Posible virus espía que monitorea todo lo que hago

xxgal · 27 Noviembre, 2019 20:11

Buenas, desde hace unos meses creo que tengo un virus que monitorea todo lo que hago desde el PC o el móvil.

Abrí el cmd para ver los puertos conectados y me topo con esto: https://i.snipboard.io/enbuD2.jpg https://i.snipboard.io/xuVYhB.jpg

Cita Microsoft Windows [Versión 10.0.18362.476] (c) 2019 Microsoft Corporation. Todos los derechos reservados.

C:\WINDOWS\system32>netstat -ano

Conexiones activas

  Proto  Dirección local          Dirección remota        Estado           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1420
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5040           0.0.0.0:0              LISTENING       7156
  TCP    0.0.0.0:7680           0.0.0.0:0              LISTENING       3492
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING       1160
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING       852
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING       1880
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING       2516
  TCP    0.0.0.0:49668          0.0.0.0:0              LISTENING       4432
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING       1144
  TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       4616
  TCP    127.0.0.1:27060        0.0.0.0:0              LISTENING       8948
  TCP    127.0.0.1:50086        0.0.0.0:0              LISTENING       7780
  TCP    192.168.0.16:139       0.0.0.0:0              LISTENING       4
  TCP    192.168.0.16:49706     40.67.251.132:443      ESTABLISHED     4844
  TCP    192.168.0.16:49718     40.67.251.132:443      ESTABLISHED     4844
  TCP    192.168.0.16:49818     173.194.76.188:5228    ESTABLISHED     10280
  TCP    192.168.0.16:50065     93.184.220.29:80       CLOSE_WAIT      3704
  TCP    192.168.0.16:50329     185.185.27.179:3340    ESTABLISHED     10152
  TCP    192.168.0.16:50441     185.185.27.179:3340    ESTABLISHED     1184
  TCP    192.168.0.16:50462     185.185.27.179:3340    ESTABLISHED     11776
  TCP    192.168.0.16:50550     104.17.64.4:443        ESTABLISHED     10280
  TCP    192.168.0.16:50565     23.210.39.79:443       ESTABLISHED     10280
  TCP    192.168.0.16:50583     172.217.168.162:443    ESTABLISHED     10280
  TCP    192.168.0.16:50601     168.63.56.140:443      TIME_WAIT       0
  TCP    192.168.0.16:50602     172.217.16.238:443     ESTABLISHED     10280
  TCP    192.168.0.16:50607     40.90.136.20:443       TIME_WAIT       0
  TCP    192.168.0.16:50615     52.169.240.74:443      TIME_WAIT       0
  TCP    192.168.0.16:50626     5.62.53.167:443        ESTABLISHED     12436
  TCP    [::]:135               [::]:0                 LISTENING       1420
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:7680              [::]:0                 LISTENING       3492
  TCP    [::]:49664             [::]:0                 LISTENING       1160
  TCP    [::]:49665             [::]:0                 LISTENING       852
  TCP    [::]:49666             [::]:0                 LISTENING       1880
  TCP    [::]:49667             [::]:0                 LISTENING       2516
  TCP    [::]:49668             [::]:0                 LISTENING       4432
  TCP    [::]:49670             [::]:0                 LISTENING       1144
  TCP    [::1]:49669            [::]:0                 LISTENING       4624
  UDP    0.0.0.0:3702           *:*                                    2548
  UDP    0.0.0.0:3702           *:*                                    2548
  UDP    0.0.0.0:5050           *:*                                    7156
  UDP    0.0.0.0:5353           *:*                                    10648
  UDP    0.0.0.0:5353           *:*                                    2588
  UDP    0.0.0.0:5353           *:*                                    10648
  UDP    0.0.0.0:5355           *:*                                    2588
  UDP    0.0.0.0:49669          *:*                                    4616
  UDP    0.0.0.0:55223          *:*                                    10280
  UDP    0.0.0.0:58068          *:*                                    2548
  UDP    0.0.0.0:63938          *:*                                    4616
  UDP    127.0.0.1:1900         *:*                                    2924
  UDP    127.0.0.1:49668        *:*                                    4424
  UDP    127.0.0.1:50573        *:*                                    2924
  UDP    192.168.0.16:137       *:*                                    4
  UDP    192.168.0.16:138       *:*                                    4
  UDP    192.168.0.16:1900      *:*                                    2924
  UDP    192.168.0.16:5353      *:*                                    4616
  UDP    192.168.0.16:50572     *:*                                    2924
  UDP    [::]:3702              *:*                                    2548
  UDP    [::]:3702              *:*                                    2548
  UDP    [::]:5353              *:*                                    10648
  UDP    [::]:5353              *:*                                    2588
  UDP    [::]:5355              *:*                                    2588
  UDP    [::]:49670             *:*                                    4616
  UDP    [::]:58069             *:*                                    2548
  UDP    [::1]:1900             *:*                                    2924
  UDP    [::1]:50571            *:*                                    2924
  UDP    [fe80::881c:f3e1:a971:1aa2%3]:1900  *:*                                    2924
  UDP    [fe80::881c:f3e1:a971:1aa2%3]:50570  *:*                                    2924

C:\WINDOWS\system32>

C:\WINDOWS\system32>

Veo que 11 están en ESTABLISHED y según un vídeo son las conexiones. Me dirijo a administrador de tareas para ver en Detalles el PID, pero la pestaña Detalles me aparece en blanco, voy a la de servicios y no todas las conexiones aparecen, solo algunas

Querría saber, antes de pasar el adwcleaner o el antivirus, si puedo saber de alguna manera cuáles son esas conexiones, o como hacer para que en la pestaña detalles aparezca algo. Y antes de eliminar cualquier cosa, me encantaría, subrayo, me encantaría saber de dónde vendría ese posible virus (su IP o similares) antes de borrarlo del todo, es urgente, gracias por las molestias

EDITO; ahora funcionan los detalles y me dice que el programa es autoit.exe, algo que no sé lo que es ni que lo tenía instalado, alguien sabe?

Daniela · 27 Noviembre, 2019 23:08

Hola @xxgal bienvenid@ al ForoSpyware

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

Realiza un Análisis personalizado, actualizando si te lo pide.
Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial de detecciones encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
Cierra también todos los programas que tengas abiertos.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

Instala Ccleaner
Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

xxgal · 3 Diciembre, 2019 21:25

Malware

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 29/11/19
Hora del análisis: 20:19
Archivo de registro: 19517472-12dd-11ea-a275-7c05075afcde.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.764
Versión del paquete de actualización: 1.0.15554
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 18362.476)
CPU: x64
Sistema de archivos: NTFS
Usuario: IRMANDINHA\jorge

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 770642
Amenazas detectadas: 23
Amenazas en cuarentena: 22
Tiempo transcurrido: 97 hr, 3 min, 52 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 4
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Se eliminará al reiniciar, 201, 236865, , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Se eliminará al reiniciar, 201, 236865, , , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Se eliminará al reiniciar, 201, 236865, 1.0.15554, , ame, 
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, En cuarentena, 316, 550469, 1.0.15554, , ame, 

Valor del registro: 3
PUP.Optional.Conduit, HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Se eliminará al reiniciar, 201, 236865, 1.0.15554, , ame, 
PUP.Optional.Conduit, HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Se eliminará al reiniciar, 201, 236865, 1.0.15554, , ame, 
PUP.Optional.DefaultSearch, HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, 316, 550469, , , , 

Datos del registro: 1
PUP.Optional.Conduit, HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Se reemplazará al reiniciar, 201, 293058, 1.0.15554, , ame, 

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 3
Backdoor.NanoCore.StolenData.Generic, C:\Users\jorge\AppData\Roaming\8601C791-E818-4526-A98C-EDA4225A1363\Logs\jorge, En cuarentena, 3755, 677862, , , , 
Backdoor.NanoCore.StolenData.Generic, C:\Users\jorge\AppData\Roaming\8601C791-E818-4526-A98C-EDA4225A1363\Logs, En cuarentena, 3755, 677862, , , , 
Backdoor.NanoCore.StolenData.Generic, C:\USERS\JORGE\APPDATA\ROAMING\8601C791-E818-4526-A98C-EDA4225A1363, En cuarentena, 3755, 677862, 1.0.15554, , ame, 

