer
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TigerTrade Setup 4.3.1
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted WebSearch
Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2eWLFTQ1xzI-AFM4Ac4I95M9oRhYR8Yvm9T4ideOEYtXp1TCMOr68yRiaaloynFYlusUJXGRhVxHyb3Bh-xx9XfS9tavDpesUO1-LJ21DP5rDMiU3xcAFify_9mDruxHa_vxj2D5NJq5DHUu8b435EepoGHxgACd1gQnXyZms,
Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2eWLFTQ1xzI-AFM4Ac4I95M9oRhYR8Yvm9T4ideOEYtXp1TCMOr68yRiaaloynFYlusUJXGRhVxHyb3Bh-xx9XfS9tavDpesUO1-LJ21DP5rDMiU3xcAFify_9mDruxHa_vxj2D5NJq5DHUu8b435EepoGHxgACd1gQnXyZms,
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2623 octets] - [23/04/2019 00:15:31]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########Hola
Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]
¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]
- Ejecuta FRST.exe.
- En el mensaje de la ventana del Disclaimer, pulsamos Yes
- En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
- Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Pon los dos reportes generados.
Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).
Un saludo
Buenas, ahi van los reportes. Gracias
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2019
Ran by Cristian (23-04-2019 12:38:10)
Running from C:\Users\Cristian\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2018-11-17 02:06:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-4254560763-1319382655-3005860915-500 - Administrator - Disabled)
Cristian (S-1-5-21-4254560763-1319382655-3005860915-1000 - Administrator - Enabled) => C:\Users\Cristian
Invitado (S-1-5-21-4254560763-1319382655-3005860915-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (32 bits) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Assassin's Creed_is1) (Version: - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Discord (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\...\Discord) (Version: 0.0.301 - Discord Inc.)
eweew3grthrtvew (HKLM-x32\...\eweew3grthrtvew_is1) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
iTunes (HKLM\...\{1486D446-ED3A-4E80-9749-4492B0C2E747}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Lineage II (HKLM-x32\...\{0a78b236-0352-4631-bfd3-f894209a378b}) (Version: 1.0.2.0 - NC Interactive, LLC)
Lineage II (HKLM-x32\...\{C9D826BB-412C-4BF2-A06E-E0422849DDCC}) (Version: 4.0.0.2 - NC Interactive, LLC) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Spotify (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
Spotify (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
Spotify (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
uTorrent Web (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
uTorrent Web (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
uTorrent Web (HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2018-11-17 10:05 - 2016-11-10 13:32 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2018-12-17 13:32 - 2018-12-17 13:32 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-22 19:41 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2019-04-22 19:30 - 000000214 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.eodeysua.com
127.0.0.1 eodeysua.com
127.0.0.1 www.redaceivete.pw
127.0.0.1 redaceivete.pw
127.0.0.1 www.sblinfo.pw
127.0.0.1 sblinfo.pw
127.0.0.1 www.sjjscenter.pw
127.0.0.1 sjjscenter.pw
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 200.42.4.210 - 200.49.130.52
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8636193C-BB46-4123-BCE0-F3B712B810C0}] => (Allow) C:\Users\Cristian\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F1720A29-AB39-41C6-94E7-36BA66877B57}] => (Allow) C:\Users\Cristian\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{636A682F-6D62-4D56-8D7D-C1E198FD96AE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BC2A5717-333C-4188-8CED-FAE627A2C234}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6398C2F7-6ECA-48FA-BF8D-FF96A89D7ED1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C24AACE0-BFF6-4122-959A-BB0683E7537E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12FC2068-690A-4D1A-A624-FC0BCD8EC88B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B331BC77-3B19-4DC8-AA50-F99A6938EEB9}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{015151CB-2A5E-4EB1-A4DD-1F67696C8495}] => (Allow) C:\Program Files (x86)\GOG.com\Assassins Creed\AssassinsCreed_Dx9.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{BC197E71-9F77-42E4-9648-F0F90BFFB245}] => (Allow) C:\Program Files (x86)\GOG.com\Assassins Creed\AssassinsCreed_Dx9.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{416DF442-C95C-494E-8F61-772B45E42CC5}] => (Allow) C:\Program Files (x86)\GOG.com\Assassins Creed\AssassinsCreed_Dx10.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{9227FFE7-B8BB-48A6-92E1-E84F54AC5EC7}] => (Allow) C:\Program Files (x86)\GOG.com\Assassins Creed\AssassinsCreed_Dx10.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{277692DF-1F99-4CFA-8B23-44DBD5DB1435}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
10-04-2019 22:02:53 Windows Update
22-04-2019 19:07:48 Removed Java 8 Update 211 (64-bit)
22-04-2019 19:12:23 Installed Java(TM) SE Development Kit 12.0.1 (64-bit)
22-04-2019 19:16:04 Removed Java(TM) SE Development Kit 12.0.1 (64-bit)
22-04-2019 19:16:41 Installed Java(TM) SE Development Kit 12.0.1 (64-bit)
22-04-2019 19:18:44 Removed Java(TM) SE Development Kit 12.0.1 (64-bit)
==================== Faulty Device Manager Devices =============
Name: Teclado PS/2 estándar
Description: Teclado PS/2 estándar
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Teclados estándar)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: OWM0MzUzYzQwYm
Description: OWM0MzUzYzQwYm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: OWM0MzUzYzQwYm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Mouse PS/2 de Microsoft
Description: Mouse PS/2 de Microsoft
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2019 12:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/23/2019 12:18:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/23/2019 12:14:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/22/2019 10:26:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3401
Error: (04/22/2019 10:26:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3401
Error: (04/22/2019 10:26:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/22/2019 10:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2387
Error: (04/22/2019 10:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2387
System errors:
=============
Error: (04/23/2019 12:34:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Google Update Servicio (gupdate) no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/23/2019 12:32:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
OWM0MzUzYzQwYm
Error: (04/23/2019 12:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio symsrv service no pudo iniciarse debido al siguiente error:
El servicio no respondió a tiempo a la solicitud de inicio o de control.
