Ventana Regasm.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 12:01 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 11:31 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-12 09:47 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-12 00:08 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-11 23:57 - 2018-04-11 13:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-11 16:25 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-11 16:17 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-11 10:58 - 2018-04-11 15:38 - 000000167 _____ C:\WINDOWS\win.ini
2018-11-11 10:52 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-11 10:26 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-11 10:20 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-11-11 10:08 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-11 10:05 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\Registration
2018-11-11 10:01 - 2018-04-11 15:38 - 000000000 __RSD C:\WINDOWS\media
2018-11-11 09:52 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-11 09:47 - 2018-04-11 15:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-11 09:47 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-11 09:47 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-11 09:47 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-11 03:18 - 2018-04-11 15:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-11 03:15 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-10-29 07:30 - 2018-04-11 15:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-29 07:30 - 2018-04-11 15:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-29 07:29 - 2018-04-12 01:37 - 000000000 ____D C:\WINDOWS\Containers
2018-10-29 07:29 - 2018-04-12 01:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-10-29 07:29 - 2018-04-12 01:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-29 07:29 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-29 07:29 - 2018-04-11 13:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-10-29 07:07 - 2018-04-12 01:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\com
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\IME
2018-10-29 07:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\Help
2018-10-29 07:07 - 2018-04-11 13:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-10-29 07:07 - 2018-04-11 13:04 - 000000000 ____D C:\WINDOWS\servicing
2018-10-28 10:29 - 2018-04-11 15:41 - 000000000 ____D C:\WINDOWS\Setup

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-11 09:48

==================== End of FRST.txt ============================  

este es un informe ahora pongo el otro

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by rcgod (12-11-2018 04:14:32)
Running from C:\Users\rcgod\Desktop
Windows 10 Pro Version 1803 17134.376 (X64) (2018-11-11 18:07:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2053444534-2490630247-2837568507-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2053444534-2490630247-2837568507-503 - Limited - Disabled)
Guest (S-1-5-21-2053444534-2490630247-2837568507-501 - Limited - Disabled)
rcgod (S-1-5-21-2053444534-2490630247-2837568507-1001 - Administrator - Enabled) => C:\Users\rcgod
WDAGUtilityAccount (S-1-5-21-2053444534-2490630247-2837568507-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2053444534-2490630247-2837568507-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Nitro Pro (HKLM\...\{3810A43A-1D03-4207-861B-904E29F7F7BB}) (Version: 12.1.0.195 - Nitro)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version:  - Microsoft)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-10] (AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro\12\NPShellExtension.dll [2018-07-24] (Nitro Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20846FCB-93EA-4935-83FF-79488177E698} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {24DFB46F-4D9E-4139-A044-9E7F643E626C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-10] (Google Inc.)
Task: {2CCCAFBD-A353-409A-80D6-F54020B678FB} - System32\Tasks\S-1-5-21-2053444534-2490630247-2837568507-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {311423F7-9708-4E53-8966-5DFB56046576} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {417DA7B2-7253-4F35-A74D-DA385DAC589C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {890E413E-665D-4543-A60A-257A7023D15F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-10] (AVAST Software)
Task: {8CAE5F98-3C10-4CC4-87AA-DE0CBE48F9F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {92FEB9FD-C855-4731-86FC-A9C2B1F8839D} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
Task: {B4EB84DD-5D99-449D-86DF-57CC45FDB9BF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {B99AA1B5-22A7-4D47-B6DB-D94D4B3A2FBF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-10] (AVAST Software)
Task: {F1CCB930-460E-44AB-87A3-A82AD1DD95BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-11 16:51 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-29 07:28 - 2018-10-29 07:28 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-12 01:21 - 2018-04-12 01:21 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-12 01:21 - 2018-04-12 01:21 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-12 01:21 - 2018-04-12 01:21 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-12 01:21 - 2018-04-12 01:21 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-12 01:21 - 2018-04-12 01:21 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-09-19 00:13 - 2018-09-19 00:13 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-04-12 01:24 - 2018-04-12 01:24 - 000475136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-04-12 01:24 - 2018-04-12 01:24 - 023358976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-04-12 01:24 - 2018-04-12 01:24 - 015622144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-04-12 01:24 - 2018-04-12 01:24 - 003101696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-04-12 01:24 - 2018-04-12 01:24 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-12 01:21 - 2018-04-12 01:21 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000031232 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-11-10 14:04 - 2018-11-10 14:04 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-10 14:04 - 2018-11-10 14:04 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-10 14:04 - 2018-11-10 14:04 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-10 14:04 - 2018-11-10 14:04 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-10 14:04 - 2018-11-10 14:04 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-11-12 09:47 - 2018-11-12 09:47 - 005719184 _____ () C:\Program Files\AVAST Software\Avast\defs\18111200\algo.dll
2018-11-10 14:06 - 2018-11-10 14:06 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-11 10:39 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 15:38 - 2018-04-11 15:36 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2053444534-2490630247-2837568507-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rcgod\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\landscapes - 196.jpg
DNS Servers: 62.81.16.148 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2053444534-2490630247-2837568507-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0A32C7EF-0A3C-4E21-9BD4-429373AB3063}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{543445A9-8EA7-4991-9D91-719C0ED907A8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{95072B46-0DA1-4B2A-9D8C-5947B1B803D0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{05AD4C11-C080-4BBA-8463-C2BA4A23F052}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{1D557374-D9A1-461F-B5C3-9540EF771E30}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{D883DE5F-0DE6-462A-8C32-99B198AF86DB}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{6B85368C-68BD-4603-8341-21D555B2D814}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{D2B35F2A-A735-44CA-B4EE-588B862215D2}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [{59738233-3558-4E87-8FC5-ECC532EDB6DD}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [{C1B8E58E-28B8-45C5-9636-A0408AF6FC16}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B6B2BEE3-BB04-495B-B062-B30D917891A9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