Archivo: 12
PUP.Optional.DefaultSearch, C:\USERS\JORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, 316, 550469, , , , 
Backdoor.NanoCore.StolenData.Generic, C:\USERS\JORGE\APPDATA\ROAMING\8601C791-E818-4526-A98C-EDA4225A1363\RUN.DAT, Se eliminará al reiniciar, 3755, 677862, 1.0.15554, , ame, 
Backdoor.NanoCore.StolenData.Generic, C:\Users\jorge\AppData\Roaming\8601C791-E818-4526-A98C-EDA4225A1363\catalog.dat, Se eliminará al reiniciar, 3755, 677862, , , , 
Backdoor.NanoCore.StolenData.Generic, C:\Users\jorge\AppData\Roaming\8601C791-E818-4526-A98C-EDA4225A1363\settings.bin, Se eliminará al reiniciar, 3755, 677862, , , , 
Backdoor.NanoCore.StolenData.Generic, C:\Users\jorge\AppData\Roaming\8601C791-E818-4526-A98C-EDA4225A1363\storage.dat, Se eliminará al reiniciar, 3755, 677862, , , , 
PUP.Optional.Conduit, C:\USERS\JORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MT6QQ0PP.DEFAULT\PREFS.JS, Sustituido, 201, 301520, 1.0.15554, , ame, 
PUP.Optional.Conduit, C:\USERS\JORGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MT6QQ0PP.DEFAULT\PREFS.JS, Sustituido, 201, 303091, 1.0.15554, , ame, 
RiskWare.Tool.CK, C:\USERS\JORGE\DOWNLOADS\GUITAR_PRO_5.2_+_KEYGEN\KEYGEN.EXE, Se eliminará al reiniciar, 7454, 133356, 1.0.15554, 285BFE7486DDA29DE5EFAD71, dds, 00479124
Generic.Malware/Suspicious, C:\USERS\JORGE\DOWNLOADS\WARCRAFT III\WARCRAFT III\W3L.EXE, En cuarentena, 0, 392686, 1.0.15554, , shuriken, 
PUP.Optional.ASK, C:\USERS\JORGE\DOWNLOADS\ATUBE_CATCHER_ATU3_9024.EXE, Se eliminará al reiniciar, 2, 398182, 1.0.15554, , ame, 
PUP.Optional.ASK, C:\USERS\JORGE\DOWNLOADS\ATUBE_CATCHER_7986 (2).EXE, Se eliminará al reiniciar, 2, 398182, 1.0.15554, , ame, 
Generic.Malware/Suspicious, C:\USERS\JORGE\DOWNLOADS\AIRDROID_DESKTOP_CLIENT_3.3.5.3.EXE, En cuarentena, 0, 392686, 1.0.15554, , shuriken, 

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Adwcleaner

# -------------------------------
# Malwarebytes AdwCleaner 8.0.0.0
# -------------------------------
# Build:    11-21-2019
# Database: 2019-11-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-03-2019
# Duration: 00:00:19
# OS:       Windows 10 Home
# Cleaned:  49
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\jorge\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted       C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted       C:\Windows\SysWOW64\lavasofttcpservice.dll

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\acestream
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\RegisteredApplications|AceStream
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

Deleted       Adaware Secure Search
Deleted       Awesome New Tab Page
Deleted       mfhnkgpdlogbknkhlgdjlejeljbhflim

***** [ Chromium URLs ] *****

Deleted       Conduit
Deleted       Funmoods
Deleted       Search the web (Babylon)
Deleted       Search the web (Babylon)
Deleted       Search the web (Babylon)
Deleted       Search the web (Babylon)
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       facemoods

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.TOSHIBADesktopAssist   Folder   C:\Program Files\TOSHIBA\TOSHIBA DESKTOP ASSIST
Deleted       Preinstalled.TOSHIBADesktopAssist   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95CCACF0-010D-45F0-82BF-858643D8BC02}
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Folder   C:\Program Files\TOSHIBA\TPHM
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TosWaitSrv
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TosWaitSrv
Deleted       Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
Deleted       Preinstalled.TOSHIBAPasswordUtility   Folder   C:\Program Files (x86)\TOSHIBA\PASSWORD UTILITY
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|TPUReg
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|TPUReg
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
Deleted       Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
Deleted       Preinstalled.TOSHIBASystemSettings   Folder   C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TCrdMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TODDMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TODDMain
Deleted       Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0}
Deleted       Preinstalled.TOSHIBATEMPRO   Folder   C:\Program Files (x86)\TOSHIBA TEMPRO
Deleted       Preinstalled.TOSHIBATEMPRO   Folder   C:\ProgramData\TOSHIBA TEMPRO
Deleted       Preinstalled.TOSHIBATEMPRO   Registry   HKLM\Software\Classes\CLSID\{F1999956-6CC2-4912-990F-F3E26C88D250}
Deleted       Preinstalled.TOSHIBATEMPRO   Registry   HKLM\Software\Classes\CLSID\{F1999956-6CC2-4912-990F-F3E26C88D260}
Deleted       Preinstalled.TOSHIBATEMPRO   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}
Deleted       Preinstalled.TOSHIBAUtilities   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES
Deleted       Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES
Deleted       Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5718 octets] - [03/12/2019 22:07:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Daniela · 3 Diciembre, 2019 22:25

Hola

Tienes muy infectado tu equipo, vamos a seguir analizando a ver si se detecta más.

Realizas lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

Este no da reporte cuando te encuentres al finalizar, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Comenta como sigue el problema.

Un saludo

xxgal · 10 Diciembre, 2019 11:39

de kapersky nada

09/12/2019 22:28:47
Archivos analizados: 531601
Archivos infectados: 11
Amenazas desinfectadas: 11
Tiempo total de análisis 03:07:42
Estado del análisis: Finalizado


C:\IRMANDINHA\test.au3	múltiples amenazas,Win32/Autoit.ODU Troyano,una variante de Win32/Autoit.OEP Troyano	eliminado
C:\Program Files (x86)\IObit\IObit Uninstaller\Feedback.exe	una variante de Win32/IObit.AF aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitDownloader.exe	una variante de Win32/IObit.AD aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe	una variante de Win32/IObit.AD aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe	una variante de Win32/IObit.AD aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\IObit\IObit Uninstaller\Vulnerabilityfix_1908.exe	una variante de Win32/IObit.AG aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe	Win32/Visicom.C aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.B aplicación potencialmente indeseable,una variante de Win64/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.C aplicación potencialmente indeseable,una variante de Win32/Visicom.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\ProgramData\Panda Security\Panda Security Protection\Download\0x04011000\PSP_UPG_4151_18.01.xx_18.06.00_0.exe	Win32/Visicom.C aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.B aplicación potencialmente indeseable,una variante de Win64/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.C aplicación potencialmente indeseable,una variante de Win32/Visicom.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Users\jorge\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe	una variante de MSIL/WebCompanion.A aplicación potencialmente indeseable,una variante de Win32/WebCompanion.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Users\jorge\Downloads\FREEAV.exe	Win32/Visicom.C aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.B aplicación potencialmente indeseable,una variante de Win64/Toolbar.Visicom.A aplicación potencialmente indeseable,una variante de Win32/Toolbar.Visicom.C aplicación potencialmente indeseable,una variante de Win32/Visicom.A aplicación potencialmente indeseable	eliminado
C:\Users\jorge\Downloads\iobituninstaller.exe	una variante de Win32/IObit.AD aplicación potencialmente indeseable,una variante de Win32/IObit.AF aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado

Daniela · 15 Diciembre, 2019 01:28

Hola

Cómo sigue el problema.

Un saludo

xxgal · 15 Diciembre, 2019 21:22

pues el PC sigue igual. Ya te digo, creí que me infectaron el ordenador con un virus de esos que monitorean y pueden modificar cosas desde otro ordenador, por unas causas diversas, e investigando quién estaba conectado a mi red vi que una aplicación que se llama AutoIt (que al parecer la usan hackers) estaba conectado a la red y funcionando con normalidad. Estuve metiéndome en foros de hackers y esa herramienta creo que podría servir para tal fin de virus. en fin, quizás sean paranoias, yo que sé, pero un buen virus hecho por un buen pirata informático no creo que se elimine con las herramientas que me distéis por aquí, un saludo

Daniela · 15 Diciembre, 2019 22:34

Hola

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. ¿Cómo saber si mi Windows es de 32 o 64 bits.?