Error: (04/23/2019 12:32:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio symsrv service.
Error: (04/23/2019 12:32:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio rcdll service no pudo iniciarse debido al siguiente error:
El servicio no respondió a tiempo a la solicitud de inicio o de control.
Error: (04/23/2019 12:32:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio rcdll service.
Error: (04/23/2019 12:18:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Google Update Servicio (gupdate) no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (04/23/2019 12:16:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
OWM0MzUzYzQwYm
Windows Defender:
===================================
Date: 2018-12-16 19:41:04.621
Description:
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15500.2
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico.
Date: 2018-12-14 20:18:07.015
Description:
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15500.2
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico.
Date: 2018-12-13 17:40:11.245
Description:
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15500.2
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico.
Date: 2018-12-12 15:00:55.293
Description:
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15500.2
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico.
Date: 2018-12-11 16:00:24.651
Description:
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15500.2
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico.
CodeIntegrity:
===================================
Date: 2019-04-23 12:32:54.865
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-23 00:16:34.383
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-23 00:13:18.253
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-23 00:06:01.086
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-22 20:07:36.240
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-22 19:52:42.229
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-22 19:33:59.696
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2019-04-22 19:18:04.262
Description:
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 4.6.4 09/07/2011
Motherboard: BIOSTAR Group A880GZ
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 8170.27 MB
Available physical RAM: 4085.01 MB
Total Virtual: 16338.68 MB
Available Virtual: 12096.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:772.77 GB) NTFS
\\?\Volume{89e596fe-ea0c-11e8-82e6-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BE5406D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2019
Ran by Cristian (administrator) on CRISTIAN-PC (BIOSTAR Group A880GZ) (23-04-2019 12:37:05)
Running from C:\Users\Cristian\Downloads
Loaded Profiles: Cristian & (Available Profiles: Cristian)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [oqjw250igqv] => C:\Program Files (x86)\Beef\213242425.exe [841728 2019-04-22] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\...\Run: [transactionservicesmain] => C:\Users\Cristian\Documents\TransactionServices Inc\transactionservices.exe.lnk
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\...\Run: [transactionservicesmain] => C:\Users\Cristian\Documents\TransactionServices Inc\transactionservices.exe.lnk
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\...\Run: [transactionservicesmain] => C:\Users\Cristian\Documents\TransactionServices Inc\transactionservices.exe.lnk
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-14] (Google LLC -> Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {113450E0-F9D0-4360-9B15-C1100108D7E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {13F9FE9B-02EF-4112-AA97-133A56BF78F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {68D12EDC-100D-49D8-BA2C-1C67E4FB4D8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {71356C9B-9B05-41A8-AB1E-FE039E6F91F8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FE5186CC-2773-4E61-8750-09D2FF4D7022} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-22] (AVAST Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.42.4.210 200.49.130.52
Tcpip\..\Interfaces\{7E475125-18E7-4D01-AAEF-E388C8C6D6B1}: [DhcpNameServer] 200.42.4.210 200.49.130.52
Internet Explorer:
==================
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123413476\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
HKU\S-1-5-21-4254560763-1319382655-3005860915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04232019123513820\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBD8Dduob2eWLFTQ1xzI-AFM4Ac4I95M9oRhYR8Yvm9T4ideOEYtXp1TCMOr68yRiaaloynFYlusUJXGRhVxHyb3BRWVVYpCWRkr0VTKH6AY9Cq7KYAihKiA6fYy-aoYFbkHlj2ff7ounc7B_OGYn12sHfhPUfh_1t6WLghr91y2lYm7hg,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default [2019-04-23]
CHR Extension: (Presentaciones) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-17]
CHR Extension: (Documentos) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-17]
CHR Extension: (Google Drive) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-17]
CHR Extension: (YouTube) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-17]
CHR Extension: (Hojas de cálculo) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-17]
CHR Extension: (AdBlock) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-22]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-17]
CHR Extension: (Gmail) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\1555972237655.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [472456 2018-01-31] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 rcdll; C:\Users\Cristian\AppData\Local\Temp\rcdll.exe [60928 2019-04-22] (Microsoft Corporation) [File not signed] <==== ATTENTION