11-11-2018 10:17:00 Installed Microsoft Office Professional Plus 2016
11-11-2018 10:17:50 PROPLUS

==================== Faulty Device Manager Devices =============

Name: Mouse PS/2 de Microsoft
Description: Mouse PS/2 de Microsoft
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2018 03:19:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WpnUserService, versión: 10.0.17134.1, marca de tiempo: 0xa38b9ab2
Nombre del módulo con errores: NotificationController.dll, versión: 10.0.17134.165, marca de tiempo: 0xe0385185
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000007a24d
Identificador del proceso con errores: 0x26f8
Hora de inicio de la aplicación con errores: 0x01d47ab2f5671be5
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\NotificationController.dll
Identificador del informe: 3289d59b-7d41-4bd5-9ee8-727b258acbe3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/12/2018 09:47:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004C003
Argumentos de línea de comandos:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/12/2018 09:47:19 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Error de adquisición de la licencia para el usuario final. hr=0xC004C003
Id. de Sku=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (11/12/2018 09:47:19 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Detalles del error de adquisición de licencias. 
hr=0xC004C003

Error: (11/12/2018 09:47:16 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Error de adquisición de la licencia para el usuario final. hr=0xC004C003
Id. de Sku=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (11/12/2018 09:47:16 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Detalles del error de adquisición de licencias. 
hr=0xC004C003

Error: (11/12/2018 09:47:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004C003
Argumentos de línea de comandos:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/12/2018 09:47:07 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Error de adquisición de la licencia para el usuario final. hr=0xC004C003
Id. de Sku=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c


System errors:
=============
Error: (11/12/2018 03:52:39 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: El servicio AvastWscReporter depende del siguiente servicio: wscsvc. Este servicio podría no estar instalado.

Error: (11/12/2018 03:51:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: El servicio AvastWscReporter depende del siguiente servicio: wscsvc. Este servicio podría no estar instalado.

Error: (11/12/2018 03:50:02 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: El servicio AvastWscReporter depende del siguiente servicio: wscsvc. Este servicio podría no estar instalado.

Error: (11/12/2018 03:50:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: El servicio AvastWscReporter depende del siguiente servicio: wscsvc. Este servicio podría no estar instalado.

