Proceso notepad.exe acumula mucha memoria

Rodma · 6 Diciembre, 2019 07:03

Hola:

Tengo un proceso llamado notepad en mi ordenador que me ocupa mucha memoria, lo mato y vuelve a salir al rato. Abro el notepad y aparece como otro proceso pero sin ocupar tanta memoria, He pasado el malwarebytes y el adwcleaner y no me lo quitan.

lo siento como puedo poner una imagen?

Alguien me puede ayudar?

Gracias

Miguelgrado · 6 Diciembre, 2019 09:17

Hola

Tengo otro tema igual al tuyo, y parece que si es igual, algo modifico ese notepad.exe…

Vamos a ver, por pasos

Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Rodma · 6 Diciembre, 2019 10:31

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2019
Ran by pc (administrator) on PC-PC (Gigabyte Technology Co., Ltd. Z87X-UD3H) (06-12-2019 11:06:43)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Turtle Entertainment GmbH -> ) C:\Program Files\EslWire\service\WireHelperSvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [525344 2018-03-24] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: J - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: K - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {94a646c7-af01-11e3-90eb-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {9b04a7fa-e0b3-11e6-94f7-74d4351c9282} - H:\setup.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} - G:\iStudio.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d3-3004-11e7-a7b2-74d4351c9282} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d7-3004-11e7-a7b2-74d4351c9282} - J:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [165520 2019-10-17] (NVIDIA Corporation -> NVIDIA Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0641AAE0-D7BC-4EE9-A11F-20884ECCE040} - System32\Tasks\BlueStacksHelper => C:\ProgramData\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {1006A27A-12C1-43B6-8833-89DBF262AFA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-28] (Google Inc -> Google Inc.)
Task: {1233710A-0F81-4B1B-9726-1554DB523051} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C9B6B67-2F6F-435F-8F44-0A834A1C3E62} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23621F75-E2AB-4003-8A04-C5FABF2A60D5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E0F0797-7581-4D15-9B15-C693C1A4404C} - System32\Tasks\WTLRTME => C:\Users\pc\AppData\Roaming\WTLRTME.exe <==== ATTENTION
Task: {3B04D701-8DB9-4C30-BCC1-BD15B78FF2E2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F4F0616-88DB-4ADD-9C20-B0227932FDF6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4B0EBCA2-0492-468B-8A9E-49149064B15D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {52B6B375-BC61-4AEA-BF54-AA6FAEBF9888} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6AFFA13B-7429-41FA-AAFA-9E4D4D1D6616} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2431304 2019-11-19] (Overwolf Ltd -> Overwolf LTD)
Task: {7E9D1284-BFD2-4DD2-9BE9-CD0A48AF85E2} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8277868C-BB28-440C-B481-980FE0399C89} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {83821D70-BFE7-4AB0-B422-E4258A9278F5} - System32\Tasks\{835B4D75-E8DD-4F71-872B-6146767D4AAA} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [137152 2016-06-01] (VideoLAN -> VideoLAN)
Task: {84F9B2D7-E7CA-4843-B528-667D7139C4CB} - System32\Tasks\{0F88A1E6-C9B3-4921-B817-837A246182A9} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [137152 2016-06-01] (VideoLAN -> VideoLAN)
Task: {8F8018D3-0FDB-477D-895E-5201EB3D9B1F} - System32\Tasks\IWEOJYP => C:\Users\pc\AppData\Roaming\IWEOJYP.exe <==== ATTENTION
Task: {939F5754-FE14-4060-AACD-44CE90356643} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-17] (Adobe Inc. -> Adobe)
Task: {9C023E4E-EEBD-4242-BFD5-8B94BD939392} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ACF7F468-48D9-4C3C-AE39-31561F0925E7} - System32\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH => C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe <==== ATTENTION
Task: {B254F624-25E7-45A2-84B3-B90BB0E8F9DE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4A54F10-65EB-4451-BE14-3F08507B48EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-05-28] (Google Inc -> Google Inc.)
Task: {E0C8B74C-A9BC-4943-AF88-BCFEB6BE237F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-23] (Piriform Ltd -> Piriform Ltd)
Task: {EF836BC3-A141-43A3-9B77-22BEF4CCEA54} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2E979B5-6741-4A45-9AF5-9B22A9624C7D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe <==== ATTENTION
Task: C:\Windows\Tasks\IWEOJYP.job => C:\Users\pc\AppData\Roaming\IWEOJYP.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTLRTME.job => C:\Users\pc\AppData\Roaming\WTLRTME.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.166.211.1 212.166.132.104
Tcpip\..\Interfaces\{74928498-32D1-4553-8FF8-3F820B38594F}: [DhcpNameServer] 212.166.211.1 212.166.132.104
Tcpip\..\Interfaces\{ADE081CF-4601-4E7E-93EF-598C6E2EF98E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lamarabunta.org/search.php?search_id=newposts
hxxps://modxvm.com/en/
hxxp://nightly.modxvm.com/
hxxps://koreanrandom.com/forum/forum/57-xvm-english-support-and-discussions/?setlanguage=1&langurlbits=forum/57-xvm-english-support-and-discussions/&langid=1
hxxps://wot-life.com/eu/player/Rodma-500399764/
hxxp://www.wotstats.org/stats/eu/rodma/20181021/
hxxp://www.clasicosbasicos.org/plataforma/pc
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3950879380-2275949493-3388743034-1000 -> {A4C22122-B920-46A2-8BB2-900D117DFF73} URL = hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-23] (Oracle America, Inc. -> Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\pc\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-15] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-15] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-03] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-03] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3950879380-2275949493-3388743034-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\pc\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3950879380-2275949493-3388743034-1000: @acestream.net/acestreamplugin,version=3.1.28 -> C:\Users\pc\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxps://www.google.es/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Profile 2 -> "hxxps://www.google.es/"
CHR DefaultSearchURL: Profile 2 -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 2 -> Yahoo
CHR DefaultSuggestURL: Profile 2 -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Notifications: Profile 2 -> hxxps://forospyware.com; hxxps://forum.warthunder.com; hxxps://forum.worldofwarships.eu; hxxps://ivpaste.com; hxxps://juegos.loteriasyapuestas.es; hxxps://koreanrandom.com; hxxps://loterias-by.accengage.net; hxxps://puregaming.es; hxxps://streamp1ay.me; hxxps://web.telegram.org; hxxps://wotanksmodscom.foxpush.net; hxxps://www.adslzone.net; hxxps://www.danone.es; hxxps://www.faceit.com; hxxps://www.gamesradar.com; hxxps://www.ofertia.com; hxxps://www.reddit.com; hxxps://www.softonic.com; hxxps://www.travelclub.es; hxxps://www.vodafone.es
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2018-04-09]
CHR Extension: (Presentaciones) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-09]
CHR Extension: (Documentos) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-09]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-09]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-09]
CHR Extension: (Adobe Acrobat) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-09]
CHR Extension: (Hojas de cálculo) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-09]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-09]
CHR Extension: (Skype) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-09]
CHR Extension: (Ace Script) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-04-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Yahoo Partner) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2018-04-09]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-09]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-09]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-12-06]
CHR Extension: (Presentaciones) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Documentos) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (Session Manager) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2018-04-21]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (Búsqueda de Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Adobe Acrobat) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-04]
CHR Extension: (Hojas de cálculo) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-28]
CHR Extension: (Ace Script) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2018-12-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-06]
CHR HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]
CHR HKLM-x32\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8395968 2019-11-03] (BattlEye Innovations e.K. -> )
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [4981936 2019-04-23] (devolo AG -> devolo AG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3648616 2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [776832 2018-05-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2016-04-12] (Turtle Entertainment GmbH -> )
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2431304 2019-11-19] (Overwolf Ltd -> Overwolf LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-23] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-20] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-20] (Disc Soft Ltd -> Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [545776 2017-09-22] (Intel(R) INTELND1617 -> Intel Corporation)