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

xxgal · 16 Diciembre, 2019 20:40

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by jorge (administrator) on IRMANDINHA (TOSHIBA SATELLITE C855-2KK) (16-12-2019 16:11:26)
Running from C:\Users\jorge\Desktop
Loaded Profiles: jorge (Available Profiles: jorge)
Platform: Windows 10 Home Version 1903 18362.476 (X64) Language: Español (España, alfabetización internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(DTS, Inc. -> SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Engine_Patch_1.1.16500.1.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MpCmdRun.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MpCmdRun.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security S.L -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (DTS, Inc. -> SRS Labs, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\Run: [Discord] => C:\Users\jorge\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3289040 2019-12-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-14] (Google LLC -> Google LLC)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BDC43D2-A0E3-45AF-A489-4E82D548AAA4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {0EFD3FCB-C309-47A0-BFC4-4DA10C51CF71} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {199B5CAD-3549-4E35-89C8-FA3286ACE92E} - \WPD\SqmUpload_S-1-5-21-3568817562-1715426090-130718979-1001 -> No File <==== ATTENTION
Task: {1CD56F8A-134E-4862-8B11-8A50C3B3FE8E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1CDA4AA3-7B49-440D-9624-53EF5F3E9305} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F64AB04-80C1-48D7-A9D9-82729C52CE0E} - no filepath
Task: {2A102B76-8260-4D61-BAA9-D8D0E1110260} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2FCEC8E9-0B39-471D-AB16-205F539F076C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38D7D090-AF57-4351-87AD-B19CA27163FA} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {3A4E5281-55C6-4224-828B-07F31B209A78} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {48405723-F55C-43D3-95A2-D0AAB298763A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {4DC68755-5C14-4D73-92FE-42B248C45B5E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4FDD9CBC-4675-488B-9B76-B8F2A78E09D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {5831EDA4-B28D-4C22-9513-3A42FBE11007} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5C417616-A35D-41C6-93F4-1DB0505C5B2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {69956E0C-D427-4A22-8027-69F05C56579C} - no filepath
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {72F583E6-2A64-4CDF-8964-676085739693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-26] (Google Inc -> Google Inc.)
Task: {76CE2FDE-B36C-4FB4-B597-54719FC45256} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {7DDB55CF-DE8D-4286-A74D-BF6FE3702196} - System32\Tasks\Uninstaller_SkipUac_jorge => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-05-29] (IObit Information Technology -> IObit)
Task: {83E3D43D-5B5B-4BC9-AB18-8AE0E4528FF9} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B572906-780F-40E9-BE47-DC18AA75FB41} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {8E31506E-D768-42FF-A174-8E72D1092A89} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {9DFEAC00-EC48-4BC7-8BED-E07312CF655C} - no filepath
Task: {AFF1164C-C616-40BC-BF47-996D3550309E} - System32\Tasks\Opera scheduled Autoupdate 1464173181 => C:\Program Files (x86)\Opera\launcher.exe [1346584 2019-12-12] (Opera Software AS -> Opera Software)
Task: {B4C00C9C-EEA0-458B-80DF-6B52C0917D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C208BA4B-0975-4FEA-BC54-304B587FB900} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {C46DD237-27E4-4130-A407-DDDF145405E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C76C110B-09D0-4B2F-88B7-EB454014B5DF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {CDBF608F-2DEA-4D78-B6AB-5C3FAC124B97} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe
Task: {CE20D781-83C9-4575-B437-8542450529C8} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CEFED091-5B0B-4F78-9331-622A939E15E2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D19261E8-B404-4B03-B20E-1B7423F54080} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-26] (Google Inc -> Google Inc.)
Task: {D9BA1E63-2B51-482B-9D6D-C8EA15D03539} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {DC69856F-A450-4C5B-910E-3A9B3C9613C4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA8A913F-F92F-4212-A433-BDB1B3DDC828} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F36655FD-0769-4F26-919B-0E54A59F7D6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5038043-289B-4DE7-95CD-07C110A03BEF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FBBA93B2-5FF8-49CB-A54D-07C12B53D295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{133d8331-b00a-4fc2-860e-1b5af3829110}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5f9c6553-d763-44b3-9e11-094f5c748f98}: [DhcpNameServer] 213.60.205.175 213.60.205.174 212.51.33.110