Error: (11/12/2018 03:19:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Windows Push Notifications User Service_3fb21 se terminó de manera inesperada. Esto ha sucedido 6 veces.

Error: (11/12/2018 03:19:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio User Data Access_3fb21 se terminó de manera inesperada. Esto ha sucedido 5 veces.

Error: (11/12/2018 03:19:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio User Data Storage_3fb21 se terminó de manera inesperada. Esto ha sucedido 5 veces.

Error: (11/12/2018 03:19:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Contact Data_3fb21 se terminó de manera inesperada. Esto ha sucedido 5 veces.


CodeIntegrity:
===================================

Date: 2018-11-12 03:44:08.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 03:44:06.933
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 03:43:53.054
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 10:20:05.382
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 10:20:05.314
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 10:07:31.079
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 09:49:52.727
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-12 09:49:21.145
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 80%
Total physical RAM: 2815.18 MB
Available physical RAM: 552.96 MB
Total Virtual: 4095.18 MB
Available Virtual: 1730.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.19 GB) (Free:862.1 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:931.51 GB) (Free:34.59 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:2794.52 GB) (Free:2549.27 GB) NTFS

\\?\Volume{890f1d70-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{890f1d70-0000-0000-0000-30abe8000000}\ () (Fixed) (Total:0.84 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 890F1D70)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=856 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 71FACBAF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.

==================== End of Addition.txt ============================ 

me aparece esto entre los archivos, read me - archivo de texto [CODE] Your files are Encrypted! For data recovery needs decryptor. How to buy decryptor:

  1. Download “Tor Browser” from https://www.torproject.org/ and install it.

  2. Open this link In the “Tor Browser”

http://huhighwfn4jihtlz.onion/sdlsgdewwbhr

Note! This link is available via “Tor Browser” only.


Free decryption as guarantee. Before paying you can send us 2 file for free decryption.

You unique ID 4F EA 4F 7E 74 7C DC 5C 6B 08 81 A1 1B 6E 44 05 A2 88 2F 99 33 E8 4F E9 D2 0D 84 C3 27 DC 02 9E F3 86 BF 7A 29 5F 85 FF 8B A2 C6 11 34 31 2D A3 48 A4 D8 37 62 21 67 22 82 BF 6D 01 17 1A B6 A0 9D 51 FD 3B 5E 64 43 53 43 55 FD 0E 7D AD E6 C1 EB 40 F7 F9 3F 9C 0C 73 F1 3C 83 61 DA CD D7 A9 A8 2F 09 6E AF E0 09 C1 F8 3C A5 33 D3 66 B4 55 25 2B 39 71 5D 39 4C F2 6C 5F C3 FC AB DF 56 C9 2F 8E 0A F5 DC 5A E5 38 AA 93 AB 60 F1 DE FA 36 38 6A D6 14 B5 E7 5C EC 1B AF 52 DD 92 86 AC C8 60 9B C9 EC 7E 84 A5 57 04 02 35 BC E5 B0 CB 81 E4 54 6F F5 FF A1 CF 0A 84 2E BA A8 38 17 34 D9 39 00 8A E5 7D EB 1C A5 BF 55 BF A4 EA CB 45 29 9E 8E 71 F6 E1 BB C5 62 B7 2A B6 DD 71 84 CF 60 4D 32 69 80 24 C5 D0 A7 81 D0 6B 90 E1 70 6B 21 A7 C8 E0 8C 66 2F 70 6F 7D 6E EB 17 3F 2F E4 A7 [/CODE] hay varios y tocos son iguales lo he comprobado, muchas gracias

Mientras reviso los logs, mira el siguiente link y dime el resultado para saber que Rasonware te ha afectado.

Comenta también como va el problema planteado en el tema, sobre la ventana

Este ransomware no tiene ninguna forma conocida para descifrar los datos en este momento.

