Portátil bastante infectado

#1

Hola de nuevo a todos, hace unos dias escribi sobre mi pc de sobremesa iba muy lento y tenia bastantes infecciones y demás…un tal Miguelgrado (miembro del staff por cierto al que desde aqui le vuelvo a dar las gracias) me ayudo mucho y se quedó mi pc impecable y ya va genial, este es el hilo por cierto Deshabilitar programas con ccleaner

Pero ahora mi pareja me ha dejado su portátil (que tiene alrededor de 5 años) ya que le va muuuy muuuy lento, tarda muchisimo en arrancar (a veces hay que forzar reinicio), tardar mucho simplemente en iniciar el chrome, etc etc, es más por no tener no tiene ni antivirus y tiene muchos programas y demás que son inservibles y que no utiliza, tiene que tener seguramente bastantes infecciones (creo que un formateo le iria muy bien pero quiero dejar ese recurso como última opción ya que preferiria solucionarlo en principio con programas y demás como Miguel me ayudo con mi pc, desde aqui Miguel si lees esto ayudame de nuevo con el portatil de mi pareja por favor.

Espero cuando puedas tu respuesta.

Saludos y muchisimas gracias.

#2

Hola @DjLeGoLaS

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

#3

Hola de nuevo, antes de nada agradecerte por contestar y ayudarme, aqui estan los reportes del malwarebyte y del adwcleaner:

Malwarebytes


www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 23/4/19
Hora del análisis: 12:00
Archivo de registro: 90911132-65ae-11e9-8f10-4c72b9e26374.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10290
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.590)
CPU: x64
Sistema de archivos: NTFS
Usuario: sandrita-pc\sandra

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 313431
Amenazas detectadas: 95
Amenazas en cuarentena: 95
Tiempo transcurrido: 15 min, 40 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 26
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LAUNCHSIGNUP, En cuarentena, [607], [315082],1.0.10290
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{540DAA6F-9AF8-4B62-A675-C56287336C13}, En cuarentena, [607], [315082],1.0.10290
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{540DAA6F-9AF8-4B62-A675-C56287336C13}, En cuarentena, [607], [315082],1.0.10290
PUP.Optional.CrossRider, HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, En cuarentena, [437], [253010],1.0.10290
PUP.Optional.CouponMarvel, HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\lollipop, En cuarentena, [2490], [253334],1.0.10290
PUP.Optional.SysTweak, HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\systweak, En cuarentena, [1504], [327156],1.0.10290
PUP.Optional.ShopperPro, HKLM\SOFTWARE\SHOPPERPRO, En cuarentena, [159], [243020],1.0.10290
PUP.Optional.SearchTheWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchTheWebARP, En cuarentena, [7072], [469008],1.0.10290
PUP.Optional.SysTweak, HKLM\SOFTWARE\WOW6432NODE\systweak, En cuarentena, [1504], [327155],1.0.10290
PUP.Optional.Vittalia, HKLM\SOFTWARE\WOW6432NODE\Vittalia, En cuarentena, [684], [315309],1.0.10290
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, En cuarentena, [550], [169917],1.0.10290
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, En cuarentena, [550], [169917],1.0.10290
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, En cuarentena, [550], [169917],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, En cuarentena, [7455], [170040],1.0.10290
Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, En cuarentena, [7455], [170040],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}, En cuarentena, [95], [169753],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}, En cuarentena, [95], [169753],1.0.10290

Valor del registro: 9
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [2490], [-1],0.0.0
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [2490], [-1],0.0.0
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{540DAA6F-9AF8-4B62-A675-C56287336C13}|PATH, En cuarentena, [607], [315079],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}, En cuarentena, [95], [538246],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}, En cuarentena, [95], [538247],1.0.10290
PUP.Optional.ShopperPro, HKLM\SOFTWARE\SHOPPERPRO|DBLOCATION, En cuarentena, [159], [243020],1.0.10290
PUP.Optional.BrowserProtect, HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING|BPROTECTSHOWTABSWELCOME, En cuarentena, [921], [538248],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}, En cuarentena, [95], [538246],1.0.10290
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXT\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}, En cuarentena, [95], [538247],1.0.10290

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 7
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\USERS\SANDRA\APPDATA\LOCALLOW\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\Company\Product\1.0, En cuarentena, [3634], [247040],1.0.10290
PUP.Optional.VBates, C:\USERS\SANDRA\APPDATA\LOCALLOW\COMPANY\PRODUCT, En cuarentena, [3634], [247040],1.0.10290
PUP.Optional.SysTweak, C:\Users\sandra\AppData\Roaming\systweak\BeforeUninstall, En cuarentena, [1504], [327152],1.0.10290
PUP.Optional.SysTweak, C:\USERS\SANDRA\APPDATA\ROAMING\SYSTWEAK, En cuarentena, [1504], [327152],1.0.10290

Archivo: 53
PUP.Optional.MyPCBackup, C:\WINDOWS\SYSTEM32\TASKS\LAUNCHSIGNUP, En cuarentena, [607], [315082],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, En cuarentena, [3634], [180957],1.0.10290
PUP.Optional.VBates, C:\USERS\SANDRA\APPDATA\LOCALLOW\COMPANY\PRODUCT\1.0\LOCALSTORAGEIE.TXT, En cuarentena, [3634], [247040],1.0.10290
PUP.Optional.VBates, C:\Users\sandra\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, En cuarentena, [3634], [247040],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_couponxplorer.dl.myway.com_0.localstorage, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_couponxplorer.dl.myway.com_0.localstorage-journal, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage-journal, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_everydaylookup.dl.myway.com_0.localstorage, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_everydaylookup.dl.myway.com_0.localstorage-journal, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.myway.com_0.localstorage, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.myway.com_0.localstorage-journal, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, En cuarentena, [1745], [443124],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_couponxplorer.dl.tb.ask.com_0.localstorage, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_couponxplorer.dl.tb.ask.com_0.localstorage-journal, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.tb.ask.com_0.localstorage-journal, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_everydaylookup.dl.tb.ask.com_0.localstorage, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_everydaylookup.dl.tb.ask.com_0.localstorage-journal, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.tb.ask.com_0.localstorage, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.tb.ask.com_0.localstorage-journal, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, En cuarentena, [1745], [443123],1.0.10290
PUP.Optional.MindSpark.Generic, C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, En cuarentena, [1745], [443123],1.0.10290
PUM.Optional.FireFoxSearchOverride, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KZECYQFM.DEFAULT\USER.JS, En cuarentena, [14592], [302273],1.0.10290
PUM.Optional.FireFoxSearchOverride, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\USER.JS, En cuarentena, [14592], [302273],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
PUP.Optional.Iminent, C:\USERS\SANDRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SOLO_491952\PREFS.JS, Sustituido, [95], [301714],1.0.10290
Generic.Malware/Suspicious, C:\USERS\SANDRA\DESKTOP\MICROSFOT OFFICE 2013 64 BITS\ACTIVADOR PARA WINDOWS 8.1\KMSPICO_SETUP.EXE, En cuarentena, [0], [392686],1.0.10290

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

-------------------------------

Malwarebytes AdwCleaner 7.3.0.0

-------------------------------

Build: 04-04-2019

Database: 2019-04-18.2 (Cloud)

Support: https://www.malwarebytes.com/support

-------------------------------

Mode: Clean

-------------------------------

Start: 04-23-2019

Duration: 00:01:14

OS: Windows 10 Home

Cleaned: 275

Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\globalUpdate Deleted C:\Program Files (x86)\predm Deleted C:\ProgramData\WPM Deleted C:\ProgramData\apn Deleted C:\ProgramData\eSafe Deleted C:\Users\sandra\AppData\LocalLow\Check Point Software Technologies LTD Deleted C:\Users\sandra\AppData\Local\DProtect Deleted C:\Users\sandra\AppData\Local\globalUpdate Deleted C:\Users\sandra\AppData\Local\lollipop Deleted C:\Users\sandra\AppData\Roaming\FreeSoftwareUpdater Deleted C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\eBay.lnk Deleted C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_491952\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\YTDOWNLOADER Deleted C:\Windows\System32\Tasks\YTDOWNLOADERUPD