S2 symsrv; C:\Program Files\windows nt\symsrv.exe [145168 2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [41570184 2018-01-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [536968 2018-01-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2017-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-04-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-04-23] (Malwarebytes Corporation -> Malwarebytes)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U3 aswbdisk; no ImagePath
S1 OWM0MzUzYzQwYm; \??\C:\Windows\system32\drivers\OWM0MzUzYzQwYm [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-23 12:37 - 2019-04-23 12:37 - 000015430 _____ C:\Users\Cristian\Downloads\FRST.txt
2019-04-23 12:37 - 2019-04-23 12:37 - 000000000 ____D C:\FRST
2019-04-23 12:36 - 2019-04-23 12:36 - 002436096 _____ (Farbar) C:\Users\Cristian\Downloads\FRST64.exe
2019-04-23 12:33 - 2019-04-23 12:33 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-04-23 12:33 - 2019-04-23 12:33 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-04-23 12:33 - 2019-04-23 12:33 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-04-23 12:32 - 2019-04-23 12:32 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-23 00:17 - 2019-04-23 00:17 - 000002569 _____ C:\Users\Cristian\Documents\adw.txt
2019-04-23 00:16 - 2019-04-23 00:16 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-04-23 00:15 - 2019-04-23 00:15 - 000000000 ____D C:\AdwCleaner
2019-04-23 00:14 - 2019-04-23 00:14 - 000045663 _____ C:\Users\Cristian\Documents\mb.txt
2019-04-22 20:26 - 2019-04-22 20:26 - 007025360 _____ (Malwarebytes) C:\Users\Cristian\Downloads\adwcleaner_7.3.exe
2019-04-22 19:48 - 2019-04-22 19:48 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2019-04-22 19:48 - 2019-04-22 19:48 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-04-22 19:47 - 2019-04-22 19:47 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-04-22 19:45 - 2019-04-23 00:13 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-22 19:45 - 2019-04-22 19:45 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-04-22 19:45 - 2019-04-22 19:45 - 000002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-04-22 19:44 - 2019-04-22 19:55 - 007665350 _____ C:\Users\Cristian\Downloads\esetonlinescanner_esn.exe.moresa
2019-04-22 19:44 - 2019-04-22 19:55 - 007665350 _____ C:\Users\Cristian\Downloads\esetonlinescanner_esn (1).exe.moresa
2019-04-22 19:44 - 2019-04-22 19:45 - 000000000 ____D C:\Program Files\CCleaner
2019-04-22 19:44 - 2019-04-22 19:44 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-22 19:44 - 2019-04-22 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-22 19:43 - 2019-04-22 19:55 - 021254286 _____ C:\Users\Cristian\Downloads\ccsetup556.exe.moresa
2019-04-22 19:41 - 2019-04-22 19:55 - 062824302 _____ C:\Users\Cristian\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10240.exe.moresa
2019-04-22 19:41 - 2019-04-22 19:41 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-22 19:41 - 2019-04-22 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-22 19:41 - 2019-04-22 19:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-22 19:41 - 2019-04-22 19:41 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-22 19:41 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-04-22 19:38 - 2019-04-22 19:55 - 000007412 _____ C:\Users\Cristian\Desktop\Rkill.txt.moresa
2019-04-22 19:37 - 2019-04-22 20:28 - 000000004 _____ C:\ProgramData\lock.dat
2019-04-22 19:37 - 2019-04-22 19:55 - 001802782 _____ C:\Users\Cristian\Downloads\iExplore.exe.moresa
2019-04-22 19:37 - 2019-04-22 19:53 - 000000008 _____ C:\ProgramData\irw.atsd
2019-04-22 19:37 - 2019-04-22 19:37 - 000000008 _____ C:\ProgramData\ts.dat
2019-04-22 19:36 - 2019-04-22 19:55 - 000805078 ____H C:\BITA7F4.tmp
2019-04-22 19:35 - 2019-04-23 00:13 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\wby11ibbm2l
2019-04-22 19:35 - 2019-04-23 00:13 - 000000000 ____D C:\ProgramData\localNETService
2019-04-22 19:35 - 2019-04-22 19:35 - 000001168 _____ C:\Users\Cristian\_readme.txt
2019-04-22 19:35 - 2019-04-22 19:35 - 000001168 _____ C:\Program Files\_readme.txt
2019-04-22 19:35 - 2019-04-22 19:35 - 000001168 _____ C:\_readme.txt
2019-04-22 19:34 - 2019-04-22 19:34 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\Mozilla
2019-04-22 19:32 - 2019-04-22 19:35 - 000913894 ____H C:\BITA7F4.tmp.moresa
2019-04-22 19:31 - 2019-04-23 00:13 - 000000000 ____D C:\Program Files\NjBkNGZiMGZ
2019-04-22 19:31 - 2019-04-22 19:55 - 000000000 ____D C:\Users\Cristian\AppData\Local\fde3ba11-0463-4de5-9e96-bc54b73317f2
2019-04-22 19:31 - 2019-04-22 19:36 - 000001149 _____ C:\Users\Cristian\Desktop\Launch One System Care.lnk.moresa
2019-04-22 19:31 - 2019-04-22 19:36 - 000000968 _____ C:\Users\Cristian\Desktop\Lightening Media Player.lnk.moresa
2019-04-22 19:31 - 2019-04-22 19:34 - 000000000 ____D C:\ProgramData\Tolnixs
2019-04-22 19:31 - 2019-04-22 19:32 - 000000000 ____D C:\Program Files (x86)\LighteningPlayer
2019-04-22 19:31 - 2019-04-22 19:31 - 000001830 _____ C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightening Media Player.lnk
2019-04-22 19:30 - 2019-04-23 00:13 - 000000000 ____D C:\Users\Cristian\Documents\TransactionServices Inc
2019-04-22 19:30 - 2019-04-23 00:13 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\arrphaq1pf2
2019-04-22 19:30 - 2019-04-22 19:36 - 000002222 _____ C:\Users\Cristian\Desktop\TigerTrade.lnk.moresa
2019-04-22 19:30 - 2019-04-22 19:36 - 000001782 _____ C:\Users\Cristian\Desktop\Garbage Cleaner.lnk.moresa
2019-04-22 19:30 - 2019-04-22 19:36 - 000000959 _____ C:\Users\Cristian\Desktop\ClearTools.lnk.moresa