Internet Explorer:
==================
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-3568817562-1715426090-130718979-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3568817562-1715426090-130718979-1001 -> {ACEED78C-2A4D-458D-A899-EAF193BD62A4} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-17] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: mt6qq0pp.default
FF ProfilePath: C:\Users\jorge\AppData\Roaming\Mozilla\Firefox\Profiles\mt6qq0pp.default [2019-12-16]
FF Homepage: Mozilla\Firefox\Profiles\mt6qq0pp.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF SearchPlugin: C:\Users\jorge\AppData\Roaming\Mozilla\Firefox\Profiles\mt6qq0pp.default\searchplugins\bing-lavasoft-ff59.xml [2018-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Notifications: Default -> hxxps://web.tuenti.com
CHR Profile: C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default [2019-12-16]
CHR Extension: (Presentaciones) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Documentos) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (YouTube) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-23]
CHR Extension: (Google Calendar) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-08]
CHR Extension: (Hojas de cálculo) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Escritorio Remoto de Chrome) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-12-03]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (Trazador de planos) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2016-04-26]
CHR Extension: (Un viaje por la Tierra Media) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2016-04-26]
CHR Extension: (Botón Guardar de Pinterest) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-12-09]
CHR Extension: (AirDroid) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-04-26]
CHR Extension: (Tabs saver) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2016-04-26]
CHR Extension: (Until AM Web App) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-26]
CHR Extension: (Planner 5D - Diseño Interior) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-07]
CHR Extension: (Awesome New Tab Page) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2019-12-03]
CHR Extension: (ButtonBeats Guitar) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf [2016-04-26]
CHR Extension: (Apple Shooter) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfnlipcinfjmjplgegncjlmpnihecg [2018-07-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Miro) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2019-06-19]
CHR Extension: (Marc Ecko) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-04-26]
CHR Extension: (Gmail) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-19]
CHR Extension: (Chrome Media Router) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16]
CHR Extension: (Canvas Rider) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2016-04-26]
CHR Profile: C:\Users\jorge\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2019-05-29] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-29] (Malwarebytes Inc -> Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [713816 2018-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2019-05-29] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2019-05-29] (IObit Information Technology -> IObit)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-23] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [758312 2018-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\jorge\Downloads\CUENTO DE OTONIO, 1998 "
2019-12-16 16:11 - 2019-12-16 16:14 - 000031387 _____ C:\Users\jorge\Desktop\FRST.txt
2019-12-16 16:10 - 2019-12-16 16:13 - 000000000 ____D C:\FRST
2019-12-16 00:12 - 2019-12-16 00:12 - 002264064 _____ (Farbar) C:\Users\jorge\Desktop\FRST64.exe
2019-12-15 22:18 - 2019-12-15 22:18 - 000001390 _____ C:\Users\Public\Desktop\Skype.lnk
2019-12-15 22:18 - 2019-12-15 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-12-15 22:12 - 2019-12-15 22:13 - 069801720 _____ (Skype Technologies S.A.) C:\Users\jorge\Downloads\Skype-8.55.0.141.exe
2019-12-10 16:04 - 2012-04-30 18:00 - 086007112 _____ (Native Instruments GmbH) C:\Users\jorge\Desktop\Guitar Rig 5.exe
2019-12-10 16:01 - 2019-12-10 16:01 - 000001128 _____ C:\Users\Public\Desktop\Guitar Rig 5.lnk
2019-12-10 16:01 - 2019-12-10 16:01 - 000000000 __HDC C:\ProgramData\{3A20D009-047D-496D-9874-DF40CA126D3C}
2019-12-10 15:59 - 2019-12-10 15:59 - 000000000 __HDC C:\ProgramData\{C0AE4A98-3E1D-45FB-8465-ECCCB391E633}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{FD1615C0-ED4A-4CEB-94C3-1850BF1BAA6A}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{E70386C6-507F-4906-86C2-96C1066BA097}
2019-12-10 15:57 - 2019-12-10 15:57 - 000001178 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2019-12-10 15:57 - 2019-12-10 15:57 - 000000000 __HDC C:\ProgramData\{98529CCC-D431-4B85-965E-E98139A4FACD}
2019-12-10 15:53 - 2019-12-10 15:53 - 000000000 ____D C:\Users\jorge\Downloads\Guitar Rig 5 5.2.0 Setup PC
2019-12-10 15:33 - 2019-12-10 15:33 - 626495362 _____ C:\Users\jorge\Downloads\Guitar Rig 5 5.2.0 Setup PC.rar
2019-12-10 15:32 - 2019-12-10 15:32 - 100137931 _____ C:\Users\jorge\Downloads\64bits.rar
2019-12-10 15:32 - 2019-12-10 15:32 - 000000000 ____D C:\Users\jorge\Downloads\64bits
2019-12-10 15:22 - 2019-12-10 15:22 - 000000000 ____D C:\Users\jorge\Downloads\guitar rig
2019-12-10 15:16 - 2019-12-10 15:21 - 000000000 ____D C:\Users\jorge\Downloads\Native Instruments Guitar Rig 5 Pro v5.1.1 UNLOCKED - R2R [deepstatus]
2019-12-10 12:42 - 2019-12-10 12:42 - 002832080 _____ C:\Users\jorge\Downloads\UD01a-tema+exerc-resoltos.pdf
2019-12-10 12:42 - 2019-12-10 12:42 - 000111354 _____ C:\Users\jorge\Downloads\UD01b-exercicios.pdf
2019-12-10 12:42 - 2019-12-10 12:42 - 000101522 _____ C:\Users\jorge\Downloads\UD01c-videos.pdf
2019-12-10 11:57 - 2019-12-10 11:57 - 000478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\AAA821C9.sys
2019-12-10 11:57 - 2019-12-10 11:57 - 000085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\62225657.sys
2019-12-10 11:57 - 2019-12-10 11:57 - 000000000 ____D C:\KVRT_Data
2019-12-10 11:55 - 2019-12-10 11:56 - 178091448 _____ (AO Kaspersky Lab) C:\Users\jorge\Desktop\KVRT.exe
2019-12-09 22:29 - 2019-12-09 22:29 - 000006664 _____ C:\Users\jorge\Desktop\eset scan.txt
2019-12-09 18:48 - 2019-12-09 18:48 - 000000698 _____ C:\Users\jorge\Desktop\ESET Online Scanner.lnk
2019-12-09 18:47 - 2019-12-09 17:06 - 008162616 _____ (ESET spol. s r.o.) C:\Users\jorge\Desktop\esetonlinescanner_esn.exe
2019-12-09 17:06 - 2019-12-09 17:06 - 008162616 _____ (ESET spol. s r.o.) C:\Users\jorge\Downloads\esetonlinescanner_esn.exe
2019-12-09 17:06 - 2019-12-09 17:06 - 000000821 _____ C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2019-12-09 17:06 - 2019-12-09 17:06 - 000000000 ____D C:\Users\jorge\AppData\Local\ESET
2019-12-03 23:06 - 2019-12-03 23:07 - 001956424 _____ C:\Users\jorge\Downloads\17794.rar
2019-12-03 22:17 - 2019-12-03 22:17 - 000000000 ____D C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2019-12-03 22:05 - 2019-12-03 22:05 - 008218800 _____ (Malwarebytes) C:\Users\jorge\Desktop\adwcleaner_8.0.0.exe
2019-12-03 21:53 - 2019-12-03 21:54 - 000005256 _____ C:\Users\jorge\Desktop\malware bits.txt
2019-12-03 17:41 - 2019-12-03 17:41 - 000000000 ____D C:\testintel2
2019-12-03 16:39 - 2019-12-03 16:39 - 000001203 _____ C:\Users\jorge\Desktop\Navegador Opera.lnk
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
2019-11-29 20:16 - 2019-11-29 20:16 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-29 20:16 - 2019-11-29 20:16 - 000000000 ____D C:\Users\jorge\AppData\Local\mbamtray
2019-11-29 20:16 - 2019-11-29 20:16 - 000000000 ____D C:\Users\jorge\AppData\Local\mbam
2019-11-29 20:16 - 2019-11-29 20:16 - 000000000 ____D C:\Users\jorge\AppData\Local\cache
2019-11-29 20:16 - 2019-11-29 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-29 20:16 - 2019-11-29 20:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-11-29 20:15 - 2019-12-15 22:16 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-11-29 20:14 - 2019-11-29 20:14 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-29 20:12 - 2019-11-29 20:12 - 001883976 _____ (Malwarebytes) C:\Users\jorge\Downloads\MBSetup.exe
2019-11-27 20:47 - 2019-11-27 20:48 - 000001285 _____ C:\Users\jorge\Desktop\cmd.lnk
2019-11-26 00:45 - 2019-11-26 00:45 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-11-25 21:46 - 2019-11-25 21:46 - 000122468 _____ C:\Users\jorge\Downloads\Normas para realizar o exame do 1º trimestre.pdf
2019-11-22 13:41 - 2019-11-22 13:41 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 005501952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 004307968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2019-11-22 13:41 - 2019-11-22 13:41 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2019-11-22 13:41 - 2019-11-22 13:41 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2019-11-22 13:40 - 2019-11-22 13:40 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 007015936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 002956472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 002399232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 001866272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-11-22 13:40 - 2019-11-22 13:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2019-11-22 13:40 - 2019-11-22 13:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 008011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 006232576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-11-22 13:39 - 2019-11-22 13:39 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2019-11-22 13:39 - 2019-11-22 13:39 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2019-11-22 13:39 - 2019-11-22 13:39 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2019-11-22 13:39 - 2019-11-22 13:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-11-22 13:39 - 2019-11-22 13:39 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2019-11-22 13:38 - 2019-11-22 13:39 - 007195648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-11-22 13:38 - 2019-11-22 13:38 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-11-22 13:38 - 2019-11-22 13:38 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-11-22 13:38 - 2019-11-22 13:38 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-11-22 13:38 - 2019-11-22 13:38 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-11-22 13:38 - 2019-11-22 13:38 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-11-22 13:37 - 2019-11-22 13:37 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-11-22 13:37 - 2019-11-22 13:37 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-11-22 13:37 - 2019-11-22 13:37 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-11-22 13:37 - 2019-11-22 13:37 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2019-11-22 13:37 - 2019-11-22 13:37 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2019-11-22 13:37 - 2019-11-22 13:37 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-11-22 13:36 - 2019-11-22 13:37 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-11-22 13:36 - 2019-11-22 13:36 - 005763848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-11-22 13:36 - 2019-11-22 13:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-11-22 13:36 - 2019-11-22 13:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2019-11-22 13:36 - 2019-11-22 13:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2019-11-22 13:36 - 2019-11-22 13:36 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-11-22 13:36 - 2019-11-22 13:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 006521768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 002258848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 001691648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 001413864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 001017680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000679152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000453632 _____ (Microsoft Corporation)