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{13AFB5D6-796C-46F6-9F40-B5F0B6AC0D9} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{2046475E-E9EC-47B4-AB42-8E9CFE4BED21} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{2165ECAF-3B-4337-B9F1-1C8763654DE} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{26253711-59FB-498B-8FFE-EFB4CB85AE0} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{27667108-D621-47DE-81BA-16767593A35} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{276F2352-F9B7-4506-A830-3D9ED8D348D} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{2B9FC037-B33D-4F8C-BF3F-D5E2365E6386} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{2C8A8615-B38-4611-85AB-438838EBAE6} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{4CF42ED0-ACC-4D46-8C26-36A1A0A41B67} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{4EB51A76-4170-4D83-A616-688CD6AB866D} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{5265EA2B-DF7-4139-A24C-832C53DCDF6} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{531BBE97-A44C-431E-BF7E-F62913B6D4B} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{5B0EFCDA-C378-4291-BD9E-C5CFAC8CBFC} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{65AF13DB-A9D-40E8-84F5-32BD4B828EFC} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{67FD222E-EFD5-4BDB-817B-DBEDBD31E4B} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7899841F-14A-4773-A253-AF782A41F5C3} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7A46186D-6259-45FD-9416-C35A7777EF80} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7BA33697-F09C-4E37-BEFD-DF73DCB16913} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7FEDC9C9-E64-420B-943-1675F4F817A6} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{8DE8DB81-D480-4239-89FE-98307B878FA} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{90011C30-7019-4239-B94F-45BD626025B4} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{9CD858F-C662-4761-87FC-C424C724B04C} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A440F97-1767-4BCD-95C8-6597395A66F} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A702C7A2-E9C9-4890-9AC8-17F0CAC858D3} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{B2076CF7-9D-4300-9F4E-8C7AA89B989F} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{BDE20566-78B9-4706-A93D-45701657172} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{C3208206-4B03-4CCA-BFEF-7083B03E2096} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{C6DF7BA7-26AF-4272-ABC8-B012697DA34B} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{C7096FE2-D44-4274-A3C3-A6C60E5D7D} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{D15A7510-DE75-46A9-A622-B7EE1F1C7E6} Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{F248B5ED-EAFE-4EFE-BE5E-1319D5A9A87} Deleted HKCU\Software\AppDataLow\Software\Smartbar Deleted HKCU\Software\BABSOLUTION Deleted HKCU\Software\Conduit Deleted HKCU\Software\ContextTrue Deleted HKCU\Software\GlobalUpdate Deleted HKCU\Software\InstalledBrowserExtensions Deleted HKCU\Software\Microsoft\Internet Explorer\AboutUrls|Tabs Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.zonealarm.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\sweet-page.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.sweet-page.com Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes{70F6650C-495F-472D-971C-FED14090A71D} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Deleted HKCU\Software\Mozilla\Extends Deleted HKCU\Software\SIMPLYTECH Deleted HKCU\Software\Softonic Deleted HKCU\Software\YTDownloader Deleted HKCU\Software\delta Deleted HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Deleted HKLM\SOFTWARE\Classes\AppID\escort.DLL Deleted HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Deleted HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Deleted HKLM\SOFTWARE\Classes\AppID\esrv.EXE Deleted HKLM\SOFTWARE\Classes\Record{181480C8-90AC-3430-B39A-CD121E034A1A} Deleted HKLM\SOFTWARE\Classes\Record{2009AF2F-5786-3067-8799-B97F7832FDD6} Deleted HKLM\SOFTWARE\Classes\Record{425E7597-03A2-338D-B72A-0E51FFE77A7E} Deleted HKLM\SOFTWARE\Classes\Record{8F54FA54-1DF8-3B20-890C-CDD95364BC95} Deleted HKLM\SOFTWARE\Classes\Record{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} Deleted HKLM\SOFTWARE\Classes\Record{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{21B0CBB8-A6CC-4EAA-98F4-F9EE87F0AF68} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AE2CFD64-67C0-45DC-AA91-8D873CFEEFD4} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{485216F8-76CD-4148-944D-EE883FB9FF6E} Deleted HKLM\Software\Classes\AppID{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Deleted HKLM\Software\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947} Deleted HKLM\Software\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Deleted HKLM\Software\Classes\AppID{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B} Deleted HKLM\Software\Classes\AppID{B12E99ED-69BD-437C-86BE-C862B9E5444D} Deleted HKLM\Software\Classes\AppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Deleted HKLM\Software\Classes\CLSID{AE07101B-46D4-4A98-AF68-0333EA26E113} Deleted HKLM\Software\Classes\CLSID{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Deleted HKLM\Software\Classes\Interface{021B4049-F57D-4565-A693-FD3B04786BFA} Deleted HKLM\Software\Classes\Interface{0362AA09-808D-48E9-B360-FB51A8CBCE09} Deleted HKLM\Software\Classes\Interface{06844020-CD0B-3D3D-A7FE-371153013E49} Deleted HKLM\Software\Classes\Interface{0ADC01BB-303B-3F8E-93DA-12C140E85460} Deleted HKLM\Software\Classes\Interface{10D3722F-23E6-3901-B6C1-FF6567121920} Deleted HKLM\Software\Classes\Interface{1675E62B-F911-3B7B-A046-EB57261212F3} Deleted HKLM\Software\Classes\Interface{192929F2-9273-3894-91B0-F54671C4C861} Deleted HKLM\Software\Classes\Interface{2932897E-3036-43D9-8A64-B06447992065} Deleted HKLM\Software\Classes\Interface{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Deleted HKLM\Software\Classes\Interface{32B80AD6-1214-45F4-994E-78A5D482C000} Deleted HKLM\Software\Classes\Interface{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Deleted HKLM\Software\Classes\Interface{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Deleted HKLM\Software\Classes\Interface{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Deleted HKLM\Software\Classes\Interface{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Deleted HKLM\Software\Classes\Interface{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Deleted HKLM\Software\Classes\Interface{641593AF-D9FD-30F7-B783-36E16F7A2E08} Deleted HKLM\Software\Classes\Interface{711FC48A-1356-3932-94D8-A8B733DBC7E4} Deleted HKLM\Software\Classes\Interface{72227B7F-1F02-3560-95F5-592E68BACC0C} Deleted HKLM\Software\Classes\Interface{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Deleted HKLM\Software\Classes\Interface{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Deleted HKLM\Software\Classes\Interface{8C68913C-AC3C-4494-8B9C-984D87C85003} Deleted HKLM\Software\Classes\Interface{8D019513-083F-4AA5-933F-7D43A6DA82C4} Deleted HKLM\Software\Classes\Interface{923F6FB8-A390-370E-A0D2-DD505432481D} Deleted HKLM\Software\Classes\Interface{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} Deleted HKLM\Software\Classes\Interface{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Deleted HKLM\Software\Classes\Interface{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Deleted HKLM\Software\Classes\Interface{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Deleted HKLM\Software\Classes\Interface{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Deleted HKLM\Software\Classes\Interface{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Deleted HKLM\Software\Classes\Interface{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Deleted HKLM\Software\Classes\Interface{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Deleted HKLM\Software\Classes\Interface{D16107CD-2AD5-46A8-BA59-303B7C32C500} Deleted HKLM\Software\Classes\Interface{D25B101F-8188-3B43-9D85-201F372BC205} Deleted HKLM\Software\Classes\Interface{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Deleted HKLM\Software\Classes\Interface{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Deleted HKLM\Software\Classes\Interface{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Deleted HKLM\Software\Classes\Interface{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Deleted HKLM\Software\Classes\Interface{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Deleted HKLM\Software\Classes\Interface{E1B4C9DE-D741-385F-981E-6745FACE6F01} Deleted