2019-04-22 19:30 - 2019-04-22 19:30 - 000278528 _____ C:\Users\Cristian\AppData\Local\cleartool.exe
2019-04-22 19:30 - 2019-04-22 19:30 - 000000000 ____D C:\ProgramData\{C763B51F-6E62-6A94-1A73-17E61A944EB7}
2019-04-22 19:30 - 2019-04-22 19:30 - 000000000 ____D C:\ProgramData\{04D7ADF5-7688-A920-F06B-A325F08CFA74}
2019-04-22 19:30 - 2019-04-22 19:30 - 000000000 ____D C:\Program Files (x86)\TigerTrade
2019-04-22 19:30 - 2019-04-22 19:30 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2019-04-22 19:30 - 2019-04-22 19:30 - 000000000 ____D C:\Program Files (x86)\Beef
2019-04-22 19:29 - 2019-04-22 19:34 - 000722944 _____ C:\Users\Cristian\AppData\Local\sha.db
2019-04-22 19:29 - 2019-04-22 19:29 - 000140800 _____ C:\Users\Cristian\AppData\Local\installer.dat
2019-04-22 19:29 - 2019-04-22 19:29 - 000000000 ____D C:\ProgramData\fb
2019-04-22 19:28 - 2019-04-22 19:37 - 000000000 ____D C:\Users\Cristian\Downloads\Minecraft 1.12.2 Cracked
2019-04-22 19:20 - 2019-04-22 19:20 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-04-22 19:20 - 2019-04-22 19:20 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\Sun
2019-04-22 19:20 - 2019-04-22 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-22 19:20 - 2019-04-22 19:20 - 000000000 ____D C:\Program Files\Java
2019-04-22 19:19 - 2019-04-22 19:36 - 079721902 _____ C:\Users\Cristian\Downloads\jre-8u211-windows-x64 (2).exe.moresa
2019-04-22 19:10 - 2019-04-22 19:36 - 166190526 _____ C:\Users\Cristian\Downloads\jdk-12.0.1_windows-x64_bin.exe.moresa
2019-04-22 19:08 - 2019-04-22 19:08 - 000000000 ____D C:\Windows\system32\appmgmt
2019-04-22 19:04 - 2019-04-22 19:36 - 079721902 _____ C:\Users\Cristian\Downloads\jre-8u211-windows-x64 (1).exe.moresa
2019-04-22 18:57 - 2019-04-22 19:36 - 015267688 _____ C:\Users\Cristian\Downloads\TLauncher-2.53-Installer-0.5-ns (1).exe.moresa
2019-04-22 18:46 - 2019-04-22 18:54 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\.tlauncher
2019-04-22 18:46 - 2019-04-22 18:46 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\java
2019-04-22 18:44 - 2019-04-22 19:37 - 015267688 _____ C:\Users\Cristian\Downloads\TLauncher-2.53-Installer-0.5-ns.exe.moresa
2019-04-22 18:43 - 2019-04-22 19:36 - 079721902 _____ C:\Users\Cristian\Downloads\jre-8u211-windows-x64.exe.moresa
2019-04-22 18:40 - 2019-04-22 19:26 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\.minecraft
2019-04-19 19:10 - 2019-04-22 19:36 - 000264346 _____ C:\Users\Cristian\Downloads\resultados_sorteo_08-02_estacion_cambios.pdf.moresa
2019-04-17 21:07 - 2019-04-17 21:07 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\Google
2019-04-10 21:02 - 2019-04-01 22:57 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-10 21:02 - 2019-03-28 22:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-10 21:02 - 2019-03-28 00:35 - 000348776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-04-10 21:02 - 2019-03-27 22:55 - 000397120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-04-10 21:02 - 2019-03-26 03:14 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-10 21:02 - 2019-03-26 03:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-04-10 21:02 - 2019-03-26 03:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-04-10 21:02 - 2019-03-26 02:52 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-10 21:02 - 2019-03-26 02:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-04-10 21:02 - 2019-03-26 02:51 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-04-10 21:02 - 2019-03-26 02:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-10 21:02 - 2019-03-26 02:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-04-10 21:02 - 2019-03-26 02:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-04-10 21:02 - 2019-03-26 02:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-04-10 21:02 - 2019-03-26 02:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-04-10 21:02 - 2019-03-26 02:41 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-04-10 21:02 - 2019-03-26 02:40 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-04-10 21:02 - 2019-03-26 02:40 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-04-10 21:02 - 2019-03-26 02:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-10 21:02 - 2019-03-26 02:40 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-04-10 21:02 - 2019-03-26 02:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-04-10 21:02 - 2019-03-26 02:35 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-04-10 21:02 - 2019-03-26 02:31 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-04-10 21:02 - 2019-03-26 02:26 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-04-10 21:02 - 2019-03-26 02:26 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-04-10 21:02 - 2019-03-26 02:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-04-10 21:02 - 2019-03-26 02:22 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-04-10 21:02 - 2019-03-26 02:22 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-04-10 21:02 - 2019-03-26 02:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-04-10 21:02 - 2019-03-26 02:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-04-10 21:02 - 2019-03-26 02:12 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-10 21:02 - 2019-03-26 02:10 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-04-10 21:02 - 2019-03-26 02:08 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-04-10 21:02 - 2019-03-26 02:08 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-04-10 21:02 - 2019-03-26 02:07 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-04-10 21:02 - 2019-03-26 02:06 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-04-10 