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [100488 2017-05-20] (Turtle Entertainment GmbH -> <Turtle Entertainment>)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R0 mvs91xx; C:\Windows\System32\DRIVERS\mvs91xx.sys [327464 2013-09-06] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2019-04-23] (devolo AG -> Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 SgamingkbFltr; C:\Windows\System32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.) [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131096 2016-10-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [203856 2016-10-18] (Oracle Corporation -> Oracle Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R1 WindroyeBoxDrv; C:\Program Files\WindroyeBox\WindroyeBoxDrv.sys [252672 2015-03-03] (北京文安卓立科技有限公司 -> Windroy Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation -> Intel Corporation)
S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-06 10:44 - 2019-12-06 10:48 - 000067319 _____ C:\Users\pc\Desktop\Addition.txt
2019-12-06 10:39 - 2019-12-06 11:10 - 000029523 _____ C:\Users\pc\Desktop\FRST.txt
2019-12-06 10:39 - 2019-12-06 11:09 - 000000000 ____D C:\FRST
2019-12-06 10:37 - 2019-12-06 10:38 - 002263552 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2019-12-06 10:36 - 2019-12-06 10:36 - 000874052 _____ C:\Users\pc\Downloads\Läckberg,_Camilla_Fjällbacka_06.mobi
2019-12-06 10:27 - 2019-12-06 10:27 - 000678569 _____ C:\Users\pc\Downloads\Läckberg,_Camilla_Fjällbacka_06.epub
2019-12-06 10:26 - 2019-12-06 10:26 - 000637734 _____ C:\Users\pc\Downloads\Loba negra - Juan Gomez-Jurado.epub
2019-12-05 21:53 - 2019-12-05 21:53 - 000018655 _____ C:\Users\pc\Downloads\El grinch.HDrip1,79gb.torrent
2019-12-05 21:53 - 2019-12-05 21:53 - 000018655 _____ C:\Users\pc\Downloads\El grinch.HDrip1,79gb (1).torrent
2019-12-05 21:02 - 2019-12-05 21:02 - 000623645 _____ C:\Users\pc\Downloads\Los secretos de la reina - Xulio R Trigo.epub
2019-12-05 20:58 - 2019-12-05 20:58 - 000856574 _____ C:\Users\pc\Downloads\La mansion de los chocolates - Nikolai, Maria.epub
2019-12-05 20:58 - 2019-12-05 20:58 - 000578770 _____ C:\Users\pc\Downloads\Frankissstein_ una historia de - Jeanette Winterson.epub
2019-12-05 20:57 - 2019-12-05 20:57 - 000641865 _____ C:\Users\pc\Downloads\La nostalgia del limonero - Mari Pau Dominguez (1).epub
2019-12-05 20:56 - 2019-12-05 20:56 - 000641865 _____ C:\Users\pc\Downloads\La nostalgia del limonero - Mari Pau Dominguez.epub
2019-12-05 20:55 - 2019-12-05 20:55 - 001142231 _____ C:\Users\pc\Downloads\El alma de las flores - Viviana Rivero.epub
2019-12-05 20:55 - 2019-12-05 20:55 - 001117147 _____ C:\Users\pc\Downloads\Diosas de Hollywood - Cristina Morato.epub
2019-12-05 20:54 - 2019-12-05 20:54 - 000907944 _____ C:\Users\pc\Downloads\La cruz de madera - Lola Solana.epub
2019-12-05 20:54 - 2019-12-05 20:54 - 000291291 _____ C:\Users\pc\Downloads\Secretos de mariposa - Victoria Morrigan.epub
2019-12-05 20:53 - 2019-12-05 20:53 - 000419064 _____ C:\Users\pc\Downloads\Trilogia de la niebla 03 Las lu - Carlos Ruiz Zafon.epub
2019-12-05 20:53 - 2019-12-05 20:53 - 000318948 _____ C:\Users\pc\Downloads\Trilogia de la niebla 02 El pal - Carlos Ruiz Zafon.epub
2019-12-05 20:52 - 2019-12-05 20:53 - 000413064 _____ C:\Users\pc\Downloads\Trilogia de la niebla 01 El pri - Carlos Ruiz Zafon.epub
2019-12-05 20:42 - 2019-12-06 10:36 - 000000000 ____D C:\-- Epub
2019-12-05 20:41 - 2019-12-05 20:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\calibre
2019-12-05 20:40 - 2019-12-05 20:40 - 002084651 _____ C:\Users\pc\Downloads\Notre-Dame - Ken Follett.epub
2019-12-05 20:27 - 2019-12-05 20:27 - 000000000 ____D C:\Users\pc\Documents\eBook Converter
2019-12-05 20:26 - 2019-12-05 20:26 - 000001251 _____ C:\Users\pc\Desktop\ePub Converter.lnk
2019-12-05 20:26 - 2019-12-05 20:26 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter
2019-12-05 20:26 - 2019-12-05 20:26 - 000000000 ____D C:\Program Files (x86)\eBookConverter
2019-12-05 20:23 - 2019-12-05 20:23 - 063204900 _____ C:\Users\pc\Downloads\ePub.Converter.v2.7.109.352.Incl.Patch-RCG.rar
2019-12-05 17:55 - 2019-12-05 17:55 - 000013020 _____ C:\Users\pc\Downloads\glass-blurayrip.torrent
2019-12-05 17:54 - 2019-12-05 17:54 - 000026102 _____ C:\Users\pc\Downloads\el-protegido-microhd-1080-px.torrent
2019-12-05 17:54 - 2019-12-05 17:54 - 000018842 _____ C:\Users\pc\Downloads\Multiple_MicroHD_1080p.torrent
2019-12-05 14:04 - 2019-12-05 14:04 - 000388608 _____ (Trend Micro Inc.) C:\Users\pc\Desktop\HijackThis.exe
2019-12-05 13:57 - 2019-12-05 13:57 - 000000590 _____ C:\Users\pc\Documents\pp.txt
2019-12-05 13:51 - 2019-12-05 13:51 - 000000532 _____ C:\Users\pc\Desktop\ESET Online Scanner.lnk
2019-12-05 13:51 - 2019-12-05 13:51 - 000000000 ____D C:\Users\pc\AppData\Local\ESET
2019-12-05 13:50 - 2019-12-05 13:50 - 008162616 _____ (ESET spol. s r.o.) C:\Users\pc\Desktop\esetonlinescanner_esn.exe
2019-12-05 08:16 - 2019-12-05 08:15 - 008218800 _____ (Malwarebytes) C:\Users\pc\Desktop\adwcleaner_8.0.0.exe
2019-12-05 08:15 - 2019-12-05 08:15 - 008218800 _____ (Malwarebytes) C:\Users\pc\Downloads\adwcleaner_8.0.0.exe
2019-11-30 23:54 - 2019-11-30 23:54 - 000000000 ____D C:\testintel2
2019-11-28 18:14 - 2019-11-28 18:16 - 000000000 ____D C:\Users\pc\Desktop\-- W7ACTIVATION
2019-11-26 17:48 - 2019-11-26 17:48 - 000120938 _____ C:\Users\pc\Downloads\Vengadores-Endgame-OPEN-MATTE-Imax-2019.avi.torrent
2019-11-24 11:23 - 2019-11-24 11:23 - 000020868 _____ C:\Users\pc\Downloads\Los_Descendientes_3.torrent
2019-11-24 11:16 - 2019-11-24 11:16 - 000019723 _____ C:\Users\pc\Downloads\The_Mandalorian_1x01.torrent
2019-11-24 11:16 - 2019-11-24 11:16 - 000018909 _____ C:\Users\pc\Downloads\The_Mandalorian_1x03.torrent
2019-11-24 11:16 - 2019-11-24 11:16 - 000016003 _____ C:\Users\pc\Downloads\The_Mandalorian_1x02.torrent
2019-11-24 09:39 - 2019-11-24 09:39 - 000009934 _____ C:\Users\pc\Desktop\Contraseñas de Chrome.csv
2019-11-23 16:44 - 2019-11-23 16:44 - 000000000 ____D C:\testintel
2019-11-16 15:41 - 2019-11-16 15:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD
2019-11-16 15:40 - 2019-11-16 15:41 - 000000000 ____D C:\testfolder
2019-11-09 18:05 - 2019-11-09 18:05 - 000000000 ____D C:\Users\pc\AppData\Local\CrashReportClient
2019-11-07 19:03 - 2019-11-07 19:03 - 009851314 _____ C:\Users\pc\Downloads\J1mB0s-Contour-Icon-dlya-wot.rar
2019-11-06 17:11 - 2019-11-06 17:11 - 000001583 _____ C:\Users\pc\Desktop\World of Tanks EU.lnk
2019-11-06 17:11 - 2019-11-06 17:11 - 000000720 _____ C:\Users\pc\Desktop\World of Tanks EU (2).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-06 11:08 - 2011-04-12 10:10 - 000748758 _____ C:\Windows\system32\perfh00A.dat
2019-12-06 11:08 - 2011-04-12 10:10 - 000159728 _____ C:\Windows\system32\perfc00A.dat
2019-12-06 11:08 - 2009-07-14 06:13 - 001681640 _____ C:\Windows\system32\PerfStringBackup.INI
2019-12-06 11:06 - 2014-03-19 02:34 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-06 11:03 - 2016-11-12 15:40 - 000000000 __SHD C:\Users\pc\IntelGraphicsProfiles
2019-12-06 10:59 - 2015-11-14 17:44 - 000001008 _____ C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job
2019-12-06 10:59 - 2015-01-02 16:14 - 000001672 _____ C:\Windows\Tasks\WTLRTME.job
2019-12-06 10:59 - 2015-01-02 16:00 - 000001672 _____ C:\Windows\Tasks\IWEOJYP.job
2019-12-06 10:59 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-06 10:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-12-06 07:39 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-06 07:39 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-06 07:34 - 2014-04-26 15:15 - 000000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2019-12-05 22:40 - 2014-03-29 16:45 - 000000000 ____D C:\Users\pc\AppData\Roaming\vlc
2019-12-05 22:03 - 2014-05-09 08:20 - 000000000 ____D C:\Users\pc\AppData\Roaming\uTorrent
2019-12-05 21:53 - 2019-06-05 07:09 - 000000000 ____D C:\Users\pc\AppData\Local\BitTorrentHelper
2019-12-05 21:19 - 2014-03-19 22:28 - 000000000 ____D C:\Users\pc\AppData\Roaming\TS3Client
2019-12-05 17:10 - 2019-02-27 16:17 - 000002101 _____ C:\Users\pc\Desktop\TeamSpeak Overlay.lnk
2019-12-05 17:10 - 2014-03-21 00:51 - 000000000 ____D C:\Users\pc\AppData\Local\Overwolf
2019-12-05 14:04 - 2018-11-09 09:38 - 000000000 ____D C:\Users\pc\Downloads\--- Mirandomelo
2019-12-05 13:55 - 2017-06-20 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War WARHAMMER
2019-12-05 13:55 - 2017-06-20 10:04 - 000000000 ____D C:\Program Files\Total War WARHAMMER
2019-12-05 08:17 - 2015-11-23 15:45 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2019-12-05 08:16 - 2015-01-02 17:06 - 000000000 ____D C:\AdwCleaner
2019-11-28 18:53 - 2014-11-04 15:37 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-11-24 11:20 - 2016-08-02 15:51 - 000000000 ____D C:\- Series
2019-11-22 17:39 - 2014-04-01 15:32 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-17 10:48 - 2017-05-28 09:23 - 000004488 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-17 10:48 - 2014-10-09 08:37 - 000000000 ____D C:\Users\pc\AppData\Local\Adobe
2019-11-17 10:48 - 2014-04-30 11:02 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-17 10:48 - 2014-04-30 11:02 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-17 10:48 - 2014-04-30 11:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-17 10:48 - 2014-04-30 11:02 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-16 15:41 - 2018-03-12 21:26 - 000000000 ____D C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865b
2019-11-16 15:41 - 2014-03-19 02:15 - 000000000 ____D C:\ProgramData\Intel
2019-11-15 22:37 - 2017-05-19 17:39 - 000001311 _____ C:\Users\pc\Desktop\Roblox Player.lnk
2019-11-15 22:37 - 2017-05-19 17:39 - 000001130 _____ C:\Users\pc\Desktop\Roblox Studio.lnk
2019-11-15 22:37 - 2017-05-19 17:39 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-11-15 22:17 - 2015-11-08 18:11 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-06 17:19 - 2017-02-22 16:32 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2019-11-06 17:15 - 2014-03-19 04:23 - 000000000 ____D C:\Games
2019-11-06 17:11 - 2014-03-19 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks

==================== Files in the root of some directories ========

2018-02-02 20:52 - 2018-02-02 20:52 - 000000048 ____H () C:\Program Files (x86)\rad0fviyrv.dat
2015-04-19 13:20 - 2015-04-19 13:20 - 000005872 _____ () C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\pc\AppData\Roaming\IWEOJYP
2018-03-28 15:57 - 2018-04-18 21:03 - 000095906 _____ () C:\Users\pc\AppData\Roaming\logs.tmp
2016-01-02 11:09 - 2016-01-02 11:09 - 000000000 _____ () C:\Users\pc\AppData\Roaming\mediaload.io.lock
2016-02-07 14:10 - 2016-02-07 14:10 - 000000000 _____ () C:\Users\pc\AppData\Roaming\mediaload.io.url.lock
2018-03-28 15:57 - 2014-03-20 23:49 - 000053248 ____H (Microsoft Corporation) C:\Users\pc\AppData\Roaming\regasm.exe
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\pc\AppData\Roaming\WTLRTME

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-30 22:31
==================== End of FRST.txt ========================

Rodma · 6 Diciembre, 2019 10:36

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2019
Ran by pc (06-12-2019 11:16:11)
Running from C:\Users\pc\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-19 01:03:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3950879380-2275949493-3388743034-500 - Administrator - Disabled)
Invitado (S-1-5-21-3950879380-2275949493-3388743034-501 - Limited - Disabled)
pc (S-1-5-21-3950879380-2275949493-3388743034-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Actualización de NVIDIA 38.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.1.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Aslain's WoT Modpack versión 9.19.0.1.06 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.19.0.1.06 - Aslain)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.76.1867 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Colasoft MAC Scanner 2.3 (HKLM-x32\...\Colasoft MAC Scanner 2.3_is1) (Version: 2.3 - Colasoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0630 - Disc Soft Ltd)
Desinstalar DeX ModPack (HKLM-x32\...\{DCBAA42F-AB57-4803-82EB-CA968E6DC2B6}_is1) (Version: 8.1 - WOTanksMods, Inc.)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.0.4.0 - devolo AG)
Discord (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.398 - Softland)
eMule (HKLM-x32\...\eMule) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{385D03C4-767B-4B5F-A627-61319D136EF4}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ePub Converter (HKLM-x32\...\ePubConverter) (Version: 1.2.1 - eBook Converter)
ESL Wire 1.19.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
FACEIT (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\FACEITApp) (Version: 1.20.0 - FACEIT Ltd.)
FACEIT 0.15.0 (HKLM\...\1b460c18-2611-5297-a1a8-4f35160a268c) (Version: 0.15.0 - FACEIT Ltd.)
FormatFactory 4.6.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.6.1.0 - Free Time)
Game Summary (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 213.0.215 - Overwolf app)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monster Hunter Online Benchmark (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Monster Hunter Online Benchmark) (Version: 3.5.4.1272 - Tencent)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301034}) (Version: 7.02.9753 - Nero AG)
New Icons Tanks v4.7 For World Of Tanks v0.9.15 (HKLM-x32\...\New Icons Tanks v4.7_is1) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 440.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 440.97 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Oracle VM VirtualBox 5.0.28 (HKLM\...\{912B13BA-9046-4917-815F-B0060362228C}) (Version: 5.0.28 - Oracle Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.138.0.17 - Overwolf Ltd.)
PAGAN ONLINE (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\PGN.WW.PRODUCTION) (Version:  - Wargaming.net)
Panel de control de NVIDIA 440.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 440.97 - NVIDIA Corporation) Hidden
PingPlotter 5 (HKLM-x32\...\{70C023B8-2F51-43FC-886B-9B35B629C9B2}) (Version: 5.5.8.4168 - Pingman Tools, LLC) Hidden
PingPlotter 5 (HKLM-x32\...\PingPlotter 5 5.5.8.4168) (Version: 5.5.8.4168 - Pingman Tools, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Renta 2014 1.25 (HKLM-x32\...\8330-1526-1221-2374) (Version: 1.25 - AEAT)
Roblox Player for pc (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for pc (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
ShanaEncoder 4.8 (HKLM-x32\...\ShanaEncoder) (Version: 4.8 - LEE KIWON)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype versión 8.43 (HKLM-x32\...\Skype_is1) (Version: 8.43 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Space Hulk Ascension - Successor Chapter Pack (HKLM-x32\...\Space Hulk Ascension - Successor Chapter Pack_is1) (Version:  - )
SPORE(TM) (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18.2 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TopTankers Mod 0.9.16 versión 1.0 (HKLM-x32\...\{819D4BB0-B373-431D-840D-78C976F32FD2}_is1) (Version: 1.0 - )
Total War ROME II - Emperor Edition (HKLM-x32\...\Total War ROME II - Emperor Edition_is1) (Version:  - )
Total War WARHAMMER (HKLM\...\Total War WARHAMMER_is1) (Version: 1.0 - )
Uplay (HKLM-x32\...\Uplay) (Version: 46.0 - Ubisoft)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
Versus Mod (HKLM-x32\...\Versus Mod 9.7.15) (Version: 9.7.15 - Versus Co)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
War Thunder Launcher 1.0.3.52 (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Wargaming.net Game Center (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\Wargaming.net Game Center) (Version: 19.7.0.7412 - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Tanks EU (2) (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\WOT.EU.PRODUCTION(2)) (Version:  - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\WOT.EU.PRODUCTION) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\WOWS.EU.PRODUCTION) (Version:  - Wargaming.net)
World_of_Warplanes_EU (HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\WOWP.EU.PRODUCTION) (Version:  - Wargaming.net)
YouTube By Click (HKLM-x32\...\{4B16CDB0-9D6A-4FE3-91BC-0C4BD0051843}) (Version: 2.2.103 - ByClick) Hidden
YouTube By Click (HKLM-x32\...\YouTube By Click 2.2.103) (Version: 2.2.103 - ByClick)
YouWave for Android (HKLM-x32\...\YouWave) (Version: 3.30 - YouWave Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3950879380-2275949493-3388743034-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-02-21] (Notepad++ -> )
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_105.dll [2019-04-22] (Free Time) [File not signed]
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_105.dll [2019-04-22] (Free Time) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) =============