xxgal · 16 Diciembre, 2019 20:41

C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000404904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000380944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2019-11-22 13:35 - 2019-11-22 13:35 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-11-22 13:35 - 2019-11-22 13:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-11-22 13:34 - 2019-11-22 13:35 - 000000000 ____D C:\testintel
2019-11-22 13:34 - 2019-11-22 13:34 - 004150272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-11-22 13:34 - 2019-11-22 13:34 - 001664688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2019-11-22 13:34 - 2019-11-22 13:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-11-22 13:34 - 2019-11-22 13:34 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-11-22 13:34 - 2019-11-22 13:34 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accessibilitycpl.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 000089568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-11-22 13:34 - 2019-11-22 13:34 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 006082808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 003967920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 003752960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 002562048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 001916984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 000669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000375720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000251512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2019-11-20 00:58 - 2019-11-20 00:58 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-11-20 00:58 - 2019-11-20 00:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\posetup.dll
2019-11-20 00:58 - 2019-11-20 00:58 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 007262456 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 003791360 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 003371928 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 002988344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 002772272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 002763016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001974824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-11-20 00:56 - 2019-11-20 00:56 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001647064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001327064 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 001171704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000874936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000822200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000586768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000517432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-11-20 00:56 - 2019-11-20 00:56 - 000466928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000461320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000372752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000113160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000028344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2019-11-20 00:56 - 2019-11-20 00:56 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-11-20 00:56 - 2019-11-20 00:56 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-11-20 00:56 - 2019-11-20 00:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 007904152 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 007849424 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 006227104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 006166016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 005890048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 004047360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 003728384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 003591208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 003105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 002284032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 002114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001656392 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 001069064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000911824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000874536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-11-20 00:55 - 2019-11-20 00:55 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000105488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2019-11-20 00:55 - 2019-11-20 00:55 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2019-11-20 00:55 - 2019-11-20 00:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 004615616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 002126112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 002120704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 001259416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000657424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000322504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000291256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000204816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2019-11-20 00:54 - 2019-11-20 00:54 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-11-20 00:54 - 2019-11-20 00:54 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-11-20 00:54 - 2019-11-20 00:54 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000065272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-11-20 00:54 - 2019-11-20 00:54 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2019-11-20 00:54 - 2019-11-20 00:54 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2019-11-19 23:45 - 2019-11-19 23:47 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2019-11-19 23:45 - 2019-11-19 23:47 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-16 16:09 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-16 16:08 - 2019-09-02 01:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-16 15:16 - 2019-09-02 02:11 - 000003968 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1464173181
2019-12-16 15:16 - 2017-06-30 21:10 - 000001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-12-16 15:16 - 2016-05-25 11:45 - 000000000 ____D C:\Program Files (x86)\Opera
2019-12-16 15:09 - 2019-06-19 21:10 - 000000000 ____D C:\Program Files (x86)\Steam
2019-12-16 15:06 - 2019-09-02 01:59 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-16 15:06 - 2019-03-19 12:59 - 000777334 _____ C:\WINDOWS\system32\perfh00A.dat
2019-12-16 15:06 - 2019-03-19 12:59 - 000155366 _____ C:\WINDOWS\system32\perfc00A.dat
2019-12-16 15:06 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-16 15:05 - 2016-06-09 02:14 - 000000000 __SHD C:\Users\jorge\IntelGraphicsProfiles
2019-12-15 22:25 - 2016-04-26 16:33 - 000000000 ____D C:\Users\jorge\AppData\Roaming\uTorrent
2019-12-15 22:08 - 2019-07-09 21:07 - 000000000 ____D C:\Users\jorge\AppData\Local\BitTorrentHelper
2019-12-15 22:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-14 02:50 - 2019-09-02 02:11 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 02:50 - 2019-09-02 02:11 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 02:48 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-14 02:45 - 2016-04-26 01:43 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-14 02:45 - 2016-04-26 01:43 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-10 15:59 - 2016-09-27 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2019-12-10 15:59 - 2016-09-27 13:15 - 000000000 ____D C:\Program Files\Native Instruments
2019-12-10 15:59 - 2016-09-27 13:15 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2019-12-10 15:56 - 2016-04-28 17:06 - 000000000 ____D C:\Users\jorge\AppData\Local\Adobe
2019-12-10 15:33 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-10 15:33 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-10 12:38 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-09 18:51 - 2018-05-26 03:51 - 000000000 ____D C:\IRMANDINHA
2019-12-03 22:24 - 2018-05-25 16:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-03 22:12 - 2019-09-02 02:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-03 22:11 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-12-03 22:10 - 2019-06-19 20:38 - 000000000 ____D C:\Users\jorge\AppData\Roaming\IObit
2019-12-03 22:10 - 2019-06-19 20:38 - 000000000 ____D C:\ProgramData\IObit
2019-12-03 22:10 - 2013-02-24 19:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2019-12-03 22:10 - 2013-02-24 19:10 - 000000000 ____D C:\Program Files\TOSHIBA
2019-12-03 22:10 - 2013-02-24 19:10 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2019-12-03 22:07 - 2017-07-20 11:29 - 000000000 ____D C:\AdwCleaner
2019-12-03 22:06 - 2018-08-08 22:54 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-12-03 16:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-11-29 20:16 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-11-29 20:15 - 2016-04-26 15:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-29 20:13 - 2016-04-26 15:46 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-11-27 23:37 - 2019-09-02 01:47 - 000002463 _____ C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-27 23:37 - 2016-04-26 15:30 - 000000000 ___RD C:\Users\jorge\OneDrive
2019-11-27 20:02 - 2019-06-19 20:39 - 000000000 ____D C:\ProgramData\ProductData
2019-11-27 19:57 - 2017-12-08 17:01 - 000000000 ___RD C:\Users\jorge\3D Objects
2019-11-27 19:57 - 2016-04-26 01:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-11-27 19:51 - 2019-09-02 01:37 - 005310432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2019-11-26 00:59 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-11-26 00:55 - 2019-10-08 15:17 - 000000000 ____D C:\WINDOWS\Minidump
2019-11-26 00:55 - 2019-08-30 16:53 - 000000000 ___DC C:\WINDOWS\Panther
2019-11-26 00:55 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-11-26 00:55 - 2016-04-26 16:26 - 000000000 ____D C:\Users\jorge\AppData\Roaming\MPC-HC
2019-11-26 00:45 - 2017-07-20 10:43 - 000000000 ____D C:\Program Files\CCleaner
2019-11-26 00:44 - 2017-07-20 10:43 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-26 00:14 - 2018-02-26 23:07 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2019-11-26 00:14 - 2013-02-24 19:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-11-25 22:22 - 2016-04-26 04:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-25 22:17 - 2019-06-19 20:43 - 000000000 ____D C:\Users\jorge\Documents\escritorio 2019
2019-11-25 21:42 - 2016-04-26 04:57 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-11-25 14:23 - 2016-06-02 13:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-11-25 14:14 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-17 23:03 - 2016-04-26 01:42 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories ========

2016-04-28 22:46 - 2016-06-29 18:47 - 000000132 _____ () C:\Users\jorge\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-05-16 21:28 - 2018-05-16 21:28 - 000000000 ____H () C:\Users\jorge\AppData\Local\BIT7360.tmp
2018-05-16 21:27 - 2018-05-16 21:27 - 000000000 _____ () C:\Users\jorge\AppData\Local\{436C9E25-0BFC-4C32-AA3C-17FEACFD38A5}
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ () C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