21:02 - 2019-03-26 02:05 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-10 21:02 - 2019-03-26 02:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-04-10 21:02 - 2019-03-26 02:00 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-04-10 21:02 - 2019-03-26 01:51 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-10 21:02 - 2019-03-26 01:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-04-10 21:02 - 2019-03-26 01:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-04-10 21:02 - 2019-03-26 01:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-04-10 21:02 - 2019-03-26 01:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-04-10 21:02 - 2019-03-26 01:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-10 21:02 - 2019-03-26 01:48 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-10 21:02 - 2019-03-26 01:46 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-04-10 21:02 - 2019-03-26 01:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-04-10 21:02 - 2019-03-26 01:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-04-10 21:02 - 2019-03-26 01:43 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-10 21:02 - 2019-03-26 01:43 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-04-10 21:02 - 2019-03-26 01:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-04-10 21:02 - 2019-03-26 01:36 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-04-10 21:02 - 2019-03-26 01:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-04-10 21:02 - 2019-03-26 01:33 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-04-10 21:02 - 2019-03-26 01:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-04-10 21:02 - 2019-03-26 01:32 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-04-10 21:02 - 2019-03-26 01:31 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-04-10 21:02 - 2019-03-26 01:29 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-04-10 21:02 - 2019-03-26 01:29 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-04-10 21:02 - 2019-03-26 01:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-04-10 21:02 - 2019-03-26 01:28 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-04-10 21:02 - 2019-03-26 01:24 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-10 21:02 - 2019-03-26 01:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-04-10 21:02 - 2019-03-26 01:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-04-10 21:02 - 2019-03-26 01:21 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-04-10 21:02 - 2019-03-26 01:21 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-04-10 21:02 - 2019-03-26 01:08 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-04-10 21:02 - 2019-03-26 01:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-10 21:02 - 2019-03-26 01:02 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-04-10 21:02 - 2019-03-20 23:13 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-10 21:02 - 2019-03-20 23:13 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-10 21:02 - 2019-03-20 23:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-04-10 21:02 - 2019-03-20 23:13 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-04-10 21:02 - 2019-03-20 23:13 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-04-10 21:02 - 2019-03-20 23:12 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-04-10 21:02 - 2019-03-20 23:12 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-04-10 21:02 - 2019-03-20 23:10 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-04-10 21:02 - 2019-03-20 23:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:03 - 003961576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-04-10 21:02 - 2019-03-20 23:02 - 004056296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-04-10 21:02 - 2019-03-20 23:02 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 23:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 22:45 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-04-10 21:02 - 2019-03-20 22:45 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-04-10 21:02 - 2019-03-20 22:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-04-10 21:02 - 2019-03-20 22:44 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-04-10 21:02 - 2019-03-20 22:41 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-04-10 21:02 - 2019-03-20 22:41 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-04-10 21:02 - 2019-03-20 22:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-04-10 21:02 - 2019-03-20 22:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-04-10 21:02 - 2019-03-20 22:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-04-10 21:02 - 2019-03-20 22:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-04-10 21:02 - 2019-03-20 22:38 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-10 21:02 - 2019-03-20 22:38 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-04-10 21:02 - 2019-03-20 22:38 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-04-10 21:02 - 2019-03-20 22:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-04-10 21:02 - 2019-03-20 22:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-04-10 21:02 - 2019-03-20 22:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-04-10 21:02 - 2019-03-20 22:37 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-04-10 21:02 - 2019-03-20 22:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-04-10 21:02 - 2019-03-20 22:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-04-10 21:02 - 2019-03-20 22:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-04-10 21:02 - 2019-03-20 22:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-04-10 21:02 - 2019-03-20 22:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-04-10 21:02 - 2019-03-20 22:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 22:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-04-10 21:02 - 2019-03-20 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-04-10 21:02 - 2019-03-16 01:11 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-04-10 21:02 - 2019-03-16 01:09 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-04-10 21:02 - 2019-03-16 01:09 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-04-10 21:02 - 2019-03-16 01:08 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-04-10 21:02 - 2019-03-16 01:08 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-04-10 21:02 - 2019-03-16 00:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-04-10 21:02 - 2019-03-16 00:42 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-04-10 21:02 - 2019-03-16 00:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-04-10 21:02 - 2019-03-16 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-04-10 21:02 - 2019-03-13 12:09 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-04-10 21:02 - 2019-03-13 12:02 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-04-10 21:02 - 2019-03-13 11:35 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-10 21:02 - 2019-03-13 11:35 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-10 21:02 - 2019-03-12 11:34 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-10 21:02 - 2019-03-12 11:34 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-10 21:02 - 2019-03-12 11:34 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 001894912 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 000688128 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-04-10 21:02 - 2019-03-11 18:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-04-10 21:02 - 2019-03-11 18:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2019-04-10 21:02 - 2019-03-11 18:23 - 001112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-10 21:02 - 2019-03-11 18:22 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-04-10 21:02 - 2019-03-11 18:22 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2019-04-10 21:02 - 2019-02-21 12:48 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2019-04-10 21:02 - 2019-02-21 12:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2019-04-10 21:02 - 2019-02-21 12:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-10 21:02 - 2019-02-12 13:08 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-04-10 21:02 - 2019-02-12 13:08 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-04-10 21:02 - 2019-02-12 12:58 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-04-10 21:02 - 2019-02-12 12:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-04-10 21:02 - 2019-02-08 13:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-04-10 21:02 - 2019-02-08 13:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-03-28 20:04 - 2019-04-22 19:36 - 000080462 _____ C:\Users\Cristian\Downloads\LISTADO DE CODIGOS DE OS - PARA PERIODO ANTERIORES A 07-1994.xls.moresa
2019-03-27 19:51 - 2019-04-22 19:36 - 001456542 _____ C:\Users\Cristian\Downloads\orig_5069.jpg.moresa==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-23 12:32 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-23 00:21 - 2018-11-17 09:04 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-04-23 00:21 - 2009-07-14 01:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-23 00:21 - 2009-07-14 01:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-23 00:13 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Windows NT
2019-04-23 00:10 - 2018-11-17 09:06 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-23 00:10 - 2018-11-17 09:06 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-23 00:10 - 2018-11-16 23:07 - 000001401 _____ C:\Users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-04-22 19:48 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-04-22 19:45 - 2018-11-16 18:59 - 000000000 ____D C:\Windows\Panther
2019-04-22 19:37 - 2018-12-31 12:12 - 000000000 ____D C:\Users\Cristian\Downloads\Assassin's Creed - Director's Cut (April 8, 2008)
2019-04-22 19:37 - 2018-12-14 20:28 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E07.iNTERNAL.1080p.WEB.h264-NOIVTC[rarbg]
2019-04-22 19:37 - 2018-12-11 18:45 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E05.iNTERNAL.1080p.WEB.h264-NOIVTC[rarbg]
2019-04-22 19:37 - 2018-12-11 18:44 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E06.720p.HDTV.x264-AVS[ettv]
2019-04-22 19:37 - 2018-12-08 22:00 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E04.720p.HDTV.x264-KILLERS[rarbg]
2019-04-22 19:37 - 2018-12-08 21:45 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E03.720p.HDTV.x264-AVS[rarbg]
2019-04-22 19:37 - 2018-12-08 21:45 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S09E02.720p.HDTV.x264-AVS[rarbg]
2019-04-22 19:37 - 2018-12-04 16:11 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S08E13.CONVERT.1080p.WEB.h264-TBS[rarbg]
2019-04-22 19:37 - 2018-12-02 20:10 - 000000000 ____D C:\Users\Cristian\Desktop\L2FarmBot_1.5
2019-04-22 19:37 - 2018-11-29 21:41 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S08E12.CONVERT.1080p.WEB.h264-TBS[rarbg]
2019-04-22 19:37 - 2018-11-27 17:30 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S08E09.720p.HDTV.x264-AVS[rarbg]
2019-04-22 19:37 - 2018-11-27 17:28 - 000000000 ____D C:\Users\Cristian\Downloads\The.Walking.Dead.S08E07.CONVERT.1080p.WEB.h264-TBS[rarbg]
2019-04-22 19:36 - 2019-03-20 18:15 - 000206014 _____ C:\Users\Cristian\Downloads\1.txt.moresa