HKLM\Software\Classes\Interface{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Deleted HKLM\Software\Classes\Interface{ED916A7B-7C68-3198-B87D-2DABC30A5587} Deleted HKLM\Software\Classes\Interface{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Deleted HKLM\Software\Classes\Interface{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Deleted HKLM\Software\Classes\Interface{FC32005D-E27C-32E0-ADFA-152F598B75E7} Deleted HKLM\Software\Classes\Prod.cap Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Default_Search_URL Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Search Bar Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Search Page Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Start Default_Page_URL Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\SearchURI|(Default) Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\SearchUrl|(Default) Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Default_Search_URL Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Search Bar Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Search Page Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Start Default_Page_URL Deleted HKLM\Software\Classes\Software\Microsoft\Internet Explorer\Search|Start Page Deleted HKLM\Software\Classes\TypeLib{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Deleted HKLM\Software\Classes\TypeLib{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Deleted HKLM\Software\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Deleted HKLM\Software\Classes\TypeLib{82351433-9094-11D1-A24B-00A0C932C7DF} Deleted HKLM\Software\Classes\TypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Deleted HKLM\Software\Classes\TypeLib{DB538320-D3C5-433C-BCA9-C4081A054FCF} Deleted HKLM\Software\Classes\TypeLib{E00DE9B9-B128-4C39-B732-B5D85013FA48} Deleted HKLM\Software\Classes\TypeLib{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Deleted HKLM\Software\InstalledBrowserExtensions Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Deleted HKLM\Software\Wow6432Node\5d6d9dcbd35e415 Deleted HKLM\Software\Wow6432Node\Conduit Deleted HKLM\Software\Wow6432Node\GlobalUpdate Deleted HKLM\Software\Wow6432Node\InstalledBrowserExtensions Deleted HKLM\Software\Wow6432Node\MaxPower Deleted HKLM\Software\Wow6432Node\PIP Deleted HKLM\Software\Wow6432Node\SiteSee Deleted HKLM\Software\Wow6432Node\SoftwareUpdater Deleted HKLM\Software\Wow6432Node\Wpm Deleted HKLM\Software\Wow6432Node\YTDownloader Deleted HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL Deleted HKLM\Software\Wow6432Node\Classes\AppID\esrv.EXE Deleted HKLM\Software\Wow6432Node\Classes\AppID{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Deleted HKLM\Software\Wow6432Node\Classes\AppID{09C554C3-109B-483C-A06B-F14172F1A947} Deleted HKLM\Software\Wow6432Node\Classes\AppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Deleted HKLM\Software\Wow6432Node\Classes\AppID{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B} Deleted HKLM\Software\Wow6432Node\Classes\AppID{B12E99ED-69BD-437C-86BE-C862B9E5444D} Deleted HKLM\Software\Wow6432Node\Classes\AppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{61AB12E1-A5FF-11D1-B2E9-444553540000} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{82351441-9094-11D1-A24B-00A0C932C7DF} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{987D9269-F8A1-408F-BF62-4397D2F5363E} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{AE07101B-46D4-4A98-AF68-0333EA26E113} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Deleted HKLM\Software\Wow6432Node\Classes\CLSID{F1963E76-845B-474C-8C7F-D69A96D8AA34} Deleted HKLM\Software\Wow6432Node\Classes\Interface{021B4049-F57D-4565-A693-FD3B04786BFA} Deleted HKLM\Software\Wow6432Node\Classes\Interface{0362AA09-808D-48E9-B360-FB51A8CBCE09} Deleted HKLM\Software\Wow6432Node\Classes\Interface{06844020-CD0B-3D3D-A7FE-371153013E49} Deleted HKLM\Software\Wow6432Node\Classes\Interface{0ADC01BB-303B-3F8E-93DA-12C140E85460} Deleted HKLM\Software\Wow6432Node\Classes\Interface{10D3722F-23E6-3901-B6C1-FF6567121920} Deleted HKLM\Software\Wow6432Node\Classes\Interface{1675E62B-F911-3B7B-A046-EB57261212F3} Deleted HKLM\Software\Wow6432Node\Classes\Interface{192929F2-9273-3894-91B0-F54671C4C861} Deleted HKLM\Software\Wow6432Node\Classes\Interface{2932897E-3036-43D9-8A64-B06447992065} Deleted HKLM\Software\Wow6432Node\Classes\Interface{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Deleted HKLM\Software\Wow6432Node\Classes\Interface{32B80AD6-1214-45F4-994E-78A5D482C000} Deleted HKLM\Software\Wow6432Node\Classes\Interface{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Deleted HKLM\Software\Wow6432Node\Classes\Interface{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Deleted HKLM\Software\Wow6432Node\Classes\Interface{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Deleted HKLM\Software\Wow6432Node\Classes\Interface{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Deleted HKLM\Software\Wow6432Node\Classes\Interface{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Deleted HKLM\Software\Wow6432Node\Classes\Interface{641593AF-D9FD-30F7-B783-36E16F7A2E08} Deleted HKLM\Software\Wow6432Node\Classes\Interface{711FC48A-1356-3932-94D8-A8B733DBC7E4} Deleted HKLM\Software\Wow6432Node\Classes\Interface{72227B7F-1F02-3560-95F5-592E68BACC0C} Deleted HKLM\Software\Wow6432Node\Classes\Interface{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Deleted HKLM\Software\Wow6432Node\Classes\Interface{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Deleted HKLM\Software\Wow6432Node\Classes\Interface{8C68913C-AC3C-4494-8B9C-984D87C85003} Deleted HKLM\Software\Wow6432Node\Classes\Interface{8D019513-083F-4AA5-933F-7D43A6DA82C4} Deleted HKLM\Software\Wow6432Node\Classes\Interface{923F6FB8-A390-370E-A0D2-DD505432481D} Deleted HKLM\Software\Wow6432Node\Classes\Interface{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} Deleted HKLM\Software\Wow6432Node\Classes\Interface{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Deleted HKLM\Software\Wow6432Node\Classes\Interface{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Deleted HKLM\Software\Wow6432Node\Classes\Interface{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Deleted HKLM\Software\Wow6432Node\Classes\Interface{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Deleted HKLM\Software\Wow6432Node\Classes\Interface{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Deleted HKLM\Software\Wow6432Node\Classes\Interface{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Deleted HKLM\Software\Wow6432Node\Classes\Interface{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Deleted HKLM\Software\Wow6432Node\Classes\Interface{D16107CD-2AD5-46A8-BA59-303B7C32C500} Deleted HKLM\Software\Wow6432Node\Classes\Interface{D25B101F-8188-3B43-9D85-201F372BC205} Deleted HKLM\Software\Wow6432Node\Classes\Interface{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Deleted HKLM\Software\Wow6432Node\Classes\Interface{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Deleted HKLM\Software\Wow6432Node\Classes\Interface{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Deleted HKLM\Software\Wow6432Node\Classes\Interface{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Deleted HKLM\Software\Wow6432Node\Classes\Interface{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Deleted HKLM\Software\Wow6432Node\Classes\Interface{E1B4C9DE-D741-385F-981E-6745FACE6F01} Deleted HKLM\Software\Wow6432Node\Classes\Interface{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Deleted HKLM\Software\Wow6432Node\Classes\Interface{ED916A7B-7C68-3198-B87D-2DABC30A5587} Deleted HKLM\Software\Wow6432Node\Classes\Interface{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Deleted HKLM\Software\Wow6432Node\Classes\Interface{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Deleted HKLM\Software\Wow6432Node\Classes\Interface{FC32005D-E27C-32E0-ADFA-152F598B75E7} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{82351433-9094-11D1-A24B-00A0C932C7DF} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{DB538320-D3C5-433C-BCA9-C4081A054FCF} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{E00DE9B9-B128-4C39-B732-B5D85013FA48} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Deleted HKLM\Software\Wow6432Node\delta Deleted HKLM\Software\Wow6432Node{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SrvUpdater Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Wpm Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WsysSvc Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\srvPlgProtect Deleted HKU.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