2015-09-26 15:42 - 2016-04-14 10:38 - 000214016 _____ () [File not signed] C:\Program Files\EslWire\service\NocIPC64.dll
2014-03-19 02:20 - 2013-04-26 03:24 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [221]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-02 16:46 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.166.211.1 - 212.166.132.104
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: 84ccd914 => C:\ProgramData\Intel\Wireless\e2d778d\hdahhcd.exe C:\ProgramData\Intel\Wireless\e2d778d\2737a28.au3
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BD64A9AC-ED03-4DA4-A778-D0E8013E3E3B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe No File
FirewallRules: [UDP Query User{CC5579AE-497D-416C-B2CB-293AB3851B99}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe No File
FirewallRules: [TCP Query User{67D50894-9400-49E1-BF3E-A41FB801116B}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [UDP Query User{FFFD128B-5DDA-49E5-8EE5-049DC3D8B0BB}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe No File
FirewallRules: [TCP Query User{CE64560A-8D1F-4050-A5E6-16B5CDFBD1FF}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed]
FirewallRules: [UDP Query User{0DF59906-1992-4371-8853-2FCCA099E42F}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed]
FirewallRules: [{AACBFAA6-493F-49A6-B426-CCA4CB7C761C}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{10D677FE-8788-439F-AB03-ED025D1FAD78}] => (Allow) C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B7B6D90C-F584-4843-B30C-C3C1D5336634}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{83EB88BE-D858-4AE7-98E6-FF83D6FA8CA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8C56ECC7-AD2C-4EE3-82EB-17DE825BCBCD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{45CB94E9-B3A5-4C89-AEA4-6CCB716B3966}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{1FB72A29-AF20-439A-9F56-FD77C52C592C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{1798E7AF-799D-43CE-B32A-36ED21CEE3B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{70D58D1A-1B99-43B3-80D5-2C57048990E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{58473DBB-5B50-422B-A700-7A99DCCD4C88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [TCP Query User{3CDE5860-A2CA-4638-AA9E-C9BA8CAAB675}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe No File
FirewallRules: [UDP Query User{B5EB4D3F-D368-4CBC-A8BC-52510244C345}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe No File
FirewallRules: [TCP Query User{65554464-8144-413E-BEEF-9DEC20FED913}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A0132A92-9ED5-4EB3-8142-657EF0BB7F94}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05CB4004-CF61-43AF-9CEF-DF95664D8500}] => (Allow) C:\Program Files\WindroyeBox\WindroyeBoxHD.exe (北京文安卓立科技有限公司 -> )
FirewallRules: [{B64651B5-52BD-4EDE-AE4F-7F59D1283773}] => (Allow) C:\Program Files\WindroyeBox\WindroyeBoxHD.exe (北京文安卓立科技有限公司 -> )
FirewallRules: [{01CE40BE-AA5E-4937-8CF4-BE5F0EDB83BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD90BA27-1A4D-436B-85AC-7ACA6BBB2133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{280D777A-F90F-4803-AB86-BD1E479017E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F897CA2A-2C19-4D72-9B88-2B35E0340183}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{64DCE30C-B79A-4557-9A85-5185DFEB23B5}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe No File
FirewallRules: [UDP Query User{FE023FF1-9AD8-44A6-85AA-19672E25ADF6}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe No File
FirewallRules: [{4DCEEA93-95E8-40C4-927D-EDD9106D35F3}] => (Allow) C:\Users\pc\AppData\Roaming\Andy\Setup.exe (Andy OS Inc -> )
FirewallRules: [{7A6B2889-4B98-40D2-92CD-5FF9E6DDF192}] => (Allow) C:\Users\pc\AppData\Roaming\Andy\Setup.exe (Andy OS Inc -> )
FirewallRules: [TCP Query User{40A88E63-BFAA-4BF9-B5B0-6363A5A9184D}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed]
FirewallRules: [UDP Query User{5AA6BCC0-CDB1-4F28-8508-8E40D9D1005C}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed]
FirewallRules: [TCP Query User{7F6AE13C-1701-4637-A130-662515B3AF77}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F2C91D11-1CDB-429C-BC4F-00AB0E0E5FFD}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D8F3A184-E169-4F0D-A782-060AA23E9BCB}C:\users\pc\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\pc\appdata\roaming\.minecraft\java\bin\javaw.exe No File
FirewallRules: [UDP Query User{C73348CD-B064-4996-BC8C-ECCAC749D740}C:\users\pc\appdata\roaming\.minecraft\java\bin\javaw.exe] => (Allow) C:\users\pc\appdata\roaming\.minecraft\java\bin\javaw.exe No File
FirewallRules: [{16BD32EA-D066-4340-9CB6-103683525981}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{544A99E4-DDE7-499E-BF03-C13984DFDE7E}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{36E7CDCD-A989-4DDA-A4F8-0EBF1F898578}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe (YouWave Inc. -> )
FirewallRules: [UDP Query User{509EBD22-F43F-40B5-9951-55A17BB629DB}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe (YouWave Inc. -> )
FirewallRules: [{9562D3EA-E84E-4013-B1F3-EF56B045D604}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{B87F1EAC-D123-452F-9E7A-569B09BBF4A5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{23B0B547-A78D-4BE2-9D42-F8EE75F1015D}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{5E0CEB60-3719-4FA3-B4D9-9DE70A75DD2B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{FB37219B-31F7-475D-A154-8183DCC7C634}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A0E6AA24-BC07-43D9-9DC8-6EF8EC9E5EF5}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A49B136D-9CEB-4161-B855-C6F85F8DBB77}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{737EAAE5-3D74-49A1-BA83-60694A8D2E58}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{64F66761-1770-429C-B422-FEDEA25EBD27}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{2421607E-06AD-48AA-9AA8-03F5CC26667D}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{88757710-1E2F-4B69-81CD-3F18D9521B43}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{2ED8D259-3458-45ED-B29B-8674F9946DA3}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9B067C4D-7B73-4FCC-872A-649A456E7621}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{D1273E93-E753-41FB-8556-98467796CA4F}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9E2860F3-B7A5-48D5-843C-FCDC06F28523}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{B980EBD2-BF67-4FFB-AB46-6D815FA8B550}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{3C139DF3-20A0-4B5B-91D8-0E35422BBEE6}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{5357978E-52AD-458A-9AEC-4D11A90D6BE3}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe No File
FirewallRules: [{F539F30A-C7B3-4A04-A543-103CD58842DD}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{FCF351ED-3D50-435D-B403-BE530B8CA6F5}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe No File
FirewallRules: [{403AF3E4-E81E-4D60-A855-692AC3F79F9C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{0F66EFBC-AAE5-4DDB-BDAD-6C8DC034BA78}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{973FB38A-10D6-478F-931E-6160BDE98073}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe No File
FirewallRules: [{B2D201E3-B5B8-40D3-9AFF-6B37C066EEB6}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe No File
FirewallRules: [{21C1E162-4767-4A14-A8F5-B685C9FE94F8}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe No File
FirewallRules: [{32DB008D-EA7B-4E19-86E4-BDB7EB593C85}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe No File
FirewallRules: [{BF1086CB-6C7C-47FE-B708-CFA168F49B25}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{73966705-5FA2-4107-897F-8BA34A18010F}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9D8DE319-4787-40A8-8228-19CE15059B0A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{EA4937B9-D5C6-4FBB-BD2F-9115A205D028}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{653A1441-4A91-49FF-8B57-FC1DB266B756}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{FABBDC9F-F9D1-466D-94F6-37533D1D20BA}C:\program files (x86)\sega\total war rome ii - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\sega\total war rome ii - emperor edition\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{03F1AF07-3FA9-4E13-BAFC-A5A97677AECA}C:\program files (x86)\sega\total war rome ii - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\sega\total war rome ii - emperor edition\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{BC0BEC45-625E-4C6E-8552-29293DFA2AE0}C:\users\pc\downloads\juegos pc\win64eotudemo0.0561\eotuwin64\eotu\binaries\win64\eotu-win64-shipping.exe] => (Block) C:\users\pc\downloads\juegos pc\win64eotudemo0.0561\eotuwin64\eotu\binaries\win64\eotu-win64-shipping.exe No File
FirewallRules: [UDP Query User{40098A51-5A03-4A0A-8398-2136EDFB513E}C:\users\pc\downloads\juegos pc\win64eotudemo0.0561\eotuwin64\eotu\binaries\win64\eotu-win64-shipping.exe] => (Block) C:\users\pc\downloads\juegos pc\win64eotudemo0.0561\eotuwin64\eotu\binaries\win64\eotu-win64-shipping.exe No File
FirewallRules: [{C72F7DF0-0593-4E74-AC0C-AC5C154261CE}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{A558D31C-0468-47B8-B5AD-858FADB4207B}] => (Allow) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{785C33AA-8A65-4967-B286-38478683470F}] => (Allow) C:\Games\Total_War_Arena_EU\Arena.exe No File
FirewallRules: [{6F604FC8-3416-4078-A9B6-1A1599BBFBE0}] => (Allow) C:\Games\Total_War_Arena_EU\Arena.exe No File
FirewallRules: [{8AE2AEC1-459E-458C-A622-7E259E51AC8C}] => (Allow) C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) [File not signed]
FirewallRules: [{E66BCF97-CDAD-411D-AA9E-936E9354A908}] => (Allow) C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) [File not signed]
FirewallRules: [TCP Query User{3633A90E-9F24-4246-9B0D-DF184314F1C3}C:\program files\total war warhammer\warhammer.exe] => (Allow) C:\program files\total war warhammer\warhammer.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [UDP Query User{DA4A267D-7E08-452C-B09F-405C598DD70C}C:\program files\total war warhammer\warhammer.exe] => (Allow) C:\program files\total war warhammer\warhammer.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [TCP Query User{F8177510-B895-49D3-963B-526BA700D45C}C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe] => (Allow) C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe (Tencent) [File not signed]
FirewallRules: [UDP Query User{CD95C935-B38C-46F7-9EC6-D5BA0431DDCF}C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe] => (Allow) C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe (Tencent) [File not signed]
FirewallRules: [{B91A1E7B-B694-4ED5-B0FA-13B030655339}] => (Allow) C:\Program Files (x86)\YouWave Android\YouWave Android.exe (YouWave Inc. -> )
FirewallRules: [{066995FF-A19B-4A9D-9B04-0372ED2D3A34}] => (Allow) C:\Program Files (x86)\YouWave Android\YouWave Android.exe (YouWave Inc. -> )