xxgal · 16 Diciembre, 2019 20:41

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by jorge (16-12-2019 16:17:24)
Running from C:\Users\jorge\Desktop
Windows 10 Home Version 1903 18362.476 (X64) (2019-09-02 01:13:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3568817562-1715426090-130718979-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3568817562-1715426090-130718979-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3568817562-1715426090-130718979-1005 - Limited - Enabled)
Invitado (S-1-5-21-3568817562-1715426090-130718979-501 - Limited - Disabled)
jorge (S-1-5-21-3568817562-1715426090-130718979-1001 - Administrator - Enabled) => C:\Users\jorge
WDAGUtilityAccount (S-1-5-21-3568817562-1715426090-130718979-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Enabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.)
4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
AirDroid 3.3.5.3 (HKLM-x32\...\AirDroid) (Version: 3.3.5.3 - Sand Studio)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
BQ Handset USB driver 1.0 (HKLM-x32\...\USB Driver_is1) (Version:  - )
calibre 64bit (HKLM\...\{C50C44CA-48EE-4052-B629-6413080A0DDD}) (Version: 2.63.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.6.0 - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Europa Universalis IV Cradle of Civilization (HKLM-x32\...\Europa Universalis IV Cradle of Civilization_is1) (Version:  - )
Europa Universalis IV Mare Nostrum (HKLM-x32\...\Europa Universalis IV Mare Nostrum_is1) (Version:  - )
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.5.0.8 - IObit)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Mega Codec Pack 12.2.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LibreOffice 6.3.1.2 (HKLM\...\{46BF4998-7CC7-43AA-8D4C-D43DEFB24493}) (Version: 6.3.1.2 - The Document Foundation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Language Interface Pack 2013 - Galego (HKLM\...\{95150000-00FF-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 gl) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 gl)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
OpenOffice 4.1.7 (HKLM-x32\...\{8CD3CBA9-10F9-4376-9E68-264CA5D7F932}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 65.0.3467.72 (HKLM-x32\...\Opera 65.0.3467.72) (Version: 65.0.3467.72 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Paquete de controladores de Windows - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype version 8.55 (HKLM-x32\...\Skype_is1) (Version: 8.55 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spotify (HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\Spotify) (Version: 1.1.16.522.g55a4b852 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
Uninstall Megadede (HKLM\...\428792f5-75f6-56a9-bc54-ed4a7f639ad5) (Version: 2.0.0 - FjRamírez)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2017-07-10] (WildTangent Games)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2017-07-10] (eBay, Inc)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2016-06-25] (SEIKO EPSON CORPORATION)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.21.8716.0_x86__q4d96b2w5wcc2 [2019-10-11] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-19] (Microsoft Corporation)
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-04-04] (McAfee_Incorporated)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.33.0_x64__679ekb9hp1h62 [2019-06-19] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-19] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-11] (Microsoft Studios) [MS Ad]
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-25] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-25] (Microsoft Corporation) [MS Ad]
MSN O Tempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
MSN Receitas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-07-10] (Microsoft Corporation) [MS Ad]
MSN Saúde e Benestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-07-10] (Microsoft Corporation) [MS Ad]
MSN Viaxes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-07-10] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2017-07-10] (Ennova Research)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2016-04-27] (Evernote)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2016-04-27] (Skyscanner)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3568817562-1715426090-130718979-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll [2017-01-07] () [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

2016-06-30 09:23 - 2017-01-07 13:11 - 000592384 _____ () [File not signed] C:\Users\jorge\AppData\Local\MEGAsync\ShellExtX64.dll
2016-04-29 15:01 - 2008-11-12 02:00 - 000118784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMGJE.DLL
2016-06-25 14:44 - 2012-11-12 14:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2016-06-25 14:44 - 2012-10-22 16:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2012-04-20 12:49 - 2012-04-20 12:49 - 001198080 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-09-01 00:27 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

xxgal · 16 Diciembre, 2019 20:41

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Calibre2\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jorge\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\freedom_revolution_politics_red_star_anarchism_anarcho_communism_anarcho_syndicalism_1366x768_63185.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8AC15CC721D1B1E35B82D17EE31998C1"
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45744F02-F92B-422B-BF22-FDA020C7AAE6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F5961829-08B6-4F33-8BCE-726E34FF1E02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0BF72E0B-CC92-4BEC-A69A-329E89ABFFE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{B0E96BBF-8634-4C15-9E06-4951BCA8E0ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8FFA14F7-52A0-4407-BA90-A9096DB2D18A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive Ab (Publ) -> Paradox Interactive)
FirewallRules: [{CA9CD26D-CC07-4B15-8C77-2F5A8E1BEBEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive Ab (Publ) -> Paradox Interactive)
FirewallRules: [{124820D4-233D-4214-8692-C214B69EBAC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{2C86EEEA-4C08-4148-B240-F2AFBAFC189E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{B689481F-F529-4DBE-9905-DFABA19F6232}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{71EB3468-5D2D-4AA2-A3AC-21F4B5A88D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1AF14BA5-75E0-45F9-999B-6BB2E2BA13C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A1B9E6D5-C928-4001-9291-400659ADB0F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{01795B17-5BC3-431F-8662-06C5B47D9B0D}C:\program files\megadede\megadede.exe] => (Allow) C:\program files\megadede\megadede.exe (FjRamírez) [File not signed]
FirewallRules: [TCP Query User{471DC30E-1E6C-4585-B0B9-FC7270E60C9A}C:\program files\megadede\megadede.exe] => (Allow) C:\program files\megadede\megadede.exe (FjRamírez) [File not signed]
FirewallRules: [{0AFBE54E-4BD5-4AB2-BB51-94086699F10C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0BA185E-AA84-4B50-8E1A-9D0B7BC83B9E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A38D3A75-D8FF-4DC0-A0A2-1E28E26298A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C32422F5-8B8B-4039-A583-D22B6CF4102A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA65133A-5E6E-4E1F-A8A8-E349A894B725}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CBAEC03D-EF1C-4DDF-8553-25AE1DCA20FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{68A9884E-378E-4BA3-9AE3-0A518B96A3EE}] => (Allow) LPort=1900
FirewallRules: [{68A7561A-725D-462F-A525-6E228398B79A}] => (Allow) LPort=2869
FirewallRules: [{E9757E80-DA8C-4C26-A4B4-C80A81E4506E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2FD43A0-2801-44E4-9949-2FECCC8C472F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{BDE1A534-0932-4E3D-A10C-33C38C13BAA8}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{424FA544-64A6-4D74-BB98-3190BB869A5F}C:\users\jorge\downloads\warcraft iii\warcraft iii\war3.exe] => (Allow) C:\users\jorge\downloads\warcraft iii\warcraft iii\war3.exe () [File not signed]
FirewallRules: [TCP Query User{45B0303A-6995-4C98-B5F0-2C5A4E4BE909}C:\users\jorge\downloads\warcraft iii\warcraft iii\war3.exe] => (Allow) C:\users\jorge\downloads\warcraft iii\warcraft iii\war3.exe () [File not signed]
FirewallRules: [{358B4F02-209A-4EBC-A28B-648376215DE7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C410706C-EDDE-4CC4-B0C1-12D10B409743}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FDF0A95F-715C-4C7B-B7D7-A05D9D9C9175}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E5EA5E6-6AB4-4824-9D32-36169D4ECF99}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9728584-D24C-4BC4-A60B-4D72AD3BF135}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D02C6D90-36B4-4139-B12D-D480273E4D38}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{615A4130-D0CB-4315-8088-EC9F4B15A91E}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{875103D2-4CBC-4F2B-B970-E1B315B4234C}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8064E731-5899-45D1-940F-A2296E8AAA2E}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{03E37C0C-A660-46BA-831E-B1C24EABDFF5}] => (Allow) C:\Users\jorge\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{BFF21AD7-23A2-45B3-B9DC-82569C741B40}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jorge\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{1D66406E-B75C-4EE5-B660-454120C6EF05}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jorge\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B3128481-287B-4833-B2E5-20F4D3F0ED9B}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jorge\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{80D1110B-7170-4AB1-BE63-DE6E07698470}C:\users\jorge\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jorge\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{672C745E-26DC-46FB-8AC3-47DAB98BE76F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{FEDFB3D1-B2E3-4A76-8EA6-3DAB815B1F9A}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [{298F9004-C185-4CC8-8CE5-7C77E7345EF8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87F749FC-1E3E-4F38-91C5-869687D25599}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CABABFB7-5866-496B-B5E8-AFF2FBB8257E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C2D82F2-DF1B-4DEB-8FAE-1A801B3B63EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F5280372-8E08-4112-B90B-2E6181521D08}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3263BCF0-2E71-4E59-94C5-F4CDCBC43F82}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0AF8799C-E286-4E60-AFF0-61DF369DEB35}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (TONGBU TECHNOLOGY (HK) LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{172170B6-774B-4BAC-A497-6EBF1289A1CF}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (TONGBU TECHNOLOGY (HK) LIMITED -> Sand Studio)
FirewallRules: [{AE77FC53-7CDD-4BAF-9327-674BB5F24C3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4B6C73C4-F5FB-4EEC-98B4-95FE6F655F92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{0989A97B-ABE2-4390-BCE7-E6F2060105D6}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{08C25099-B166-411C-8A36-BA852DC70527}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{DF8CC1C9-3D4E-497E-9B34-B302D5622D62}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{E45B67CB-F547-4D11-8D66-08BF8FE82092}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{D28D63C6-61C9-4560-BCC7-D51365E4EB5C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{9E48A883-5B8B-43AF-BF8E-271D3BF84655}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{12B7E9D6-F72A-4FAD-97A5-8B0627D9A73B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{C9E8A7C2-F29F-4787-904C-5838084B2841}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{04C88A01-6FF9-4112-99FA-2FFA0B70C286}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{4443CCDD-7A60-482D-8035-F362B683D5E5}] => (Allow) C:\Program Files (x86)\Opera\65.0.3467.62\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A9F64919-5815-4E97-BE17-DEDFE2496920}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D80B0BE8-BA08-43E1-960E-E0134AC7E9C6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{89B77D4F-7756-4E0C-B16E-3D9842A7BBFD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{713CDBAA-1A77-4222-8BBF-0C9350C49B9D}] => (Allow) C:\Program Files (x86)\Opera\65.0.3467.72\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