[+] Delete Tracing Keys [+] Reset Winsock


AdwCleaner[S00].txt - [31647 octets] - [23/04/2019 12:37:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

hice lo del ccleaner y me ha liberado bastante porqueria, imagino que habrá que hacer mas limpieza con otros programas pero me gustaria también saber que programas puedo desactivar/borrar del inicio a través del ccleaner, te adjunto imagen:

cap

por cierto creo que el pc va un pelin mejor pero creo que puede ir bastante mejor, hay muchos programas que nose para que son y nose si borrarlos, quedo a la espera.

Saludos y muchisimas gracias.

#4

Hola

De momento no vamos a utilizar Ccleaner para desactivar programas de inicio.

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

#5

Hola de nuevo y gracias por responder, aqui te dejo los reportes:


 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.04.2019
Ran by sandra (administrator) on SANDRITA-PC (TOSHIBA SATELLITE C855-21M) (25-04-2019 03:56:58)
Running from C:\Users\sandra\Desktop
Loaded Profiles: sandra (Available Profiles: sandra)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
() [File not signed] C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc. -> SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Toshiba) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sandra\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc. -> SRS Labs, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) [File not signed]
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6883840 2012-08-31] (Pegatron Corporation) [File not signed]
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-19] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-15] (Google LLC -> Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06343C6C-B7A9-4C68-8D7B-87FC8FC47E69} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock-sih => C:\Program Files\rempl\remsh.exe
Task: {1080E1C5-C696-4A66-A96B-0E1D6A452528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {213AB1BA-31DA-4C13-A1F2-38E197418CC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {27E85252-6647-4D88-B34B-D30370EB5CBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3687132D-8784-4B89-88AF-ECC5DE205DBD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3B48D3C9-61A1-49DD-A4E3-72EEA1C5DB80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {43EB9567-289D-4CF7-9C8C-7FE0D1E8B22F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe [471472 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {46DE3DA2-5CCA-490E-8FCA-90970B6B8553} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48F9B706-E598-45D6-B504-346E093A24E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {51F83C49-BBB6-4733-A4FF-4407B339E5BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {59220674-CF89-44E2-8392-2980CCC9FA9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5C9D7FFE-4CC4-40A9-A8B7-FD06ACD431E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe [471472 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {638DA377-614B-47A5-8893-79F334F22701} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {66780AA0-4E71-440F-82EB-2613C86B8834} - \WPD\SqmUpload_S-1-5-21-139378632-3801230044-3849559780-1001 -> No File <==== ATTENTION
Task: {6A1DC2AE-B0CF-4B1A-91C0-AD6E0092744C} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {6B58CBC3-2C11-4118-81E3-DBC3F7A35429} - System32\Tasks\Microsoft\Windows\rempl\shell-compact => C:\Program Files\rempl\remsh.exe
Task: {733EB426-1B3E-4FE0-934F-654AAD380465} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [1295496 2012-07-27] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {811B491D-5FB9-4CB5-ABE0-3B611DD15927} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {852B9459-9F99-4054-B313-591A069CED2D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [461272 2012-08-14] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
Task: {8837D1A0-C4E3-43EA-B669-B978922D41E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {887E0420-63B3-47F3-8098-28951A46D4B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe [471472 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {93460F39-06D3-4CDF-A9D7-BE4BE25FEC65} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe [471472 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {93DADCC4-9C6D-4A87-A156-D61C4C9C5E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {9E0EC6B5-4522-478D-9EA3-BDEE2253E188} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A1A68E40-AAED-4318-9319-2B823B1D4C51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A671B0DE-CD64-4663-A350-0E46367EF61F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A732827F-2F35-47CD-8D93-252A101F0258} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {A9115097-F223-4992-944B-9C13A1A49C42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ACFF74D3-EFB2-4C8E-94D2-0C9A5CD9F745} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock-storagesense => C:\Program Files\rempl\remsh.exe
Task: {B52D09FC-8E53-4024-9C80-5DEA7C413262} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C6CDED7A-DDC0-4E01-85B3-326E8CBD6E4C} - System32\Tasks\Microsoft\Windows\rempl\shell-restore => C:\Program Files\rempl\remsh.exe
Task: {CD65D139-8491-4AD4-B121-843A156707EE} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
Task: {D2A7CBB7-0A95-42DE-882F-CD7E7E3E0DA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA3116C3-6D8E-4ECF-82B5-0FE1FEBD1D8A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E312BF55-7209-4E46-ADB8-444050548C25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CNS.job => C:\Users\sandra\AppData\Roaming\CNS.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
#6

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{921b557d-5045-4e3a-9356-510a4bead8e0}: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{afedd1bc-5dd3-49a2-b75d-c3b6acb92450}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> DefaultScope {70F6650C-495F-472D-971C-FED14090A71D} URL = 
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> {EA6DEC38-E156-47C4-A18B-58FC488030BF} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default [2019-04-25]
FF Extension: (leethax.net extension) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\[email protected] [2014-12-22] [Legacy] [not signed]
FF Extension: (582195F592E740a0A127DB71295901D7) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2015-04-07] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG -> Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR DefaultSearchURL: Default -> hxxps://forospyware.com/t/portatil-bastante-infectado/7450/3
CHR Profile: C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default [2019-04-25]
CHR Extension: (Presentaciones) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Documentos) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-21]
CHR Extension: (Búsqueda de Google) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Adobe Acrobat) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-15]
CHR Extension: (Hojas de cálculo) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-29]
CHR Extension: (AdBlock) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-15]
CHR Extension: (Gmail) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21]
CHR Profile: C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-23]
CHR Profile: C:\Users\sandra\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [255472 2015-12-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-07-23] (北京悠然天地科技有限公司 -> )
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-06-22] (CyberLink -> )
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [713816 2018-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-20] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21648880 2015-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674288 2015-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Semiconductor Corp -> Realtek Microelectronics)
S3 RtkBtFilter2; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Semiconductor Corp -> Realtek Microelectronics)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-31] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (AnchorFree Inc -> Anchorfree Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-20] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-25 03:56 - 2019-04-25 04:00 - 000028916 _____ C:\Users\sandra\Desktop\FRST.txt
2019-04-25 03:56 - 2019-04-25 03:56 - 000000000 ____D C:\FRST
2019-04-25 03:55 - 2019-04-25 03:56 - 002429952 _____ (Farbar) C:\Users\sandra\Desktop\FRST64.exe
2019-04-23 12:50 - 2019-04-23 12:50 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-23 12:50 - 2019-04-23 12:50 - 000002882 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-23 12:50 - 2019-04-23 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-23 12:50 - 2019-04-23 12:50 - 000000000 ____D C:\Program Files\CCleaner
2019-04-23 12:35 - 2019-04-23 12:38 - 000000000 ____D C:\AdwCleaner
2019-04-23 11:56 - 2019-04-23 11:56 - 000000000 ____D C:\Users\sandra\AppData\Local\mbam
2019-04-23 11:54 - 2019-04-23 11:54 - 000000000 ____D C:\Users\sandra\AppData\Local\mbamtray
2019-04-23 11:53 - 2019-04-23 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-23 11:53 - 2019-04-23 11:53 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-23 11:53 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-23 11:53 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-23 11:48 - 2019-04-23 13:18 - 000000000 ____D C:\Users\sandra\Desktop\Mantener Pc Limpio

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-25 04:00 - 2019-01-12 23:48 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{671E2187-BA2A-4F23-BD27-6D44EB4CD635}
2019-04-25 03:57 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-23 13:08 - 2016-03-23 04:43 - 000000000 ____D C:\Users\sandra\AppData\Roaming\FileZilla
2019-04-23 13:08 - 2014-03-02 21:44 - 000000000 ____D C:\Users\sandra\AppData\Roaming\Azureus
2019-04-23 13:02 - 2018-12-08 03:45 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-23 13:02 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-23 13:02 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-23 13:02 - 2016-09-29 16:23 - 000000000 ____D C:\Users\sandra\AppData\Local\CrashDumps
2019-04-23 12:56 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-23 12:48 - 2019-01-12 23:36 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-23 12:48 - 2018-04-12 18:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-23 12:48 - 2018-04-12 18:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-23 12:41 - 2019-01-12 23:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-23 12:40 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-23 12:40 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-23 12:19 - 2015-02-02 12:35 - 000000000 ____D C:\Users\sandra\AppData\LocalLow\Company
2019-04-23 11:55 - 2013-09-01 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-23 11:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-21 20:29 - 2013-09-11 22:46 - 000000000 ____D C:\Users\sandra\AppData\Roaming\vlc
2019-04-21 13:26 - 2019-01-12 23:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-20 22:51 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-20 22:35 - 2019-01-12 23:48 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-139378632-3801230044-3849559780-1001
2019-04-20 22:20 - 2018-05-16 00:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-20 22:19 - 2019-01-12 23:22 - 000002453 _____ C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-20 22:19 - 2015-08-31 17:28 - 000000000 ___RD C:\Users\sandra\OneDrive
2019-04-16 00:31 - 2019-01-12 23:22 - 000000000 ____D C:\Users\sandra
2019-04-16 00:28 - 2016-04-14 02:12 - 000000000 ____D C:\Users\sandra\Desktop\FOTOS
2019-04-16 00:06 - 2015-07-22 17:40 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-15 03:56 - 2015-07-24 18:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-04-15 03:53 - 2019-01-13 11:02 - 000000000 ____D C:\ProgramData\Packages
2019-04-15 03:39 - 2017-08-26 14:11 - 000000000 ____D C:\Program Files\rempl
2019-04-15 03:39 - 2013-08-14 22:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-15 03:39 - 2012-12-28 01:14 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-15 03:33 - 2012-07-26 07:26 - 000000199 _____ C:\WINDOWS\win.ini
2019-04-15 02:31 - 2019-01-12 23:48 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-15 02:31 - 2019-01-12 23:48 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-15 02:18 - 2019-01-12 23:13 - 000420080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-01 19:51 - 2018-04-12 01:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 19:51 - 2018-04-12 01:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 000002086 _____ () C:\Users\sandra\AppData\Roaming\CNS
2017-12-29 05:03 - 2017-12-29 05:03 - 000000600 _____ () C:\Users\sandra\AppData\Local\PUTTY.RND