FirewallRules: [{8DC94ADB-C723-4EBC-88B2-369012E6C4CF}] => (Allow) C:\Program Files (x86)\YouWave Android\YouWave Android.exe (YouWave Inc. -> )
FirewallRules: [{88A0A03B-03C2-4049-93FF-8E61DE1871D3}] => (Allow) C:\Program Files (x86)\YouWave Android\YouWave Android.exe (YouWave Inc. -> )
FirewallRules: [{88065219-A83B-4ACA-8199-0F5BAC768B85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tank Force\TankForce.exe () [File not signed]
FirewallRules: [{B0A2605E-65F1-4EC7-BE34-CD333B2B5A88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tank Force\TankForce.exe () [File not signed]
FirewallRules: [TCP Query User{90F1471A-9EAF-4D51-840E-553178260F7E}C:\users\pc\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pc\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{02FF86F2-AE39-4032-8AEC-7E929D944F96}C:\users\pc\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\pc\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{6AB853A8-49CD-4305-928B-C9176D4C5B8B}C:\users\pc\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\pc\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{EC578BA6-1583-4C29-B415-6E420FFB9D9B}C:\users\pc\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\pc\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{D2E4EDC7-57F3-4253-B532-3BFB2B416B9A}C:\games\world_of_tanks_encore\wotencorelauncher.exe] => (Allow) C:\games\world_of_tanks_encore\wotencorelauncher.exe No File
FirewallRules: [UDP Query User{885B1463-065E-4760-9A64-5C4D304A2E7C}C:\games\world_of_tanks_encore\wotencorelauncher.exe] => (Allow) C:\games\world_of_tanks_encore\wotencorelauncher.exe No File
FirewallRules: [TCP Query User{353B1C0F-EF90-4A29-932B-CFCE197BF7EF}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe No File
FirewallRules: [UDP Query User{E8C17074-FFE2-4513-A3BE-0781618F0E00}C:\program files\faceit\faceit.exe] => (Allow) C:\program files\faceit\faceit.exe No File
FirewallRules: [TCP Query User{9346BE62-C2AB-4E13-896C-3C86D3ED927E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8A53F5D9-7544-41F0-9ECD-93928690E10E}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CBF87318-9AB8-401A-BDD7-E329B16B6BCE}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A4B20942-7200-4A14-9E0D-64C4219FA284}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1263634F-458B-4E1A-8CE3-D240DAD46BA8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{5C971E7E-DAF0-4526-9E13-4444E0424999}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [{FB86B818-41ED-4AEA-BAA3-6095732ED9A9}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe No File
FirewallRules: [{BF77B8D1-B75A-4FC1-A3AF-7953D96EEE24}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe No File
FirewallRules: [{11F5256B-2A0C-44D6-8D25-7EC0128B60E0}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe No File
FirewallRules: [{401588BB-EDA3-4D3E-8CFE-6901D59E93B4}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe No File
FirewallRules: [{B0E2526A-BBDC-4FF4-A696-DC2D3848BEB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C5A6CF95-246C-453A-8ECC-FB1B51F85CE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{1F5A73E2-C3B2-432E-AEAC-4AE3FF4C9250}C:\program files (x86)\steam\steamapps\common\kards\kards\binaries\win64\kards-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kards\kards\binaries\win64\kards-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{DEC68DF8-F891-468B-AB03-360D901680AC}C:\program files (x86)\steam\steamapps\common\kards\kards\binaries\win64\kards-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kards\kards\binaries\win64\kards-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{562197D8-2938-414A-8A86-3C5027B79002}G:\games\world_of_tanks\worldoftanks.exe] => (Allow) G:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{B7F4F72D-C03E-4C90-ABFB-03309266223E}G:\games\world_of_tanks\worldoftanks.exe] => (Allow) G:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{5AB9B8B9-09F0-46C3-AB2E-CA435CC72D0B}C:\games\feed.and.grow.fish.v0.8.6\feed and grow.exe] => (Allow) C:\games\feed.and.grow.fish.v0.8.6\feed and grow.exe No File
FirewallRules: [UDP Query User{C356A519-A08A-4336-834C-B6E20CCF6D51}C:\games\feed.and.grow.fish.v0.8.6\feed and grow.exe] => (Allow) C:\games\feed.and.grow.fish.v0.8.6\feed and grow.exe No File
FirewallRules: [TCP Query User{E9810E1E-06DC-4860-A4C0-3B65E8940AD8}G:\games\world_of_tanks\wotlauncher.exe] => (Block) G:\games\world_of_tanks\wotlauncher.exe (Wargaming PCL -> Wargaming.net)
FirewallRules: [UDP Query User{E53F3644-B912-4066-A497-FFFF1B946C75}G:\games\world_of_tanks\wotlauncher.exe] => (Block) G:\games\world_of_tanks\wotlauncher.exe (Wargaming PCL -> Wargaming.net)
FirewallRules: [TCP Query User{5F5BCB88-A557-49D9-9C7A-BA1703B0AE30}C:\users\pc\downloads\binary.fortress.software.fileseek.pro.v6.0.1.multilingual.with.portable.incl.keygen-dvt\fileseek-6.0.1-portable\fileseek\fileseek.exe] => (Allow) C:\users\pc\downloads\binary.fortress.software.fileseek.pro.v6.0.1.multilingual.with.portable.incl.keygen-dvt\fileseek-6.0.1-portable\fileseek\fileseek.exe (Binary Fortress Software Ltd. -> Binary Fortress Software)
FirewallRules: [UDP Query User{DBAD0636-3A13-4047-8A3C-F5A29D0040C2}C:\users\pc\downloads\binary.fortress.software.fileseek.pro.v6.0.1.multilingual.with.portable.incl.keygen-dvt\fileseek-6.0.1-portable\fileseek\fileseek.exe] => (Allow) C:\users\pc\downloads\binary.fortress.software.fileseek.pro.v6.0.1.multilingual.with.portable.incl.keygen-dvt\fileseek-6.0.1-portable\fileseek\fileseek.exe (Binary Fortress Software Ltd. -> Binary Fortress Software)
FirewallRules: [{520388B2-52D7-43B4-A43C-4D72E243F133}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{7ED8AB93-4823-4DC6-B74B-0D1BCD961018}G:\games\world_of_warships\worldofwarships.exe] => (Allow) G:\games\world_of_warships\worldofwarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1BA32DB1-CE01-4A70-955B-54CFEE0E1F10}G:\games\world_of_warships\worldofwarships.exe] => (Allow) G:\games\world_of_warships\worldofwarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{9E438A47-24B8-43C1-A08E-A831297A1B26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{938CD4CF-A0F2-4256-AFB9-06A2EC9BCFF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{13523559-D2F9-4740-A4A5-726E27D19E44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive) [File not signed]
FirewallRules: [{7359654B-0F24-4D04-99F7-FCAA2687919D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe (Paradox Interactive) [File not signed]
FirewallRules: [{4424180A-304E-44AD-B514-DC30A891BB76}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{0B821894-75E3-40B7-AC6E-0007A5B86A70}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{88FC173C-DC51-4DAF-B301-0E5EE9C61043}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{D047450A-2151-43B6-9520-0698CDD66C7D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8CA075EA-BD79-4F29-9E9F-D34C8DF1C410}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C6F5F6FA-CCD0-4C94-B4C1-719883637C27}C:\games\feed.and.grow.fish.v0.9.2\feed and grow.exe] => (Allow) C:\games\feed.and.grow.fish.v0.9.2\feed and grow.exe () [File not signed]
FirewallRules: [UDP Query User{CCBEC396-D3F0-41FC-9B69-08F4BAE21E60}C:\games\feed.and.grow.fish.v0.9.2\feed and grow.exe] => (Allow) C:\games\feed.and.grow.fish.v0.9.2\feed and grow.exe () [File not signed]
FirewallRules: [{E72343DF-B64D-472D-8A2D-58D5A9D45206}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Layers of Fear\Layers of Fear.exe () [File not signed]
FirewallRules: [{6AB5ABBC-F025-4955-9346-0AF46E6DB9E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Layers of Fear\Layers of Fear.exe () [File not signed]
FirewallRules: [{5569CDD2-A69A-482B-8AFD-CB1D5AC103DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise of Legions\RiseOfLegions.exe () [File not signed]
FirewallRules: [{1EC7FD08-A101-4120-9647-F5A440E90F29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise of Legions\RiseOfLegions.exe () [File not signed]
FirewallRules: [TCP Query User{D88A5F08-F1BF-4202-9B73-C0DBAA0493BE}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [UDP Query User{146525C4-41A8-4EEA-94DD-98994274B1C4}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [{F01CBE72-8D30-4A54-B54F-F9B01B35FBC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B73EF152-3449-46EF-B940-0C09D73E83F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9825B530-5E94-48BC-AAD0-EA558FB6F158}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{25CF04B8-BC83-4CC3-9F53-B3F452E3C692}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{2F06CD95-4574-45DE-8371-1E4B7978BEDE}G:\games\world_of_tanks_classic\worldoftanks.exe] => (Allow) G:\games\world_of_tanks_classic\worldoftanks.exe No File
FirewallRules: [UDP Query User{763B9139-A003-4E9C-9ECC-3A6346BD8A79}G:\games\world_of_tanks_classic\worldoftanks.exe] => (Allow) G:\games\world_of_tanks_classic\worldoftanks.exe No File
FirewallRules: [{D63CBF4C-1C03-4FD6-9B39-0B7B06C95BE8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23069596-60A6-4966-A824-6754629589E8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C2A9FB93-ACD4-4C1F-A435-7932A0DFC665}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{855C4E46-23EE-4CD0-ABEB-444A8527CE0C}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed]
FirewallRules: [{5C4A3763-A1D6-4B70-9CAA-12145C6D0B9D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{5418E55B-C60E-49A6-AD67-7712A9B60450}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{FA310CA0-1440-4BBA-8B63-27E1945C68E1}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{00E04B2E-8430-42B0-9B3E-5816D40743EC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{2872F9E9-DA4D-42FA-A2A2-1EECA008889A}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{3EACD376-F618-4E04-A3C0-A88B71C65C59}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{7ACD067F-A844-4C76-BC45-2F671C5DDF15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{1E4A5F90-7060-4A67-AC95-05CC1C107553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [TCP Query User{0B13D7DD-A8F0-49F7-AF90-7B1CB394454A}G:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) G:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{C7886D51-6680-4FAF-8E5B-F34B0E1D51DC}G:\games\world_of_tanks\win32\worldoftanks.exe] => (Allow) G:\games\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{66BD9FA9-0C0A-4DF6-9B72-912E88FCB551}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ED57E676-25D0-4E3B-BF6D-8E21FD7C477A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA38CB11-89D2-4A72-83D8-4A0781F73D38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FEB156DC-D31D-415A-9EA4-20947B76DAF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5A240560-613F-46C1-B487-44CD70424AB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-11-2019 16:32:43 Punto de control programado
19-11-2019 20:47:46 Punto de control programado
30-11-2019 22:38:17 Punto de control programado