28-11-2019 01:52:50 Punto de control programado
09-12-2019 18:07:54 Punto de control programado
14-12-2019 02:44:27 Windows Update

==================== Faulty Device Manager Devices ============

Name: BTS-06 Stereo
Description: Origen A2dp de Microsoft Bluetooth
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2dp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/16/2019 04:15:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4508,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/16/2019 04:10:03 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (12/16/2019 03:22:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7892,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/16/2019 03:09:22 PM) (Source: Service Station de TOSHIBA) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (12/16/2019 03:09:22 PM) (Source: Service Station de TOSHIBA) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (12/16/2019 03:08:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/16/2019 03:06:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: No se pueden leer las cadenas del contador de rendimiento definidas para el identificador de idioma 056. El primer valor DWORD de la sección de datos contiene el código de error de Win32.

Error: (12/16/2019 12:17:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa explorer.exe (versión 10.0.18362.449) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 7e8

Hora de Inicio: 01d5b39da71fca47

Hora de finalización: 0

Ruta de la aplicación: C:\Windows\explorer.exe

Id. de informe: 4444deec-7e4e-4430-a1fc-df9933b207e3

Nombre completo del paquete con errores: 

Id. de la aplicación relativa al paquete con errores: 

Tipo de bloqueo: Unknown


System errors:
=============
Error: (12/15/2019 10:04:35 PM) (Source: DCOM) (EventID: 10000) (User: IRMANDINHA)
Description: No se puede iniciar un servidor DCOM: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. Error 
"2147942405"
al iniciar este comando:
"C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleUpdateOnDemand.exe" -Embedding

Error: (12/14/2019 02:35:30 AM) (Source: DCOM) (EventID: 10010) (User: IRMANDINHA)
Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/13/2019 11:12:33 AM) (Source: DCOM) (EventID: 10010) (User: IRMANDINHA)
Description: El servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/10/2019 01:49:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Steam Client Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/10/2019 01:49:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.

Error: (12/09/2019 06:50:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (12/09/2019 06:50:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\jorge\AppData\Local\Temp\ehdrv.sys

Error: (12/09/2019 06:50:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


CodeIntegrity:
===================================

Date: 2019-11-30 01:00:10.143
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-11-30 00:58:29.114
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: Insyde Corp. 6.80 10/01/2013
Motherboard: Intel PLCSF8
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8075.22 MB
Available physical RAM: 4750.67 MB
Total Virtual: 9355.22 MB
Available Virtual: 5639.98 MB

==================== Drives ================================

Drive c: (TI31070900B) (Fixed) (Total:454.94 GB) (Free:36.04 GB) NTFS

\\?\Volume{485ed51a-9061-11e2-8874-d3a41ffb8c85}\ (System) (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
\\?\Volume{c871d20d-bf92-4092-ad50-d736d339afee}\ () (Fixed) (Total:0.88 GB) (Free:0.31 GB) NTFS
\\?\Volume{52848c1b-8297-428e-bd6a-524a69ac0887}\ (Recovery) (Fixed) (Total:9.12 GB) (Free:0.61 GB) NTFS
\\?\Volume{485ed522-9061-11e2-8874-d3a41ffb8c85}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Daniela · 17 Diciembre, 2019 01:21

Hola

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {199B5CAD-3549-4E35-89C8-FA3286ACE92E} - \WPD\SqmUpload_S-1-5-21-3568817562-1715426090-130718979-1001 -> No File <==== ATTENTION
Task: {1CD56F8A-134E-4862-8B11-8A50C3B3FE8E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1CDA4AA3-7B49-440D-9624-53EF5F3E9305} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F64AB04-80C1-48D7-A9D9-82729C52CE0E} - no filepath
Task: {2FCEC8E9-0B39-471D-AB16-205F539F076C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4DC68755-5C14-4D73-92FE-42B248C45B5E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5831EDA4-B28D-4C22-9513-3A42FBE11007} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {7DDB55CF-DE8D-4286-A74D-BF6FE3702196} - System32\Tasks\Uninstaller_SkipUac_jorge => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-05-29] (IObit Information Technology -> IObit)
Task: {8E31506E-D768-42FF-A174-8E72D1092A89} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {9DFEAC00-EC48-4BC7-8BED-E07312CF655C} - no filepath
Task: {B4C00C9C-EEA0-458B-80DF-6B52C0917D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C46DD237-27E4-4130-A407-DDDF145405E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE20D781-83C9-4575-B437-8542450529C8} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {CEFED091-5B0B-4F78-9331-622A939E15E2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D9BA1E63-2B51-482B-9D6D-C8EA15D03539} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {DC69856F-A450-4C5B-910E-3A9B3C9613C4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA8A913F-F92F-4212-A433-BDB1B3DDC828} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F36655FD-0769-4F26-919B-0E54A59F7D6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FBBA93B2-5FF8-49CB-A54D-07C12B53D295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3568817562-1715426090-130718979-1001 -> {ACEED78C-2A4D-458D-A899-EAF193BD62A4} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Until AM Web App) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-26]
CHR Extension: (Awesome New Tab Page) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2019-12-03]
CHR Extension: (Apple Shooter) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfnlipcinfjmjplgegncjlmpnihecg [2018-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16]
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]
2019-12-10 16:01 - 2019-12-10 16:01 - 000000000 __HDC C:\ProgramData\{3A20D009-047D-496D-9874-DF40CA126D3C}
2019-12-10 15:59 - 2019-12-10 15:59 - 000000000 __HDC C:\ProgramData\{C0AE4A98-3E1D-45FB-8465-ECCCB391E633}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{FD1615C0-ED4A-4CEB-94C3-1850BF1BAA6A}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{E70386C6-507F-4906-86C2-96C1066BA097}
2019-12-10 15:57 - 2019-12-10 15:57 - 000000000 __HDC C:\ProgramData\{98529CCC-D431-4B85-965E-E98139A4FACD}
2019-12-03 17:41 - 2019-12-03 17:41 - 000000000 ____D C:\testintel2
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
2019-11-22 13:34 - 2019-11-22 13:35 - 000000000 ____D C:\testintel
2019-12-03 22:10 - 2019-06-19 20:38 - 000000000 ____D C:\Users\jorge\AppData\Roaming\IObit
2018-05-16 21:27 - 2018-05-16 21:27 - 000000000 _____ () C:\Users\jorge\AppData\Local\{436C9E25-0BFC-4C32-AA3C-17FEACFD38A5}
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ () C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

xxgal · 17 Diciembre, 2019 15:27

si no, el PC funciona un poco más rápidoo, el miedo o la inquietud que tengo es ese, un virus que espíe lo que hago o dejo de hacer, un saludo y gracias por todo