==================== Files in the root of some directories =======


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================ 
#7

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019
Ran by sandra (25-04-2019 04:01:14)
Running from C:\Users\sandra\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2019-01-12 21:50:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-139378632-3801230044-3849559780-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-139378632-3801230044-3849559780-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-139378632-3801230044-3849559780-1003 - Limited - Enabled)
Invitado (S-1-5-21-139378632-3801230044-3849559780-501 - Limited - Disabled)
sandra (S-1-5-21-139378632-3801230044-3849559780-1001 - Administrator - Enabled) => C:\Users\sandra
WDAGUtilityAccount (S-1-5-21-139378632-3801230044-3849559780-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{95EF3DDB-27C8-CDA9-9E72-5EC3F02C1B02}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1347 - DsNET Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller522360e427c) (Version: 1.0.0.0 - Conexant Systems)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
CyberLink PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815a - CyberLink Corp.)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\DreamBoxEdit) (Version:  - )
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Language Interface Pack 2010 - Euskara (HKLM-x32\...\{95140000-00FF-042D-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2010 - Galego (HKLM-x32\...\{95140000-00FF-0456-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 12 Essentials Toshiba (HKLM-x32\...\{BA8958DC-ADD7-41E5-8436-5883C7E871C7}) (Version: 12.0.00400 - Nero AG)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20768 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.930 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{E1372C2D-E720-40BD-8F74-50AF81B106B7}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
Video Grabber (HKLM\...\Uninstaller522360e6396) (Version: 1.0.0.0 - Conexant Systems)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.13000 - Nero AG) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-10-13 14:38 - 2011-10-13 14:38 - 000156672 _____ () [File not signed] C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-08-09 01:54 - 2012-08-09 01:54 - 000042496 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDesktopEventCaptor.dll
2012-08-09 01:54 - 2012-08-09 01:54 - 000014336 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIPlaceFileEntity.dll
2012-07-19 09:53 - 2012-07-19 09:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\Hotkey\TCrdMain.dll
2012-08-09 14:09 - 2012-08-09 14:09 - 001498624 _____ (Toshiba) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
2012-08-09 01:54 - 2012-08-09 01:54 - 000052224 _____ (Toshiba Corporation) [File not signed] C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll
2019-04-20 23:46 - 2019-04-20 23:46 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM\e4447920f93e9b6882cdca38f614dbd9\MOM.ni.exe
2019-04-20 23:46 - 2019-04-20 23:46 - 000391680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\4e194985da08261423852bc599fe51b9\MOM.Implementation.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000131584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\6968ee2f91a4964afd4d9ed730a08adb\LOG.Foundation.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000146432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\a71a1b22f0743f0ba68bf55a1c0dbc05\LOG.Foundation.Private.ni.dll
2019-04-20 23:44 - 2019-04-20 23:44 - 000289792 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\7f86a4ebb80c8d00defc9d03b6a345ed\LOG.Foundation.Implementation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\d95ee0ba8dbe862a8b54afb24cec9266\MOM.Foundation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\f93f26c6df9bf6fbf8b2ce5922bc706c\LOG.Foundation.Implementation.Private.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000199168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\6044b25f61519ca9f2c86273dbf59187\CCC.Implementation.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\4a3e4f82cec9c105e1afb5833d305de1\NEWAEM.Foundation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CCC\8e2347fa4e75bbef76849516085f8c11\CCC.ni.exe
2019-04-20 23:21 - 2019-04-20 23:21 - 000295424 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\a6b45d4e6016d4909974937affbdddc3\CLI.Foundation.ni.dll
2019-04-20 23:43 - 2019-04-20 23:43 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\7967f35b7cbb5a0d3cc20d87654e5a63\CLI.Foundation.XManifest.ni.dll
2019-04-20 23:41 - 2019-04-20 23:41 - 000228352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\07861dc35c0991d4881f46a6f1ead96c\CLI.Component.Runtime.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\cc1681b0a141bb4a74ecea23b2d9aa34\CLI.Component.Runtime.Shared.Private.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\f27e6263c69e5e0bee64cf5688f8681f\CLI.Foundation.Private.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\750ef3d68ea6421037665e32660217a8\CLI.Component.Runtime.Shared.ni.dll
2019-04-20 23:41 - 2019-04-20 23:41 - 000122368 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ATICCCom\f4664dc65c7216eb0807acd13280ce03\ATICCCom.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server\466a755a8e5142499979b0cae0ccef62\AEM.Server.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000890368 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\befd4e5f17dd355c35bfaa295fa758a9\ADL.Foundation.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\3d5e4f14c1c70b714156766f00ff5b9f\AEM.Server.Shared.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000275456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\3008456bf4a8eda5524e01e28aefe7f9\AEM.Plugin.Source.Kit.Server.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000090624 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\8352d5e1d5519f16c1a008d399da8182\CLI.Foundation.CoreAudioAPI.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\d088ed91fcf65288c73d8f0addf79bec\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\efd11645b1ae4e211dd89ffd90daf41d\AEM.Plugin.WinMessages.Shared.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000117248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\d3e74857c3818a14e86f6103ee0d7163\DEM.Graphics.I0601.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\10989caf4046f704acdda094bf370d29\DEM.Foundation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000015872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\b2ac88b04e0f781ac4f9c432a09bee41\DEM.Graphics.ni.dll
2019-04-20 23:37 - 2019-04-20 23:37 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\a8a43edb324bfa7940bdfca74b11302f\DEM.Graphics.I1010.ni.dll
2019-04-20 23:37 - 2019-04-20 23:37 - 003187712 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\9618313aa651be5e4e101aafea0aae75\CLI.Caste.Graphics.Runtime.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 002786304 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\520234ea3f97870cb6e6c59242a634b4\CLI.Caste.Graphics.Shared.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\a757dcd0f88e10772b06eade5ec3c6d0\AEM.Plugin.GD.Shared.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\4b595116057b875a6edcb44ad552a345\AEM.Actions.CCAA.Shared.ni.dll
2019-04-20 23:24 - 2019-04-20 23:24 - 000083456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\10bcc2a89c57857811ec8b910534b3ac\DEM.Graphics.I0709.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\22b169b2c68bcae7a59216dedfd6df46\ResourceManagement.Foundation.Private.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000018944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\e4c106a19634f76e392bcaceab4c0f6a\DEM.Graphics.I0804.ni.dll
2019-04-20 23:24 - 2019-04-20 23:24 - 000038400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\3bd5c6b6ba07d985cbd1f1b14a6fdecb\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\a566ee68fe44d55a57006cdad0a40977\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000451584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\a6745257670c1646d91fdea3e645f157\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000206336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\247143a096b5164d28b0d761bbcf5b01\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000014848 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\ed2fe119ab433e6511ee7abc99723963\DEM.Graphics.I0912.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\37ab395d1835accaf8b6fa0474e55c6b\DEM.Graphics.I0706.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\3b9a4257d13adf79969e3b76e980e896\DEM.Graphics.I0712.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000290816 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\0b6c6e51c42c510a5e09ed0ffb88dd2a\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-04-20 23:39 - 2019-04-20 23:39 - 001131008 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\8da4ed1cb43a4a1ebeaed006dc605ebf\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000154112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\860e6ce47c08276aaae67558e5e2ac4c\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000355840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\5cc118a22507ab14ec478ccc9fabcf37\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000124928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\30819c7e12a8a8560199549b46971ebc\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-04-20 23:43 - 2019-04-20 23:43 - 000011776 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\87c01e9399626f81f28c7f2c8f3e09d5\DEM.Graphics.I0812.ni.dll
2019-04-20 23:43 - 2019-04-20 23:43 - 000011264 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\79f11cb834aa0f52c4990a807ff89494\DEM.Graphics.I0805.ni.dll
2019-04-20 23:32 - 2019-04-20 23:32 - 000727552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\2a67169edd698352bd097d7e92ee7696\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\2a8e78e877ab3be47b62d587dd71ce47\AEM.Plugin.REG.Shared.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000236032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\40be6d9e93c54c75d930bb469c729fa8\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-04-20 23:37 - 2019-04-20 23:37 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\69f0a89ede992f4f2852f31c205ca108\DEM.Graphics.I0906.ni.dll
2019-04-20 23:30 - 2019-04-20 23:30 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\5c0ce7edcd8f66a5cab51414e63f2dd3\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2019-04-20 23:30 - 2019-04-20 23:30 - 000073216 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\af666f7177c9cadfbf245cc1a26f00f8\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\b62d1fca0305add424c211620cc3b3ae\AEM.Plugin.DPPE.Shared.ni.dll