==================== End of Addition.txt =======================

Miguelgrado · 6 Diciembre, 2019 11:44

Tienes bastantes infecciones en el pc

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

Para hacerlo descarga Delfix en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: J - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: K - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {94a646c7-af01-11e3-90eb-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {9b04a7fa-e0b3-11e6-94f7-74d4351c9282} - H:\setup.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} - G:\iStudio.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d3-3004-11e7-a7b2-74d4351c9282} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d7-3004-11e7-a7b2-74d4351c9282} - J:\HiSuiteDownLoader.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe <==== ATTENTION
Task: C:\Windows\Tasks\IWEOJYP.job => C:\Users\pc\AppData\Roaming\IWEOJYP.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTLRTME.job => C:\Users\pc\AppData\Roaming\WTLRTME.exe <==== ATTENTION
C:\Users\pc\AppData\Roaming\IWEOJYP.exe
C:\Users\pc\AppData\Roaming\WTLRTME.exe
C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]
CHR HKLM-x32\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp]
S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2019-11-16 15:41 - 2019-11-16 15:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD
2018-02-02 20:52 - 2018-02-02 20:52 - 000000048 ____H () C:\Program Files (x86)\rad0fviyrv.dat
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\pc\AppData\Roaming\WTLRTME
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [221]
MSCONFIG\startupreg: 84ccd914 => C:\ProgramData\Intel\Wireless\e2d778d\hdahhcd.exe C:\ProgramData\Intel\Wireless\e2d778d\2737a28.au3
C:\ProgramData\Intel\Wireless\e2d778d


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)
Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el pc

Rodma · 6 Diciembre, 2019 12:34

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-12-2019
Ran by pc (06-12-2019 13:15:05) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: J - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: K - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {94a646c7-af01-11e3-90eb-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {9b04a7fa-e0b3-11e6-94f7-74d4351c9282} - H:\setup.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} - G:\iStudio.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d3-3004-11e7-a7b2-74d4351c9282} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d7-3004-11e7-a7b2-74d4351c9282} - J:\HiSuiteDownLoader.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe <==== ATTENTION
Task: C:\Windows\Tasks\IWEOJYP.job => C:\Users\pc\AppData\Roaming\IWEOJYP.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTLRTME.job => C:\Users\pc\AppData\Roaming\WTLRTME.exe <==== ATTENTION
C:\Users\pc\AppData\Roaming\IWEOJYP.exe
C:\Users\pc\AppData\Roaming\WTLRTME.exe
C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]
CHR HKLM-x32\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp]
S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2019-11-16 15:41 - 2019-11-16 15:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD
2018-02-02 20:52 - 2018-02-02 20:52 - 000000048 ____H () C:\Program Files (x86)\rad0fviyrv.dat
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\pc\AppData\Roaming\WTLRTME
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [221]
MSCONFIG\startupreg: 84ccd914 => C:\ProgramData\Intel\Wireless\e2d778d\hdahhcd.exe C:\ProgramData\Intel\Wireless\e2d778d\2737a28.au3
C:\ProgramData\Intel\Wireless\e2d778d