2019-04-22 19:36 - 2019-03-20 18:15 - 000001438 _____ C:\Users\Cristian\Downloads\1r.txt.moresa
2019-04-22 19:36 - 2019-03-01 18:38 - 000005289 _____ C:\Users\Cristian\Downloads\afip_presentacion_cuit_23366841059_f1003_nrotransaccion_649027991.pdf.moresa
2019-04-22 19:36 - 2019-02-13 19:31 - 104114086 _____ C:\Users\Cristian\Downloads\PokerStarsInstall (1).exe.moresa
2019-04-22 19:36 - 2019-02-04 21:11 - 000013578 _____ C:\Users\Cristian\Desktop\NL22.xlsx.moresa
2019-04-22 19:36 - 2019-01-24 20:00 - 000141123 _____ C:\Users\Cristian\Desktop\certificado.pdf.moresa
2019-04-22 19:36 - 2019-01-24 20:00 - 000071430 _____ C:\Users\Cristian\Desktop\certificado2.pdf.moresa
2019-04-22 19:36 - 2019-01-24 19:59 - 000399020 _____ C:\Users\Cristian\Desktop\poliza.pdf.moresa
2019-04-22 19:36 - 2019-01-21 21:16 - 016449765 _____ C:\Users\Cristian\Downloads\JANSON2014.pdf.moresa
2019-04-22 19:36 - 2019-01-13 16:30 - 001031060 _____ C:\Users\Cristian\Downloads\RANGOS PREFLOP.rar.moresa
2019-04-22 19:36 - 2018-12-31 14:48 - 000001280 _____ C:\Users\Cristian\Desktop\AC.lnk.moresa
2019-04-22 19:36 - 2018-12-31 12:12 - 000530528 _____ C:\Users\Cristian\Downloads\AC1DC-PiviGames.blog.torrent.moresa
2019-04-22 19:36 - 2018-12-31 12:10 - 000000427 _____ C:\Users\Cristian\Downloads\ASCDC-PiviGames.blog.txt.moresa
2019-04-22 19:36 - 2018-12-31 12:07 - 000066230 _____ C:\Users\Cristian\Downloads\assassins creed de jonatan.rar.rar.moresa
2019-04-22 19:36 - 2018-12-29 18:08 - 000742294 _____ C:\Users\Cristian\Downloads\SpotifySetup.exe.moresa
2019-04-22 19:36 - 2018-12-29 18:08 - 000001860 _____ C:\Users\Cristian\Desktop\Spotify.lnk.moresa
2019-04-22 19:36 - 2018-12-17 13:31 - 009060350 _____ C:\Users\Cristian\Downloads\Chew-WGA-v0.9.rar.moresa
2019-04-22 19:36 - 2018-12-14 22:48 - 081227838 _____ C:\Users\Cristian\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe.moresa
2019-04-22 19:36 - 2018-12-08 21:45 - 1580311326 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E04.iNTERNAL.720p.WEB.H264-STRiFE[eztv].mkv.moresa
2019-04-22 19:36 - 2018-12-06 20:55 - 1713007956 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S09E01.720p.WEBRip.x264-eSc[eztv].mkv.moresa
2019-04-22 19:36 - 2018-12-05 21:37 - 2170486088 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E16.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-12-05 21:02 - 2208648020 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E15.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-12-04 20:32 - 1838687434 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E14.720p.HDTV.x264-FLEET[eztv].mkv.moresa
2019-04-22 19:36 - 2018-12-02 20:41 - 000035816 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E11.Dead or Alive Or.srt.moresa
2019-04-22 19:36 - 2018-12-02 00:30 - 000024842 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E10.The Lost and the Plunderers.srt.moresa
2019-04-22 19:36 - 2018-11-29 21:40 - 1840240012 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E11.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-29 21:39 - 2174773476 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E10.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-29 21:35 - 000038222 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E08.How It's Gotta Be.srt.moresa
2019-04-22 19:36 - 2018-11-29 20:31 - 000931674 _____ C:\Users\Cristian\Downloads\L2FarmBot_1.5.rar.moresa
2019-04-22 19:36 - 2018-11-27 17:29 - 1497767550 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E08.720p.HDTV.x264-BATV[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-27 17:18 - 000031241 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E06.The King, The Widow and Rick.srt.moresa
2019-04-22 19:36 - 2018-11-27 14:24 - 000042518 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E05.The Big Scary U.srt.moresa
2019-04-22 19:36 - 2018-11-27 14:15 - 000017302 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E04.Some Guy.srt.moresa
2019-04-22 19:36 - 2018-11-27 13:39 - 2025075403 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E06.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-27 13:30 - 1513306975 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E05.PROPER.720p.HDTV.x264-FLEET[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-24 21:06 - 1333788347 _____ C:\Users\Cristian\Downloads\The.Walking.Dead.S08E05.720p.HDTV.x264-AVS[eztv].mkv.moresa
2019-04-22 19:36 - 2018-11-24 20:27 - 000001889 _____ C:\Users\Cristian\Desktop\uTorrent Web.lnk.moresa
2019-04-22 19:36 - 2018-11-22 19:35 - 000003029 _____ C:\Users\Cristian\Desktop\Microsoft Word 2010.lnk.moresa
2019-04-22 19:36 - 2018-11-22 19:35 - 000003005 _____ C:\Users\Cristian\Desktop\Microsoft Excel 2010.lnk.moresa
2019-04-22 19:36 - 2018-11-21 17:00 - 000002820 _____ C:\Users\Cristian\URPreferences.xml.moresa
2019-04-22 19:36 - 2018-11-21 17:00 - 000002510 _____ C:\Users\Cristian\Desktop\Universal Replayer.lnk.moresa
2019-04-22 19:36 - 2018-11-18 09:29 - 000002219 _____ C:\Users\Cristian\Desktop\Discord.lnk.moresa
2019-04-22 19:36 - 2018-11-16 23:06 - 000000000 ____D C:\Users\Cristian
2019-04-22 19:35 - 2018-12-14 20:17 - 000000000 ____D C:\Pen papa
2019-04-22 19:35 - 2018-11-27 12:27 - 000000000 ____D C:\Photoshop CS6
2019-04-22 19:35 - 2018-11-27 11:19 - 000000000 ____D C:\Restoration
2019-04-22 19:35 - 2018-11-17 09:11 - 000000000 ____D C:\Riot Games
2019-04-22 19:32 - 2018-11-24 20:27 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\uTorrent Web
2019-04-22 19:30 - 2018-12-02 20:11 - 000000000 ____D C:\Program Files\Bonjour
2019-04-22 19:03 - 2018-11-17 22:01 - 000000000 ____D C:\Users\Cristian\AppData\Local\PokerStars
2019-04-22 19:02 - 2018-11-17 22:01 - 000000000 ____D C:\Program Files (x86)\PokerStars