2019-04-20 23:33 - 2019-04-20 23:33 - 000046592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\938e534c25efebc8e98fc0f3eda8f6c5\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-04-20 23:33 - 2019-04-20 23:33 - 000104448 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\6c915ffe16d4d46cec59e47e3b772eac\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\7515ee39b2d118e69e9cd316e14a8e66\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\3f95518e52f26511cb80790bed0672e7\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-04-20 23:34 - 2019-04-20 23:34 - 000062976 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\53aeaab46090511b394bdea5ff7fa538\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2019-04-20 23:34 - 2019-04-20 23:34 - 000050176 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\e7eeaf50764610fd3d5ef1d0a0576c83\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2019-04-20 23:26 - 2019-04-20 23:26 - 000056320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\0039ee2c8919909be13c299447671b14\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2019-04-20 23:25 - 2019-04-20 23:25 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\c8a590bc84add6a61e4183026b523899\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2019-04-20 23:37 - 2019-04-20 23:37 - 000304640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\1eb80f0d7b7ad0f7b15cdd74dd49b7a7\CLI.Caste.Fuel.Runtime.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\9058c64457196a96220a2c94d36700ac\CLI.Caste.Fuel.Shared.ni.dll
2019-04-20 23:37 - 2019-04-20 23:37 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\aaef41ee247dc5ab2f3b80f408967d5d\Fuel.Foundation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 001144320 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\8312516c551bdd09e1d94a6d8fec9be9\Localization.Foundation.Private.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000043520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\1fdcd4473c6fa718ce78a1c9831e91f2\CLI.Caste.Platform.Runtime.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\d975306dd18debb8ba0af7a069bcc3a6\CLI.Caste.Platform.Shared.ni.dll
2019-04-20 23:39 - 2019-04-20 23:39 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\c1e7ba8d44a2fa40512edce2bc82d9be\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-04-20 23:30 - 2019-04-20 23:30 - 000337408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\de1f944b7929d4d05be9083c11a9c980\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\0c36931d443ec2e9eff8aab7f27797ef\CLI.Caste.HydraVision.Runtime.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\a23f31fb2a060ada2d51ccd7a2ba4df2\CLI.Caste.HydraVision.Shared.ni.dll
2019-04-20 23:36 - 2019-04-20 23:36 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\3e57a4e361bcc23d0c62f236e6154295\CLI.Caste.A4.Runtime.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\0bf3455197867ff99fd9f9dfc6517918\CLI.Caste.A4.Shared.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000032256 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\A4.Foundation\4ca2c4be1404f99551bb4fc186aa6fe8\A4.Foundation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000250368 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Server\d1644b3d2c78376f116535104ed0a693\APM.Server.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000056320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\APM.Foundation\eb4a87a2ad021c37d914d2b9e405fc12\APM.Foundation.ni.dll
2019-04-20 23:41 - 2019-04-20 23:41 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\233048c5cd666e11028f9bf6ff6fa3ad\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-04-20 23:20 - 2019-04-20 23:20 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\fddea5e4ffe7b145c4f2490e2f4c4a9d\AEM.Plugin.EEU.Shared.ni.dll
2019-04-20 23:39 - 2019-04-20 23:39 - 000910336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\f491f046db61388ecb19d81b74c27c3b\CLI.Component.Dashboard.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000133632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\0819c63c2711c6c4be86b97bf33f2f16\CLI.Component.Client.Shared.Private.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\eda5bd40f687027f3a321ac1e3ce1c7e\CLI.Component.Client.Shared.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000086016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\0ad3e1da852c37c1f7eef93ddae89008\CLI.Component.Dashboard.Shared.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 001605632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\ba1a74cd162078693a7baf2bf2d4072d\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000574976 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\3cb9ad74e810df0160e77b81e7ce535c\CLI.Caste.Graphics.Dashboard.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 001537536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\94ff0c814fd888323a1c4762fcb13eaa\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000090112 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\5e18cf2d1cc9db1dca4951bae695eeca\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-04-20 23:28 - 2019-04-20 23:28 - 000270848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\41f2d953bd9a81ea15a42a5f281a83a5\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 007986176 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\972b194b768de64d77bfcb3efc4b6d12\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 000446464 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\1c189d71ab53ea5ce25dcd84bb020ab3\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-04-20 23:23 - 2019-04-20 23:23 - 000066560 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\b4ae2caec1c49ed047f44714ec99fe64\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 006323200 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\4f81eccd1f1b4f4a94cbaceac020d95b\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-04-20 23:32 - 2019-04-20 23:32 - 003282432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\64cbf9e9261adeee54346564297172cf\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-04-20 23:29 - 2019-04-20 23:29 - 000665600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\a4ebb8b36f7f53a14406161239e59bd0\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-04-20 23:33 - 2019-04-20 23:33 - 000073728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\d3c13222086899fa002a7efcecdf3d4b\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-04-20 23:30 - 2019-04-20 23:30 - 000152064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\0679fce5d7bdc6a01d61fc5245360b90\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2019-04-20 23:34 - 2019-04-20 23:34 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\223bde968a2e7a6a3b9a6655954fcc68\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2019-04-20 23:25 - 2019-04-20 23:25 - 000087552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\844e9ad09af7fe8f8d251fb90119fe27\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2019-04-20 23:36 - 2019-04-20 23:36 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\236d6667a48b046452855d26a7a22d4a\CLI.Caste.Fuel.Dashboard.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\34b2f455abac237d452eabdf42e90f9f\CLI.Caste.Platform.Dashboard.ni.dll
2019-04-20 23:38 - 2019-04-20 23:38 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\3ac227a735f141209479e46db9093e45\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-04-20 23:36 - 2019-04-20 23:36 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\e7718d1bb2e9d551c248e4b4d083d66c\CLI.Caste.A4.Dashboard.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 001052672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\b5f06256130ba6e661748d82d5332464\CLI.Foundation.Client.ni.dll
2019-04-20 23:40 - 2019-04-20 23:40 - 000168960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\66ead378d582b48cfde51abef4feee3d\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-04-20 23:46 - 2019-04-20 23:46 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\59f5a46be7711c11e96b5846ac883304\ResourceManagement.Foundation.Implementation.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 002497536 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.Wfbf9373c#\882bfd007fd12cced4bee797754f501d\Microsoft.WindowsAPICodePack.Shell.ni.dll
2019-04-20 23:21 - 2019-04-20 23:21 - 000332800 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.W8090224c#\f391efeb845cb0b9a4488efcaab3c422\Microsoft.WindowsAPICodePack.ni.dll
2019-04-20 23:22 - 2019-04-20 23:22 - 001642496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\1b26264cfd912b295132778c08765d9a\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000891392 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000030208 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\logger.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000061952 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\configurationManager.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000284160 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\agentInfo.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000062976 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000016896 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000018944 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\localMessage.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000012288 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sm_uuid.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000106496 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\dispatcher.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000209408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\SSLEAY32.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 002281984 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000097280 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\orchestrator.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000206336 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\corePersistenceAPI.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000400384 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000539136 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serializer.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000181760 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\payload.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000339456 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 001019392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\LIBEAY32.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000322048 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000078336 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\systemInfo.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000195584 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000018432 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\sealing.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000080384 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\channelAdapter.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000194560 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\network.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000062464 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000446976 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000142848 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\liveUpdateUtility.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000156160 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceOfferingManager.dll
2012-10-10 11:58 - 2012-08-02 00:01 - 000062976 _____ () [File not signed] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-09-11 00:40 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts


2016-02-04 11:21 - 2016-02-04 11:21 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
#8

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\PuTTY\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sandra\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 62.81.16.148 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "TPUReg(x86)"
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5233BE0DC0ACCE2D8CDA094B3BFF75F0"
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{42CB209A-FCEE-4142-89EA-024CFF006A08}] => (Allow) LPort=1688
FirewallRules: [{D10E16C5-82BA-4CD3-A3A8-C281A7261245}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1E1019F-99FF-40EE-8A99-4127E31E980E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD433731-9172-42ED-A25C-39372DBBA876}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B34F993-9C05-4918-AB12-4A7D56EA5F19}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0E35CC90-B45E-430A-AA3A-A565386001AA}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [TCP Query User{15DE588B-AF4A-400E-A2FC-3A8E3C7DFA14}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{6D1D5578-0438-4C7C-A4F1-CD029BBCAB66}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{2869516B-DCBC-41E7-B5BB-D9FF71AF76FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{B228104E-FCF5-40E3-BF6B-8B2AFFE1CD9B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{33EE7388-F176-4F65-B94C-264F69E9FE02}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{C8074AB1-E2B4-49C6-8251-6E421DD54AAE}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [UDP Query User{048210B4-0C66-4C60-95A5-ECEF1EDC9D2F}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [TCP Query User{DC716164-2CBF-4213-8382-2BD0906D1A9F}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{EAACE44F-886A-4241-9273-68BD0E1F4F2E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{A8EFDF76-5248-4AB8-B8B7-7A33B87AF729}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{464EF6FC-556D-4889-8E35-0F7519527525}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8852E959-56F3-4804-8FF1-AA7B1AE4C35C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7789119F-734C-46C2-B9B5-EF16570E32A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A19CCDE3-C5E8-4C60-9CF3-89F97612A694}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{413B6126-4D19-4300-BB16-74D815207BE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

28-02-2019 14:42:18 Windows Update
15-04-2019 03:26:10 Windows Update
20-04-2019 23:11:07 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2019 03:57:36 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/25/2019 03:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TPCHSrv.exe, versión: 1.0.0.18, marca de tiempo: 0x50124a31
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x1cfc
Hora de inicio de la aplicación con errores: 0x01d4fb09abfde961
Ruta de acceso de la aplicación con errores: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: 3f597c6e-be3f-4b46-8b17-4df7e758c00e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/23/2019 01:02:01 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (5708,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\sandra\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/23/2019 01:01:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (5708,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\sandra\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/23/2019 01:01:45 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (5708,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\sandra\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (04/23/2019 12:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TPCHSrv.exe, versión: 1.0.0.18, marca de tiempo: 0x50124a31
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2480
Hora de inicio de la aplicación con errores: 0x01d4f9c1b91af889
Ruta de acceso de la aplicación con errores: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: c1389330-672d-4b15-b7ce-52b689d544bf
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/23/2019 12:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: TPCHSrv.exe, versión: 1.0.0.18, marca de tiempo: 0x50124a31
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.556, marca de tiempo: 0x74bed8b0
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f479b
Identificador del proceso con errores: 0x2a48
Hora de inicio de la aplicación con errores: 0x01d4f9bf4ab503fd
Ruta de acceso de la aplicación con errores: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: e997f167-7972-4fa0-8e98-947c8e767b38
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/23/2019 11:45:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (04/25/2019 03:57:07 AM) (Source: DCOM) (EventID: 10016) (User: sandrita-pc)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario sandrita-pc\sandra con SID (S-1-5-21-139378632-3801230044-3849559780-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/25/2019 03:56:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/25/2019 03:55:27 AM) (Source: DCOM) (EventID: 10010) (User: sandrita-pc)
Description: El servidor {45CC1698-D1CF-417B-BC32-80EB79E05EF1} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/25/2019 03:54:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio TPCH Service se terminó de manera inesperada. Esto ha sucedido 2 veces.

Error: (04/25/2019 03:54:04 AM) (Source: DCOM) (EventID: 10016) (User: sandrita-pc)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario sandrita-pc\sandra con SID (S-1-5-21-139378632-3801230044-3849559780-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/25/2019 03:52:33 AM) (Source: DCOM) (EventID: 10016) (User: sandrita-pc)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario sandrita-pc\sandra con SID (S-1-5-21-139378632-3801230044-3849559780-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/25/2019 03:50:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/25/2019 03:50:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-02-28 15:13:01.042
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {8E9A4BCE-E306-4C7F-AF4E-B17AFADA8AFB}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-02-06 12:19:50.423
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {9F51FC2F-2EF4-498E-BA53-A27E74EC64B5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-23 12:38:47.568
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.2365.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80070643
Descripción del error: Error irrecuperable durante la instalación. 

Date: 2019-04-20 22:22:04.758
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.1923.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80072ee2
Descripción del error: Se superó el tiempo de espera para la operación 

Date: 2019-04-20 22:22:04.758
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.1923.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80072ee2
Descripción del error: Se superó el tiempo de espera para la operación 

Date: 2019-04-20 22:22:04.757
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.1923.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80072ee2
Descripción del error: Se superó el tiempo de espera para la operación 

Date: 2019-04-15 23:33:24.333
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.291.1923.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15800.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-04-23 12:13:09.041
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:13:07.011
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:13:05.309
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:13:03.578
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:13:01.733
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:12:59.572
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:12:57.073
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-23 12:12:54.995
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: Insyde Corp. 6.60 4/03/2013
Motherboard: Intel PLCSF8
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 81%
Total physical RAM: 4047.22 MB
Available physical RAM: 738.04 MB
Total Virtual: 4751.22 MB
Available Virtual: 1172.46 MB

==================== Drives ================================

Drive c: (TI30982400B) (Fixed) (Total:455.19 GB) (Free:355.66 GB) NTFS

\\?\Volume{606b5995-fde3-11e1-9d90-c6ea722139c3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{7578997a-ec8d-49fc-b8fd-51425c662a6b}\ () (Fixed) (Total:0.88 GB) (Free:0.34 GB) NTFS
\\?\Volume{72539889-ad97-458b-afb3-09aeaebbce8f}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c4a9bc5f-d90b-492c-aa43-ec4a8a182765}\ (Recovery) (Fixed) (Total:8.43 GB) (Free:0.69 GB) NTFS
\\?\Volume{606b599d-fde3-11e1-9d90-c6ea722139c3}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#9

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc. -> SRS Labs, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) [File not signed]
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6883840 2012-08-31] (Pegatron Corporation) [File not signed]
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-19] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-15] (Google LLC -> Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1080E1C5-C696-4A66-A96B-0E1D6A452528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {213AB1BA-31DA-4C13-A1F2-38E197418CC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3687132D-8784-4B89-88AF-ECC5DE205DBD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3B48D3C9-61A1-49DD-A4E3-72EEA1C5DB80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {46DE3DA2-5CCA-490E-8FCA-90970B6B8553} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51F83C49-BBB6-4733-A4FF-4407B339E5BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {59220674-CF89-44E2-8392-2980CCC9FA9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66780AA0-4E71-440F-82EB-2613C86B8834} - \WPD\SqmUpload_S-1-5-21-139378632-3801230044-3849559780-1001 -> No File <==== ATTENTION
Task: {8837D1A0-C4E3-43EA-B669-B978922D41E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E0EC6B5-4522-478D-9EA3-BDEE2253E188} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A1A68E40-AAED-4318-9319-2B823B1D4C51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A671B0DE-CD64-4663-A350-0E46367EF61F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A9115097-F223-4992-944B-9C13A1A49C42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B52D09FC-8E53-4024-9C80-5DEA7C413262} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CNS.job => C:\Users\sandra\AppData\Roaming\CNS.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> DefaultScope {70F6650C-495F-472D-971C-FED14090A71D} URL = 
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> {EA6DEC38-E156-47C4-A18B-58FC488030BF} URL = 
FF Extension: (leethax.net extension) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\[email protected] [2014-12-22] [Legacy] [not signed]
FF Extension: (582195F592E740a0A127DB71295901D7) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2015-04-07] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) [File not signed]
CHR Extension: (Chrome Media Router) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21]
CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