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94a646c7-af01-11e3-90eb-806e6f6e6963} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b04a7fa-e0b3-11e6-94f7-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d113d3-3004-11e7-a7b2-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d113d7-3004-11e7-a7b2-74d4351c9282} => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => moved successfully
C:\Windows\Tasks\IWEOJYP.job => moved successfully
C:\Windows\Tasks\WTLRTME.job => moved successfully
"C:\Users\pc\AppData\Roaming\IWEOJYP.exe" => not found
"C:\Users\pc\AppData\Roaming\WTLRTME.exe" => not found
"C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olghjjajidfdflkafeekiojnfmiolccp => removed successfully
HKLM\System\CurrentControlSet\Services\BstHdDrv => removed successfully
BstHdDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => removed successfully
NTIOLib_1_0_C => service removed successfully
C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD => moved successfully
C:\Program Files (x86)\rad0fviyrv.dat => moved successfully
C:\Users\pc\AppData\Roaming\WTLRTME => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk => moved successfully
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk => Shortcut argument removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\84ccd914 => removed successfully
C:\ProgramData\Intel\Wireless\e2d778d => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::1d39:1057:29a2:42e1%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.52
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet VirtualBox Host-Only Network:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::d42a:688b:6c1f:1c6f%13
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.56.1
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 

Adaptador de Ethernet VirtualBox Host-Only Network #2:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::4cf8:1cd9:caa0:8800%14
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.85.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 163800969 B
Java, Flash, Steam htmlcache => 197454681 B
Windows/system/drivers => 57388523 B
Edge => 0 B
Chrome => 669975346 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 79414137 B
systemprofile32 => 79480493 B
LocalService => 79480493 B
NetworkService => 80615689 B
pc => 4990536262 B
UpdatusUser => 4990536262 B

RecycleBin => 1794540837 B
EmptyTemp: => 12.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:20:10 ====

Buenas, pues parece que ya no sale el proceso de notepad, dejare unas horas por si acaso pero creo que se ha solucionado.

Y exactamente que infecciones tenia, era algun programa? Me gustaria saberlo para no volver a caer en el mismo error.

Muchas gracias

Miguelgrado · 6 Diciembre, 2019 12:56

Pues posible por descargar algo indebido…veo que tienes activador de windows,esas coas no suelen traer nada bueno

Ademas veo que tienes Format factory…buen programa…pero trae de todo,deberias eliminarlo

Antes vamos a ver si no queda nada.

Elimina esta carpeta:

C:\Program Files (x86)\Yahoo!

Y me pegas los logs de estos dos programas y comentas como sigue todo

Rodma · 7 Diciembre, 2019 08:15

Format Factory desinstalado.
Carpeta Yahoo! borrada

De momento no me ha vuelto a salir el proceso de notepad y todo me funciona bien. Pero creo que Eset Online Scanner me ha borrado algunos cracks para juegos

07/12/2019 7:32:17
Archivos analizados: 567514
Archivos infectados: 95
Amenazas desinfectadas: 95
Tiempo total de análisis 08:02:37
Estado del análisis: Finalizado