2019-04-22 18:45 - 2011-04-12 06:10 - 000761994 _____ C:\Windows\system32\perfh00A.dat
2019-04-22 18:45 - 2011-04-12 06:10 - 000163664 _____ C:\Windows\system32\perfc00A.dat
2019-04-22 18:45 - 2009-07-14 02:13 - 001705268 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-19 21:31 - 2009-07-14 02:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-04-14 19:08 - 2009-07-14 01:45 - 000408952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-10 21:25 - 2018-12-29 18:08 - 000000000 ____D C:\Users\Cristian\AppData\Local\Spotify
2019-04-10 20:53 - 2018-12-29 18:08 - 000000000 ____D C:\Users\Cristian\AppData\Roaming\Spotify
2019-03-30 10:23 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
2019-03-28 19:56 - 2018-11-17 09:06 - 000003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 19:56 - 2018-11-17 09:06 - 000003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2019-04-22 19:37 - 2019-04-22 20:28 - 000000004 _____ () C:\ProgramData\lock.dat
2019-04-22 19:37 - 2019-04-22 19:37 - 000000008 _____ () C:\ProgramData\ts.dat
2019-04-22 19:35 - 2019-04-22 19:35 - 000001168 _____ () C:\Program Files\_readme.txt
2019-04-22 19:30 - 2019-04-22 19:30 - 000278528 _____ () C:\Users\Cristian\AppData\Local\cleartool.exe
2019-04-22 19:29 - 2019-04-22 19:29 - 000140800 _____ () C:\Users\Cristian\AppData\Local\installer.dat
2018-12-02 00:34 - 2018-12-14 20:53 - 000007602 _____ () C:\Users\Cristian\AppData\Local\Resmon.ResmonCfg
2019-04-22 19:29 - 2019-04-22 19:34 - 000722944 _____ () C:\Users\Cristian\AppData\Local\sha.db
Some files in TEMP:
====================
2019-04-22 19:30 - 2019-04-22 19:30 - 025260414 _____ (TigerTrade ) C:\Users\Cristian\AppData\Local\Temp\0676940438.exe
2019-04-22 19:32 - 2019-04-22 19:32 - 000356864 _____ () C:\Users\Cristian\AppData\Local\Temp\4C7D.tmp.exe
2019-04-22 19:29 - 2019-04-22 19:29 - 002544128 _____ () C:\Users\Cristian\AppData\Local\Temp\DixVid.exe
2019-04-22 19:06 - 2019-04-22 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Cristian\AppData\Local\Temp\jansi-64-1002056289726729566.dll
2019-04-22 19:01 - 2019-04-22 19:01 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Cristian\AppData\Local\Temp\jansi-64-1792012963899714613.dll
2019-04-22 18:58 - 2019-04-22 18:58 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Cristian\AppData\Local\Temp\jansi-64-5615998989373784209.dll
2019-04-22 18:52 - 2019-04-22 18:52 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Cristian\AppData\Local\Temp\jansi-64-6424329916806726300.dll
2019-04-22 19:30 - 2019-04-22 19:30 - 001023169 _____ (360dev ) C:\Users\Cristian\AppData\Local\Temp\lightcleanerlightcleaner.exe
2019-04-22 19:30 - 2019-04-22 19:31 - 064459184 _____ () C:\Users\Cristian\AppData\Local\Temp\LighteningMediaPlayerInstall.exe
2019-04-22 19:30 - 2019-04-22 19:30 - 000060928 _____ (Microsoft Corporation) C:\Users\Cristian\AppData\Local\Temp\rcdll.exe
2019-04-22 19:31 - 2019-04-22 19:31 - 000096256 _____ () C:\Users\Cristian\AppData\Local\Temp\setup (1).exe
2019-04-22 19:29 - 2019-04-22 19:29 - 000452608 _____ () C:\Users\Cristian\AppData\Local\Temp\Tstp.exe
2019-04-22 19:29 - 2019-04-22 19:29 - 005478175 _____ () C:\Users\Cristian\AppData\Local\Temp\wGenus.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\User32.dll
[2018-11-17 10:05] - [2016-11-10 13:32] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2018-12-17 13:32] - [2018-12-17 13:32] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
LastRegBack: 2019-04-20 15:18
==================== End of FRST.txt ============================Hola
Solo los iconos están con la extensión moresa o también la tienes en archivos, fotos, documentos, etc?
Si tienes algún archivo, súbelo para analizar con con ID-Ransomware:
Un saludo
Buenas, ahi te mando captura de lo que aparece en ransomware. Subí un archivo PDF que tenía en el escritorio. Muchos programas que aparecían antes ya no aparecen, lo que si me sigue saliendo cada 5 minutos (además de los íconos en blanco en el escritorio y la extensión .moresa) es propaganda abajo a la derecha de la pantalla.
Hola
Presiona donde pone “Haga clic aquí para obtener más información acerca de STOP (Djvu)”, a ver que dice.
En este enlace tienes el programa para desencriptar, a ver si tienes suerte.
Comenta como fue.
Un saludo
Le pasé el stopDecrypter y no me solucionó nada, me fijé y no solo en el escritorio, sino que fotos, videos y demás archivos que tengo en la PC están de la misma manera. Te pego lo que me aparece al final del programa:
Decrypted 519 files!
Skipped 2680 files.
[!] No keys were found for the following IDs:
[*] ID: ABZ0fuhU0alCvw5BgkRowCJyFQhpyEHF3REY5gJF (.moresa )
[*] ID: ABZ0fuhU0alCvw5BgkRowCJyFQhpyEHF3REY5gJF (.xml )
[*] ID: ABZ0fuhU0alCvw5BgkRowCJyFQhpyEHF3REY5gJF (.tmp )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MAC: 00:30:67:F8:7A:72
This info has also been logged to STOPDecrypter-log.txtHola
Lamentablemente la herramienta no los puede desencriptar, cada cierto tiempo la están actualizando, guarda todos los archivos encriptados en un USB a ver si con alguna versión los puedes recuperar.
Según he visto en el reporte de FRST, también tienes muchos programas con esa extensión, te recomendaría que después de guardar los archivos vuelvas a reinstalar el SO desde cero.
Nos comentas.
Un saludo
Bueno, muchas gracias por ayudarme, te cuento que busque y busque… Encontré un backup que tenía así que pude reinstalar todo el so y terminé con el problema. Muchas gracias por tu ayuda
Hola @Hellfield
Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte 
Me alegro que vaya ya todo bien :Bien: .
Solucionado
Un saludo