Se recomienda hacer una copia de seguridad de sus archivos cifrados, con la esperanza de una solución a futuro.

la ventana no sale, tengo tres discos infecctados dos en el ordenador y un disco duro externo en este hay archivos infectado y otros no, he bajado algunos archivos y no se infecta o salen como PPTX, que me aconsejas, gracias

Pues lo que te indican…y guardar esos archivos por si en un futuro se puedan descifrar

Para asegurar de que no quede nada, realiza el siguiente análisis, con tus Discos externos conectados

Me pegas el log

buenos dias, hoy tengo trabajo pero te cuento dos veces que se ha hecho escaner las dos me se ha quedado parado el pc cuando pueda seguimos, muchas gracias

Realizalo en Modo seguro con Red

lo he hecho con modo seguro y no sale nada, paso el Avast y me sale esto MBR:\.\PHYSICALDRIVEO MBR:Backboot-G [Rtk] dice que es un virus pero no es capaz de eliminarlo cada vez que lo paso dice lo mismo, gracias

Pega igualmente el log de Eset y ademas:

Descarga en tú escritorio el :arrow_forward: TDSSKiller

Paso 1º Ejecute TDSSkiller.,acepte las condiciones y licencia de Kaspesrky y siga estos pasos:

(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

Haga clic sobre "Change parameters" y marque las opciones:

  1. Verify Driver Digital Signature;

  2. Detect TDLFS file system

  3. Use KSN to scan objects

  • Haga clic en OK, y luego presione el botón Start Scan.

  • Si se detecta un archivo infectado, la acción por defecto será Cure, haga clic en Continue. ( NO seleccione en ningún caso, Delete)

  • Si se detecta un archivo sospechoso, la acción por defecto será Skip, haga clic en Continue.

  • Se le puede pedir que reinicie el equipo para completar el proceso. Hacer clic en "Reboot Computer".

Una vez completado, se generara un log en la raíz del disco duro (Por lo general es el disco C:) como:

C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora.

:warning: :arrow_forward: [Muy Importante] Copie y pegue el final del reporte donde indica los archivos infectados/curados… en su siguiente respuesta en este mismo tema para continuar.

he encendido el PC y sale AVAST analizando el PC, creo que no ha cargado ni el windows, espero que termine y después hago lo que me dices o lo paro.

Eso es porque se ha activado el análisis de arranque de Avast, que lo hace automáticamente para tratar de eliminar virus que no puede con el sistema cargado.

Espera que termine,y después verifica si sigue detectando esa amenaza.

Si la vuelve a detectar, haces lo que te indique y si no comentas

ok gracias después comento

buenas noches, te cuento cuando termino Avast decía que había eliminado un virus MBR:.\PHYSICALDRIVEO MBR:Backboot-G [Rtk] y algunos archivos mas de windows el Eset y TDSSkiller dicen que no hay archivos infectados estoy con un portátil y los reportes no lo tengo aquí, te cuento cuando vi que podia tener problemas pase el contenido a los disco duros externos y otro que tengo en el PC los archivos que esta en el disco duro del PC están todos con el formato PPTX o PPXT no recuerdo bien, sin embargo en el disco duro externo solo esta la mitad aproximadamente, los que no están infectado se podrán utilizar (tengo el PC parado y no lo uso solo las pruebas que estamos haciendo) mi intención es formatear todos los discos que han estado infectado y guardar los no infectado que te parece, también te digo que el disco C cuando empiezan a examinar llega hasta los 260.000 archivos y solo tiene el Windows 10, Maiwarebytes, CCleaner, Malwarebytes AdwCleaner y poco mas unos 90 Gb cuando use el PC te mando los reporter

Lo del numero de archivos analizados, eso es normal, segun cada programa.

Lo de formatear las unidades infectadas y guardar los archivos sanos, bien.

Pega los logs y comentas

he encontrado en C una carpeta de TDSSKiller_Quarantine, cuatro notas, dia 15-11-18 1ª [InfectedObject] Type: MBR Name: \Device\Harddisk0\DR0 2ª InfectedFile] Type: Raw image 3ª [InfectedFile] Type: Raw BB image 4ª [InfectedFile] Type: Api image
y despues otra [InfectedObject] Verdict: Rootkit.Boot.Backboot.e

16-11-18 16:56:56.0916 0x1b30 =========================================================== 16:56:56.0916 0x1b30 Scan finished 16:56:56.0916 0x1b30 ============================================================ 16:56:56.0947 0x189c Detected object count: 0 16:56:56.0947 0x189c Actual detected object count: 0 16:57:34.0572 0x1ecc Deinitialize success