C:\- Juegos\Space.Hulk.Ascension.Successor.Chapter.Pack-SKIDROW.www.GamesTorrents.com\Space.Hulk.Ascension.Successor.Chapter.Pack-SKIDROW.www.GamesTorrents.com.iso	una variante de Win32/HackTool.Crack.EE aplicación potencialmente peligrosa	eliminado
C:\- Juegos\Space.Hulk.MULTi7-PROPHET\PROPHET\steam_api.dll	una variante de Win32/HackTool.Crack.EN aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\- Juegos\Space.Hulk.MULTi7-PROPHET\ppt-hulk-WWW.INTERCAMBIOSVIRTUALES.ORG.iso	una variante de Win32/HackTool.Crack.EN aplicación potencialmente peligrosa	eliminado
C:\- Juegos\WarHammer Total War\TOTAL.WAR.WARHAMMER-STEAMPUNKS\stp-tww.iso	una variante de Win32/Packed.VMProtect.ABD Troyano	eliminado
C:\- Juegos\Lemmings_Revolution.rar	una variante de Win32/HackTool.Crack.EC aplicación potencialmente peligrosa,una variante de Win32/HackTool.Patcher.AD aplicación potencialmente peligrosa,Win32/OpenCandy aplicación potencialmente peligrosa	eliminado
C:\- Movil\Memoria interna\.androidgp\1bfae5ea3a5ea04ca7cb397ebd647593	una variante de Android/Qysly.AA Troyano	eliminado
C:\- Movil\Memoria interna\.androidgp\3bdf92a570a027112a0a829d1336501a	una variante de Android/Qysly.S Troyano	eliminado
C:\- Movil\SD\.androidgp\1bfae5ea3a5ea04ca7cb397ebd647593	una variante de Android/Qysly.AA Troyano	eliminado
C:\- Movil\SD\.androidgp\3bdf92a570a027112a0a829d1336501a	una variante de Android/Qysly.S Troyano	eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella245.exe.vir	una variante de Win32/Adware.CognosAds.A aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe.vir	una variante de MSIL/Adware.BrowseFox.H aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir	una variante de Win32/Toolbar.Iminent.K aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\uninstall.exe.vir	una variante de Win32/Adware.CognosAds.A aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll.vir	Win64/Toolbar.Iminent.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll.vir	Win32/Toolbar.Iminent.N aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptimizerPro.exe.vir	una variante de Win32/SpeedingUpMyPC aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProGuard.exe.vir	una variante de Win32/Adware.SpeedingUpMyPC.AD aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProHelper.dll.vir	una variante de Win32/Adware.SpeedingUpMyPC.BA aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe.vir	una variante de Win32/Adware.SpeedingUpMyPC.AC aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProReminder.exe.vir	una variante de Win32/Adware.SpeedingUpMyPC.AE aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProStart.exe.vir	una variante de Win32/Adware.SpeedingUpMyPC.AG aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.20\OptProUninstaller.exe.vir	una variante de Win32/Adware.SpeedingUpMyPC.AG aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\common.js.vir	JS/Lightning.E aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\jquery.autocomplete.js.vir	JS/Lightning.B aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\js.js.vir	JS/Lightning.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit-ie8.js.vir	JS/Lightning.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit.js.vir	JS/Lightning.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit2.0.js.vir	JS/Lightning.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\indexIE8.html.vir	JS/Lightning.F aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi.vir	Win32/Toolbar.TNT2.I aplicación potencialmente indeseable	eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir	Win32/Toolbar.TNT2.I aplicación potencialmente indeseable	eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir	una variante de Win32/Adware.ELEX.PBM aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir	una variante de Win32/Adware.ELEX.PJY aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab_Bak.dll.vir	una variante de Win32/Adware.ELEX.PJY aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\uninstall.exe.vir	una variante de Win32/Adware.ELEX.KV aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir	una variante de Win32/Adware.ELEX.PJI aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir	una variante de Win32/Adware.ELEX.PY aplicación	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe.vir	Win32/BubbleDock.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Update.exe.vir	Win32/BubbleDock.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir	una variante de Win32/BubbleDock.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe.vir	una variante de Win32/BubbleDock.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\vi-view\UninstallManager.exe.vir	una variante de Win32/Adware.ELEX.PCP aplicación	no se ha podido desinfectar - archivo eliminado
C:\FRST\Quarantine\C\Users\pc\AppData\Roaming\WTLRTME.xBAD	JS/Toolbar.Crossrider.C aplicación potencialmente indeseable	eliminado
C:\Program Files (x86)\eBookConverter\ePub Converter\epub.converter.v2.7.109.352-patch.exe	una variante de Win32/HackTool.Patcher.AD aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\JDownloader\tools\Windows\kikin\kikin_installer.exe	una variante de Win32/Kikin.A aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Program Files (x86)\SEGA\Total War ROME II - Emperor Edition\steam_api.dll	una variante de Win32/HackTool.Crack.CS aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH	JS/Toolbar.Crossrider.I aplicación potencialmente indeseable	eliminado
C:\Users\pc\AppData\Roaming\IWEOJYP	JS/Toolbar.Crossrider.C aplicación potencialmente indeseable	eliminado
C:\Users\pc\Desktop\ccsetup511.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\--- Mirandomelo\ccsetup501.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\--- Mirandomelo\ccsetup511.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\--- Mirandomelo\disk-defrag-setup.exe	una variante de Win32/Auslogics.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\--- Mirandomelo\KMSAuto.Net.2015.v1.4.2.Portable(TheLordTutoriales).rar	una variante de MSIL/HackKMS.I aplicación potencialmente peligrosa,una variante de Win32/HackTool.KMSAuto.E aplicación potencialmente peligrosa	eliminado
C:\Users\pc\Downloads\--- Mirandomelo\SetupImgBurn_2.5.5.0_By_Pato2790.rar	una variante de Win32/Bundled.Toolbar.Ask aplicación potencialmente peligrosa	eliminado
C:\Users\pc\Downloads\--- Mirandomelo\SetupImgBurn_2.5.7.0.exe	una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente peligrosa,una variante de Win32/Bundled.Toolbar.Ask aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\--- Mirandomelo\vagina_dentata_[dvdrip][spanish][2009].torrent.zip	VBS/TrojanDropper.Agent.NPR Troyano	eliminado
C:\Users\pc\Downloads\Binary.Fortress.Software.FileSeek.Pro.v6.0.1.Multilingual.With.Portable.Incl.Keygen-DVT\Keygen\keygen-CRD.rar	MSIL/Keygen.AP aplicación potencialmente peligrosa	eliminado
C:\Users\pc\Downloads\Binary.Fortress.Software.FileSeek.Pro.v6.0.1.Multilingual.With.Portable.Incl.Keygen-DVT\desable_activation.bat	BAT/HostsChanger.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\Bluestacks\YouWave-Android-Free-3-30 - copia.exe	una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\Bluestacks\YouWave-Android-Free-3-30.exe	una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\black-summer-1-8-hdtv.zip	VBS/TrojanDropper.Agent.NTW Troyano	eliminado
C:\Users\pc\Downloads\El_Juego_1080p_Castellano.torrent.zip	VBS/TrojanDropper.Agent.NRG Troyano	eliminado
C:\Users\pc\Downloads\formatfactory-4-6-1-0.exe	una variante de Win32/FusionCore.AQ aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
C:\Users\pc\Downloads\Iron_Man_dvdrip.torrent.zip	VBS/TrojanDownloader.Agent.QPP Troyano	eliminado
C:\Users\pc\Downloads\SPAC.DESCARGAJUEGOS.COM.ES	una variante de Win32/HackTool.Crack.EN aplicación potencialmente peligrosa	eliminado
E:\--- WII ----\SetupImgBurn_2.5.5.0.exe	una variante de Win32/Bundled.Toolbar.Ask aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
E:\Drivers PC\DriverToolkitInstaller.exe	una variante de Win32/UwS.DriverToolkit.A aplicación	no se ha podido desinfectar - archivo eliminado
E:\Mod's WoT\IDM.UltraCompare.Professional.v15.10.0.18.Spanish.Incl.Keymaker-CORE\disable_activation.cmd	BAT/HostsChanger.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
E:\Mod's WoT\IDM.UltraCompare.Professional.v15.10.0.18.Spanish.Incl.Keymaker-CORE\keygen.exe	una variante de Win32/Keygen.AU aplicación potencialmente peligrosa	eliminado
E:\Mod's WoT\disk-defrag-setup.exe	una variante de Win32/Auslogics.C aplicación potencialmente indeseable	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Binary.Fortress.Software.FileSeek.Pro.v6.0.1.Multilingual.With.Portable.Incl.Keygen-DVT\Keygen\keygen-CRD.rar	MSIL/Keygen.AP aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\Binary.Fortress.Software.FileSeek.Pro.v6.0.1.Multilingual.With.Portable.Incl.Keygen-DVT\desable_activation.bat	BAT/HostsChanger.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Call.of.Duty.WWII-RELOADED\Crack\steam_api64.dll	una variante de Win64/HackTool.Crack.F aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\DriverPack.Solution.v15.4.1.DVD.Edition\DRP_15.4.1_DVD.iso	una variante de Win32/DriverPack.A aplicación potencialmente indeseable	eliminado
F:\Bajados Torrent\ePub.Converter.v2.7.109.352.Incl.Patch-RCG\Patch\epub.converter.v2.7.109.352-patch.exe	una variante de Win32/HackTool.Patcher.AD aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\IDM.UltraCompare.Professional.v15.10.0.18.Spanish.Incl.Keymaker-CORE\disable_activation.cmd	BAT/HostsChanger.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\IDM.UltraCompare.Professional.v15.10.0.18.Spanish.Incl.Keymaker-CORE\keygen.exe	una variante de Win32/Keygen.AU aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\Office Professional Plus 2016 Espaniol\Activadores\KMSAuto Lite Portable v1.2.1\KMSAuto.exe	una variante de Win32/HackKMS.Q aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Office Professional Plus 2016 Espaniol\Activadores\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe	una variante de MSIL/HackKMS.I aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Office Professional Plus 2016 Espaniol\Activadores\KMSpico.v10.1.6.FINAL-heldigard\KMSpico Install\KMSpico_setup.exe	una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente peligrosa,Win32/HackKMS.AZ aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Office Professional Plus 2016 Espaniol\Activadores\Microsoft.Toolkit.v2.6.BETA.1-CODYQX4\MTKV26B1.zip	una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\Space.Hulk.MULTi7-PROPHET\PROPHET\steam_api.dll	una variante de Win32/HackTool.Crack.EN aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Space.Hulk.MULTi7-PROPHET\ppt-hulk-WWW.INTERCAMBIOSVIRTUALES.ORG.iso	una variante de Win32/HackTool.Crack.EN aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\The.Sims.4-RELOADED\Crack\Game\Bin\rld.dll	Win32/HackTool.Crack.CY aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\The.Sims.4-RELOADED\Crack\Game\Bin\RldOrigin.dll	una variante de Win32/HackTool.Crack.DK aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\The.Sims.4-RELOADED\rld-thesims4-WWW.INTERCAMBIOSVIRTUALES.ORG.iso	una variante de Win32/HackTool.Crack.DK aplicación potencialmente peligrosa,Win32/HackTool.Crack.CY aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\The.Sims.4.Digital.Deluxe.Edition-3DM\The.Sims.4.Update.1.and.Crack-3DM\Crack\Game\Bin\3dmgame.dll	una variante de Win32/HackTool.Crack.CX aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\Acronis.True.Image.2015.v18.0.5539.rar	Win32/HackTool.Crack.FP aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\Acronis.True.Image.2016.v19.0.5586.MultilinguaL.zip	Win32/HackTool.Crack.FP aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\Acronis.True.Image.Premium.2014.v17.0.5560.www.mundomanuales.com.rar	Win32/HackTool.Crack.FP aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\FreeAudioConverter.exe	una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\FreemakeAudioConverter_1.1.0.62.exe	una variante de Win32/Freemake.A aplicación potencialmente indeseable,una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado
F:\Bajados Torrent\KMSpico.v10.1.5.FINAL.zip	una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente peligrosa,Win32/HackKMS.AZ aplicación potencialmente peligrosa	eliminado
F:\Bajados Torrent\USB.Secure.v2.0.3.rar	una variante de Win32/Keygen.KX.gen aplicación potencialmente peligrosa	eliminado
G:\Space Hulk Ascension - Successor Chapter Pack\steam_api.dll	una variante de Win32/HackTool.Crack.EE aplicación potencialmente peligrosa	no se ha podido desinfectar - archivo eliminado


Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 229672
Time elapsed: 32 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\pc\AppData\Roaming\regasm.exe (Trojan.Agent.TskLnk) -> Delete on reboot. [2d1202a93c8c44f250bb50f4ed1329d7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Muchas gracias

Miguelgrado · 7 Diciembre, 2019 11:10

Tienes activadores de todo tipo…para juegos, para Office…con todo ese tipo de descargas, el pc siempre estara infectado.Si no cambias los habitos, volveras a estar en breve.

Eset online, permite, segun manual, recuperar archivos eliminados, pero eso tu veras…

Para eliminar las herramientas usadas en la desinfección, realizas:

Descargas y Ejecutas >> Delfix, en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)
Marca solamente la casilla Remove disinfection tools
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

TEMA SOLUCIONADO

Rodma · 7 Diciembre, 2019 12:31

Ya le di eliminar por si acaso

Muchas gracias por todo, te debo una