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by jorge (17-12-2019 16:07:51) Run:1
Running from C:\Users\jorge\Desktop
Loaded Profiles: jorge (Available Profiles: jorge)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {199B5CAD-3549-4E35-89C8-FA3286ACE92E} - \WPD\SqmUpload_S-1-5-21-3568817562-1715426090-130718979-1001 -> No File <==== ATTENTION
Task: {1CD56F8A-134E-4862-8B11-8A50C3B3FE8E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1CDA4AA3-7B49-440D-9624-53EF5F3E9305} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F64AB04-80C1-48D7-A9D9-82729C52CE0E} - no filepath
Task: {2FCEC8E9-0B39-471D-AB16-205F539F076C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4DC68755-5C14-4D73-92FE-42B248C45B5E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5831EDA4-B28D-4C22-9513-3A42FBE11007} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {7DDB55CF-DE8D-4286-A74D-BF6FE3702196} - System32\Tasks\Uninstaller_SkipUac_jorge => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-05-29] (IObit Information Technology -> IObit)
Task: {8E31506E-D768-42FF-A174-8E72D1092A89} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {9DFEAC00-EC48-4BC7-8BED-E07312CF655C} - no filepath
Task: {B4C00C9C-EEA0-458B-80DF-6B52C0917D09} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C46DD237-27E4-4130-A407-DDDF145405E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE20D781-83C9-4575-B437-8542450529C8} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {CEFED091-5B0B-4F78-9331-622A939E15E2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D9BA1E63-2B51-482B-9D6D-C8EA15D03539} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {DC69856F-A450-4C5B-910E-3A9B3C9613C4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EA8A913F-F92F-4212-A433-BDB1B3DDC828} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F36655FD-0769-4F26-919B-0E54A59F7D6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FBBA93B2-5FF8-49CB-A54D-07C12B53D295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3568817562-1715426090-130718979-1001 -> {ACEED78C-2A4D-458D-A899-EAF193BD62A4} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-3568817562-1715426090-130718979-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]
CHR NewTab: Default ->  Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Until AM Web App) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-26]
CHR Extension: (Awesome New Tab Page) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2019-12-03]
CHR Extension: (Apple Shooter) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfnlipcinfjmjplgegncjlmpnihecg [2018-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16]
S2 PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [X]
2019-12-10 16:01 - 2019-12-10 16:01 - 000000000 __HDC C:\ProgramData\{3A20D009-047D-496D-9874-DF40CA126D3C}
2019-12-10 15:59 - 2019-12-10 15:59 - 000000000 __HDC C:\ProgramData\{C0AE4A98-3E1D-45FB-8465-ECCCB391E633}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{FD1615C0-ED4A-4CEB-94C3-1850BF1BAA6A}
2019-12-10 15:58 - 2019-12-10 15:58 - 000000000 __HDC C:\ProgramData\{E70386C6-507F-4906-86C2-96C1066BA097}
2019-12-10 15:57 - 2019-12-10 15:57 - 000000000 __HDC C:\ProgramData\{98529CCC-D431-4B85-965E-E98139A4FACD}
2019-12-03 17:41 - 2019-12-03 17:41 - 000000000 ____D C:\testintel2
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
2019-11-22 13:34 - 2019-11-22 13:35 - 000000000 ____D C:\testintel
2019-12-03 22:10 - 2019-06-19 20:38 - 000000000 ____D C:\Users\jorge\AppData\Roaming\IObit
2018-05-16 21:27 - 2018-05-16 21:27 - 000000000 _____ () C:\Users\jorge\AppData\Local\{436C9E25-0BFC-4C32-AA3C-17FEACFD38A5}
2019-12-03 16:36 - 2019-12-03 16:36 - 000000000 _____ () C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18DB4B31-BB4A-4BF6-95FB-0A533C9B9C72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{199B5CAD-3549-4E35-89C8-FA3286ACE92E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199B5CAD-3549-4E35-89C8-FA3286ACE92E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3568817562-1715426090-130718979-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CD56F8A-134E-4862-8B11-8A50C3B3FE8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CD56F8A-134E-4862-8B11-8A50C3B3FE8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CDA4AA3-7B49-440D-9624-53EF5F3E9305}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CDA4AA3-7B49-440D-9624-53EF5F3E9305}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F64AB04-80C1-48D7-A9D9-82729C52CE0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F64AB04-80C1-48D7-A9D9-82729C52CE0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FCEC8E9-0B39-471D-AB16-205F539F076C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FCEC8E9-0B39-471D-AB16-205F539F076C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33DB2B2B-3D36-4936-BCA7-C78FAF0DA8FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DC68755-5C14-4D73-92FE-42B248C45B5E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC68755-5C14-4D73-92FE-42B248C45B5E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5831EDA4-B28D-4C22-9513-3A42FBE11007}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5831EDA4-B28D-4C22-9513-3A42FBE11007}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DDB55CF-DE8D-4286-A74D-BF6FE3702196}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DDB55CF-DE8D-4286-A74D-BF6FE3702196}" => removed successfully
C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_jorge => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_jorge" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E31506E-D768-42FF-A174-8E72D1092A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E31506E-D768-42FF-A174-8E72D1092A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DFEAC00-EC48-4BC7-8BED-E07312CF655C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DFEAC00-EC48-4BC7-8BED-E07312CF655C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4C00C9C-EEA0-458B-80DF-6B52C0917D09}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4C00C9C-EEA0-458B-80DF-6B52C0917D09}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C46DD237-27E4-4130-A407-DDDF145405E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C46DD237-27E4-4130-A407-DDDF145405E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE20D781-83C9-4575-B437-8542450529C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE20D781-83C9-4575-B437-8542450529C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEFED091-5B0B-4F78-9331-622A939E15E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEFED091-5B0B-4F78-9331-622A939E15E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9BA1E63-2B51-482B-9D6D-C8EA15D03539}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9BA1E63-2B51-482B-9D6D-C8EA15D03539}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC69856F-A450-4C5B-910E-3A9B3C9613C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC69856F-A450-4C5B-910E-3A9B3C9613C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA8A913F-F92F-4212-A433-BDB1B3DDC828}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8A913F-F92F-4212-A433-BDB1B3DDC828}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F36655FD-0769-4F26-919B-0E54A59F7D6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F36655FD-0769-4F26-919B-0E54A59F7D6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBBA93B2-5FF8-49CB-A54D-07C12B53D295}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBBA93B2-5FF8-49CB-A54D-07C12B53D295}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ACEED78C-2A4D-458D-A899-EAF193BD62A4} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => removed successfully
HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => removed successfully
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\Software\MozillaPlugins\intel.com/AppUp => removed successfully
"C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll" => not found
HKU\S-1-5-21-3568817562-1715426090-130718979-1001\Software\MozillaPlugins\intel.com/AppUpx64 => removed successfully
"C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll" => not found
"Chrome NewTab" => removed successfully
CHR Extension: (Until AM Web App) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-26] => Error: No automatic fix found for this entry.
CHR Extension: (Awesome New Tab Page) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2019-12-03] => Error: No automatic fix found for this entry.
CHR Extension: (Apple Shooter) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfnlipcinfjmjplgegncjlmpnihecg [2018-07-19] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-16] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\PEGAGFN => removed successfully
PEGAGFN => service removed successfully
C:\ProgramData\{3A20D009-047D-496D-9874-DF40CA126D3C} => moved successfully
C:\ProgramData\{C0AE4A98-3E1D-45FB-8465-ECCCB391E633} => moved successfully
C:\ProgramData\{FD1615C0-ED4A-4CEB-94C3-1850BF1BAA6A} => moved successfully
C:\ProgramData\{E70386C6-507F-4906-86C2-96C1066BA097} => moved successfully
C:\ProgramData\{98529CCC-D431-4B85-965E-E98139A4FACD} => moved successfully
C:\testintel2 => moved successfully
C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB} => moved successfully
C:\testintel => moved successfully
C:\Users\jorge\AppData\Roaming\IObit => moved successfully
C:\Users\jorge\AppData\Local\{436C9E25-0BFC-4C32-AA3C-17FEACFD38A5} => moved successfully
"C:\Users\jorge\AppData\Local\{72996215-0A9F-48FE-A503-B8062B4D63AB}" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3568817562-1715426090-130718979-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57145264 B
Java, Flash, Steam htmlcache => 291791585 B
Windows/system/drivers => 6985113 B
Edge => 8353617 B
Chrome => 537440913 B
Firefox => 5221125 B
Opera => 165272 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8210 B
NetworkService => 18122 B
jorge => 129160202 B

RecycleBin => 6474 B
EmptyTemp: => 997.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:10:54 ====

Daniela · 17 Diciembre, 2019 22:06

Hola

Sigue apareciendo el Autoit.exe?

Un saludo

xxgal · 18 Diciembre, 2019 14:54

no, en realidad no sale desde que pare el servicio en administrador de tareas-detalles

Daniela · 22 Diciembre, 2019 17:14

Hola

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Comenta si sigue todo bien.

Un saludo