#10

Hola de nuevo, creo que va un poco mejor pero creo que podria ir bastante más rápido por el poco tiempo que tiene y demás…a lo mejor no se inicia tan rápido por los procesos que tiene al iniciarse (por eso te pregunte lo del ccleaner), deberia hacer algo mas? deberia actualizar windows? deberia pasarle el eset online scanner? me recomiendas de antivirus para el portatil el kaspersky free para el portatil?? me lo recomendo miguel para mi pc de sobremesa y la verdad que al menos en el de sobremesa estoy muy contento con el. Aqui te dejo el reporte del fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019
Ran by Sandra (26-04-2019 03:20:11) Run:1
Running from C:\Users\sandra\Desktop
Loaded Profiles: Sandra (Available Profiles: Sandra)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc. -> SRS Labs, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) [File not signed]
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6883840 2012-08-31] (Pegatron Corporation) [File not signed]
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-19] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-15] (Google LLC -> Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1080E1C5-C696-4A66-A96B-0E1D6A452528} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {213AB1BA-31DA-4C13-A1F2-38E197418CC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3687132D-8784-4B89-88AF-ECC5DE205DBD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3B48D3C9-61A1-49DD-A4E3-72EEA1C5DB80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {46DE3DA2-5CCA-490E-8FCA-90970B6B8553} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51F83C49-BBB6-4733-A4FF-4407B339E5BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {59220674-CF89-44E2-8392-2980CCC9FA9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66780AA0-4E71-440F-82EB-2613C86B8834} - \WPD\SqmUpload_S-1-5-21-139378632-3801230044-3849559780-1001 -> No File <==== ATTENTION
Task: {8837D1A0-C4E3-43EA-B669-B978922D41E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E0EC6B5-4522-478D-9EA3-BDEE2253E188} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A1A68E40-AAED-4318-9319-2B823B1D4C51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A671B0DE-CD64-4663-A350-0E46367EF61F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A9115097-F223-4992-944B-9C13A1A49C42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B52D09FC-8E53-4024-9C80-5DEA7C413262} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CNS.job => C:\Users\sandra\AppData\Roaming\CNS.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> DefaultScope {70F6650C-495F-472D-971C-FED14090A71D} URL = 
SearchScopes: HKU\S-1-5-21-139378632-3801230044-3849559780-1001 -> {EA6DEC38-E156-47C4-A18B-58FC488030BF} URL = 
FF Extension: (leethax.net extension) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\[email protected] [2014-12-22] [Legacy] [not signed]
FF Extension: (582195F592E740a0A127DB71295901D7) - C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2015-04-07] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN) [File not signed]
CHR Extension: (Chrome Media Router) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21]
CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\Shell\Open\Command -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDICommandInvoker.exe (Toshiba Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SRS Premium Sound HD" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ToshibaDynamicIconUtility" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TPUReg" => removed successfully
"HKU\S-1-5-21-139378632-3801230044-3849559780-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FMVC" => not found
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1080E1C5-C696-4A66-A96B-0E1D6A452528}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1080E1C5-C696-4A66-A96B-0E1D6A452528}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{213AB1BA-31DA-4C13-A1F2-38E197418CC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213AB1BA-31DA-4C13-A1F2-38E197418CC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3687132D-8784-4B89-88AF-ECC5DE205DBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3687132D-8784-4B89-88AF-ECC5DE205DBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B48D3C9-61A1-49DD-A4E3-72EEA1C5DB80}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B48D3C9-61A1-49DD-A4E3-72EEA1C5DB80}" => removed successfully
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46DE3DA2-5CCA-490E-8FCA-90970B6B8553}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46DE3DA2-5CCA-490E-8FCA-90970B6B8553}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F83C49-BBB6-4733-A4FF-4407B339E5BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F83C49-BBB6-4733-A4FF-4407B339E5BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59220674-CF89-44E2-8392-2980CCC9FA9B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59220674-CF89-44E2-8392-2980CCC9FA9B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66780AA0-4E71-440F-82EB-2613C86B8834}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66780AA0-4E71-440F-82EB-2613C86B8834}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-139378632-3801230044-3849559780-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8837D1A0-C4E3-43EA-B669-B978922D41E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8837D1A0-C4E3-43EA-B669-B978922D41E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E0EC6B5-4522-478D-9EA3-BDEE2253E188}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0EC6B5-4522-478D-9EA3-BDEE2253E188}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1A68E40-AAED-4318-9319-2B823B1D4C51}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1A68E40-AAED-4318-9319-2B823B1D4C51}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A671B0DE-CD64-4663-A350-0E46367EF61F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A671B0DE-CD64-4663-A350-0E46367EF61F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9115097-F223-4992-944B-9C13A1A49C42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9115097-F223-4992-944B-9C13A1A49C42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B52D09FC-8E53-4024-9C80-5DEA7C413262}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B52D09FC-8E53-4024-9C80-5DEA7C413262}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
C:\WINDOWS\Tasks\CNS.job => moved successfully
"HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA6DEC38-E156-47C4-A18B-58FC488030BF} => removed successfully
HKLM\Software\Classes\CLSID\{EA6DEC38-E156-47C4-A18B-58FC488030BF} => not found
C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\[email protected] => moved successfully
C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\[email protected] => path removed successfully
C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} => moved successfully
C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kzecyqfm.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7} => path removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7 => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-21] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A} => removed successfully
HKU\S-1-5-21-139378632-3801230044-3849559780-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-139378632-3801230044-3849559780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57193055 B
Java, Flash, Steam htmlcache => 721 B
Windows/system/drivers => 37620804 B
Edge => 4337596 B
Chrome => 70670309 B
Firefox => 8448022 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 257599888 B
NetworkService => 0 B
sandra => 13218131 B

RecycleBin => 0 B
EmptyTemp: => 435.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 03:21:26 ====

Saludos y muchisimas gracias

#11

Hola

Ese portátil estaba muy infectado así que iremos paso a paso para hacerle una limpieza, sin aturullarnos, no queramos tapar el sol con un dedo.

De momento te dije que no lo tomaríamos porque con Frst vamos eliminando ya alguna entrada, por eso (y me repito) iremos paso a paso sin agobios.

Eso debería estar hecho ya para ayer, quiere decir que las actualizaciones siempre tienen que estar al día, sin ellas estás dejando muy vulberable el sistema, así que pasate por Windows update, busca actualizaciones y las instalas.

Después realiza un análisis con EsetOnline.

Eso es lo último que haremos, lo que menos debemos estar haciendo ahora es realizar más descargas y cargar más el portátil.

Trae el reporte de EsetOnline y comenta como sigue el problema.

Un saludo

#12

Hola de nuevo, perdona si estoy aturullandote…windows lo acabo de actualizar entre el update y el asistente…podrias decirme porfa como se usaba el eset y sacaba el reporte del programa?? lo use hace ya dias pero se me olvido como se hacia…

Saludos y muchas gracias

#13

Hola

Revisa el manual para saber como utilizar EsetOnline y como poner el reporte.

Un saludo

#14

Hola de nuevo Danila, perdona por no haber contestado antes pero estaba muy a tope en el trabajo, aqui te dejo el reporte del eset (creo que es este):

03:34:41 # product=EOS
# version=8
# ESETOnlineScanner_ESL.exe=3.0.17.0
# country="Spain"
# lang=13322
03:38:13 Updating
03:38:13 Update Init
03:38:16 Update Download
03:39:38 esets_scanner_reload returned 0
03:39:38 g_uiModuleBuild: 41247
03:39:38 Update Finalize
03:39:39 Call m_esets_charon_send
03:39:39 Call m_esets_charon_destroy
03:39:39 Updated modules version: 41247
03:39:52 Scanner engine: 41247
11:32:56 Call m_esets_charon_send
11:32:56 Call m_esets_charon_destroy

Saludos y muchas gracias

#15

Hola

No ha detectado nada EsetOnline? Si ha mandado a cuarentena algo tiene que habero otro reporte.

Comenta como sigue el funcionamiento.

Un saludo

#16

creia que lo ponia en ese reporte (segui el manual y era ese el reporte), detectó 10 infecciones y las eliminó, algo mejor parece que va el portátil…hago mas cosas?

Saludos y muchas gracias

#17

Hola

Revisa a ver si tienes otro reporte en donde salgan las infecciones que eliminó EsetOnline.

Realiza los pasos siguientes:

1. Descarga o utiliza CCleaner a Tu escritorio. Siguiendo Su manual, lo instalas y ejecutas y utiliza las dos opciones del Uso Simple (Limpiador y Registro) del mismo, tal como se explican en el manual.

2. Realiza un análisis completo del Disco duro, siguiendo esta guía: Análisis y Escaneo del Disco Duro

3. Libera espacio de los discos siguiendo esta guía: Liberar espacios en Discos y Particiones

4. Desfragmenta el/los discos duros y particiones del PC, siguiendo esta guía: Desfragmentar Discos y Particiones

Nos comentas como sigue el funcionamiento del PC.

Un saludo

1 me gusta
#19

Hola de nuevo, siguiendo el manual de Eset puse el reporte que me generó pero ya te digo…encontró 10 infecciones y las eliminó…haciendo lo que me comentas nuevamente creo que el portatil va mejor, diria (juraria) que va bastante mejor que antes de hacerle todas las desinfecciones que me indicas…puedo hacer algo más o ya hice todo lo posible?? saludos y gracias

#20

por cierto al punto 2 (analisis y escaneo del disco duro) no me deja tener acceso por lo que no puedo ver ese post…

#21

Hola

Edité el enlace, ahora ya deberías poder acceder.

Un saludo