17-11-18
10:08:42.0165 0x1398 ============================================================ 10:08:42.0165 0x1398 Scan finished 10:08:42.0165 0x1398 ============================================================ 10:08:42.0197 0x0a40 Detected object count: 0 10:08:42.0197 0x0a40 Actual detected object count: 0 10:08:55.0525 0x07c4 KLMD registered as C:\WINDOWS\system32\drivers\69754725.sys 10:08:56.0306 0x07c4 Deinitialize success

Eset
16-11-18

C:\AdwCleaner\Quarantine\v1\20181111.235650\1\mipony\134.376.OCT2018\W10X64.MULTi5.OCT2018.iso#5988FBDB8716C779 una variante de Win64/CoinMiner.GA aplicación potencialmente no deseada eliminado
C:\Users\rcgod\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC#!001\MicrosoftEdge\Cache\2BNABNIA\avastdriverupdater[1].exe una variante de Win32/Slimware.A aplicación potencialmente no deseada desinfectado por eliminación
 Multi-OEM/Retail Project Version : 180226-R84.0 - BaseLine  [MRP via MDL Forum ONLY] 
 
Required project files extracted successfully. 
 
OEM's folder detected, structure appears OK. 
 
No Config File Detected - Using Default Settings. 
 
MRP Logging Mode              : Standard 
Confirm File Delete           : Disabled 
W10 TitleBar Color            : Disabled 
Show 'ThisPC' On Desktop      : Disabled 
 
OS Installation Date/Time     : 11/10/2018 {UTC} -- 12:42pm 
 
[OSINF] =======================  
[OSINF] Detected OS Information  
[OSINF] =======================  
[OSINF] Version {SKU}         : Windows 10 Pro {48} 
[OSINF] Edition {Registry}    : Professional {48} 
[OSINF] Edition {CBS}         : Professional 
[OSINF] Architecture          : 64 Bits 
[OSINF] Build Information     : 17134.1.amd64fre.rs4_release.180410-1804 
[OSINF] Update Build Revision : 376 
[OSINF] Edition Language/Code : en-US / 1033 {409h} 
[OSINF] Locale                : en-US 
[OSINF] Language Name Value   : ENU 
[OSINF] =======================  
 
[MBINF] ======================= 
[MBINF] Motherboard Information 
[MBINF] ======================= 
[MBINF] #01 CS Product Name   : [Aspire M1200/3200/5200       ] 
[MBINF] #02 CS Model Name     : [Aspire M1200/3200/5200       ] 
[MBINF] #04 CS Vendor Name    : [Acer] 
[MBINF] #05 CS System Name    : [Acer] 
[MBINF] #06 Baseboard Name    : [Acer] 
[MBINF] #08 BIOS or SLIC ID   : [ACRSYS - 20080507] 
[MBINF] #09 SLIC Information  : [No SLIC Table Present] 
[MBINF] #11 MSDM Information  : [No MSDM Table Present] 
[MBINF] ======================= 
 
[CMINF] ======================= 
[CMINF] CPU/Memory  Information 
[CMINF] ======================= 
[CMINF] CPU Name/Type         : [AMD Athlon{tm} 64 X2 Dual Core Processor 5200+] 
[CMINF] CPU Description       : [AMD64 Family 15 Model 107 Stepping 2] 
[CMINF] CPU Architecture      : [32/64 Bit Instruction Set] 
[CMINF] CPU Cores/Threads     : [2] / [2] 
[CMINF] Total Physical Memory : [2815 Mb] 
[CMINF] Available Memory      : [2203 Mb] 
[CMINF] ======================= 
 
[HDTYP] Info: HDD Detected. 
 
[SATOU] List user options enabled or applied... 
[PKEIC] The PID.txt file was not detected. 
[PKEIC] The ei.cfg file was not detected. 
[CKDMI] Querying BIOS for any manufacturer brand information. 
[THMOK] Acer [#04] manufacturer detected for automated theme/branding. 
[CHKMN] Computer Model Name: 'Aspire M1200/3200/5200' has been applied. 
[USRFT] CustomTheme option was not used. 
[WPCHK] Wallpaper.jpg transferred. 
[BGDFC] Desktop backgrounds folder created. 
[BGDFC] BackgroundDefault.jpg created from Wallpaper.jpg. 
[RMXML] OOBE.xml file processed. 
[UBREP] User.bmp replaced. 
[UPREP] User.png replaced. 
[UPREP] User-40.png replaced. 
[UPREP] User-32.png replaced. 
[UPREP] User-48.png replaced. 
[UPREP] User-192.png replaced. 
[WX81S] Lock Screen {img105.jpg} replaced. Original renamed as img0105.jpg. 
[WX81S] Log-In Background {img100.jpg} replaced. Original renamed as img0100.jpg. 
[OTFTS] OEM theme folder has been created. 
[OTFTS] OEM files have been transferred. 
[ATHBA] Acer OEM theme has been applied.  
[BSHCS] Branding script has completed. 
 
[ADMAN] Add-On Manager: Started. 
[USRAC] Windows 10: Enhanced Log-On screen has been enabled. 
[USRAC] 'User Account Picture' registry entry applied. 
[USRRO] Windows 'Registered Owner' {Winver} registry entry corrected. 
[USRD0] The 'defaultuser0' account was not present. 
[AMBPS] BIOS/Boot Mode  : Legacy  
[AMBPS] Partition Type  : MBR 
[AMHDC] Controller Mode : AHCI 
[CHKLS] License Status: Notification 
[OSLRC] License Status Reason Code: 0xC004F034 
[OSLRT] License not found/invalid or could not connect to the Activation Server. 
[CHKLS] Online connection maybe required to complete activation. 
[ADMAN] Add-On Manager: Completed. 
[CLNUP] MRP Clean Up Routine Processed. 
 
========================================================================================= 
= Please Note: It is advisable to logout or reboot your computer when possible to       = 
=              allow the Windows OS installed to finalize any settings.                 = 
=                                                                                       = 
=              If you have used any tweak options within the configuration file then    = 
=              it is required to do a log out or reboot cycle to allow these options    = 
=              to take effect.                                                          = 
========================================================================================= 
 
The Multi-OEM/Retail Project has completed.

17-11-18 C:\Windows\Temp\avast_ash2\CCleaner\ccsetup549.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura desinfectado por eliminación perdoname pero unas veces dice que hay y otras que no, la carpeta de TDSSKiller_Quarantine no la habia visto hasta ahora en C sale una nota de TDSSKiller y me habia confundido con ella muchas gracias por tu trabajo

Me has puesto unos galimatias de informes…:cry:

Por favor, pega los informes enteros, tal cual se indica en mis indicaciones, tanto el de Eset, como el de Tddskiller ( este ultimo la parte que se indica)

ha dia de hoy reporter de TDSSKiller como tu dices solo la parte de infectados/curados

13:47:07.0994 0x0ff8 Scan finished 13:47:07.0994 0x0ff8 ============================================================ 13:47:08.0026 0x00a0 Detected object count: 0 13:47:08.0026 0x00a0 Actual detected object count: 0 13:47:30.0823 0x0ec4 Deinitialize success el resto de informacion de TDSSKiller era por si tenia la imformacion algun valor para ti en la que tiene los nombres de los archivos infectados/curados te los puse por las fechas .

En Eset hoy dia C:\Windows\Temp\avast_ash2\CCleaner\ccsetup549.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura desinfectado por eliminación

igual que en TDSSKiller te puse los dias anteriores por si la informacion de los aarchivos eliminados te valian, haber si ahora me explico mejor gracias

El de Tdskiler, si,el de Eset también lo vi, pero el de Eset hay que ponerlo entero, tal cual, pues es importante para ver si esta bien realizado etc, al igual que cualquier otro informe que se pida, salvo indicación, se deben pegar enteros.

Avast te ha vuelto a detectar algo?

ahora voy hacer lo del Eset y despues paso el avast y lo comento gracias