Virus ADF.LY

Hola:

Desde hace algo más de un mes en Google Chrome se me abren de forma automática cada cierto tiempo pestañas nuevas de ADF.LY

He intentado solucioines de todo tipo:

  • AdwCleaner.
  • MalwareBytes.
  • CCleaner.
  • HitmanPro.
  • Eliminar desde la Configuración Avanzada de Google Chrome todas las Coookies, Caché, etc desde “el principio de los tiempos”.
  • He pasado los Antivirus también en “Modo Seguro”.

Después de cada Operación siempre paso el Cclear, limpio temporales, registro y demás, reinicio y no soy capaz de eliminar ese dichoso Virus/Malware.

Si por ejemplo dejo abierto el Ordenador luego al llegar a casa tengo más de 20 pestañas abiertas con lo de ADF.LY

Ya no sé que hacer…

¿Alguna ayuda-idea-orientanción?

Gracias & Saludetes. :wink:

Hola

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Hola de nuevo:

En primer lugar muchas gracias por la pronta respuesta. Os pego aquí los Ficheros:

FRST.TXT (Primera Parte)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by SuperManolito (administrator) on PCSUPERMANOLITO (30-11-2019 16:47:57)
Running from T:\Descargas
Loaded Profiles: SuperManolito (Available Profiles: SuperManolito)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
() [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
() [File not signed] T:\XAMPP\xampp-control.exe
(Apache Software Foundation) [File not signed] T:\XAMPP\apache\bin\httpd.exe
(Apache Software Foundation) [File not signed] T:\XAMPP\apache\bin\httpd.exe
(AVerMedia TECHNOLOGIES, Inc.) [File not signed] C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(AVerMedia) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(ES-Computing -> ES-Computing) C:\Program Files\EditPlus\editplus.exe
(FileZilla Project) [File not signed] T:\XAMPP\FileZillaFTP\FileZillaServer.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MariaDB Corporation Ab -> ) T:\XAMPP\mysql\bin\mysqld.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) [File not signed] C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153808 2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104088 2012-11-01] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [NvidiaDriver] => C:\WINDOWS\SysWOW64\windowsx86.vbs [133 2019-10-28] () [File not signed]
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-24] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064A2224-DA72-4FF4-BEB6-2AED059EDE38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-20] (Google Inc -> Google Inc.)
Task: {09BF6BB0-3D45-40CD-A1B5-D25E848AA622} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-11-09] () [File not signed]
Task: {0DB9E597-C0EE-4F35-965E-899EC050C92F} - System32\Tasks\AdobeGCInvoker-1.0-PcSuperManolito-SuperManolito => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {0EB4A368-2BBE-43F4-811D-129E9EFB7AD6} - System32\Tasks\Microsoft\Windows\Task Manager\Guids => C:\Users\SuperManolito\AppData\Roaming\\freetools\\guids.exe
Task: {169D8F9B-444E-44A2-9D3E-21B93F958B52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-20] (Google Inc -> Google Inc.)
Task: {2CBDCD3A-0AD2-4625-944E-64E8DFA73162} - System32\Tasks\PinnacleStudioUpdater => T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\PSNotification.exe [635976 2019-02-20] (Corel Corporation -> )
Task: {36DA43C4-BB96-4A1F-9ADF-E13163F698F5} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4475136 2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Task: {474BB8B1-7E7F-4D0D-BD60-6DAA205E4EB3} - System32\Tasks\Opera scheduled Autoupdate 1566350359 => C:\Users\SuperManolito\AppData\Local\Programs\Opera\launcher.exe [1528344 2019-11-20] (Opera Software AS -> Opera Software)
Task: {4ED64C61-C1D1-4408-968A-8EAA4B200CEB} - System32\Tasks\Device Doctor automatic scan and new device notifications => C:\Program Files (x86)\Device Doctor\DDTray.exe [2478640 2019-01-24] (Avanquest Software SAS -> Device Doctor Software Inc.)
Task: {6552BFEA-8C8C-4A36-B5C1-97124E164450} - System32\Tasks\PinnacleStudio22Notifier => T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\PinnacleNotifierWrapper.exe [17504 2019-06-19] (Corel Corporation -> Pinnacle)
Task: {782733E4-D621-4DC2-9B94-940124603426} - no filepath
Task: {79B0D0DC-5A7B-42E0-9A1B-10C2D8F6F808} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
Task: {865E8180-E2BB-49A3-972C-F715236EB6E3} - System32\Tasks\Phoenix360\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe [2491632 2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {87A82FE2-9D88-4EC7-90D4-A146EDFF4F10} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe [524520 2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {9B76F04F-ED56-4D76-AE4F-30B75218A601} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [981184 2014-08-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {A0BF624C-E216-47F6-B766-E71461596A1E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [1454080 2018-10-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A1D9641B-85A8-4C86-A19B-5FDD581AE5A1} - System32\Tasks\Phoenix360\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe [524520 2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {A2452CBB-246C-4F96-B97A-A2B4B36A247C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd -> Piriform Ltd)
Task: {A78FDDE9-20D0-4256-BEA2-12A1C92809F0} - \tZHw7Jx3gY -> No File <==== ATTENTION
Task: {B55170F7-6FC3-4F86-9649-3D58EA5AB2A7} - no filepath
Task: {C1888C76-7C95-4A89-A705-501120D1CCD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2006E83-5D9E-4EA2-BB58-29B4B97CBFF5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E29A241E-E9E6-4941-93E9-56A4C09B1318} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [1456128 2018-11-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E9A1FB2E-8A4B-4B17-99B8-1518F1426D6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F244BC1D-F06C-4DC5-A9BC-B6EC43DF0F59} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe [524520 2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => T:\Descargas\adwcleaner_7.4.2(1).exe
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{28E52A0F-0F65-4C1F-B51D-27BFBA694BEA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{B55595FB-4963-4EDD-87CB-2775CDBD59D2}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C6601857-6FA2-431A-983F-A0FFD7A626F9}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{CC2EDE09-FF35-46FA-A9B4-263DD4875251}: [DhcpNameServer] 192.168.42.129
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kophja6s.default
FF DefaultProfile: kh2osx4e.default
FF DefaultProfile: csm6la6y.default
FF ProfilePath: C:\Users\SuperManolito\AppData\Roaming\PostboxApp\Profiles\kophja6s.default [2019-05-01]
FF Extension: (Cloud Service Providers for Postbox) - C:\Users\SuperManolito\AppData\Roaming\PostboxApp\Profiles\kophja6s.default\Extensions\[email protected] [2019-05-01] [Legacy] [not signed]
FF ProfilePath: C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default [2019-11-30]
FF Homepage: Mozilla\Firefox\Profiles\kh2osx4e.default -> www.google.es
FF Extension: (Video DownloadHelper) - C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF ProfilePath: C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default [2018-02-20]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Français Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\SuperManolito\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\csm6la6y.default\Extensions\[email protected] [2018-02-20] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\EagleGet\addon\[email protected] => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-10-03] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-10-03] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Amnis Technology Ltd -> Simon Bünzli)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2019-07-30] ( ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2024249287-706838763-1820079567-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Gracias & Saludetes. :wink:

FRST.TXT (Segunda Parte)

Chrome: 
=======
CHR Profile: C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default [2019-11-30]
CHR Extension: (Presentaciones) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-30]
CHR Extension: (Documentos) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-30]
CHR Extension: (Google Drive) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-30]
CHR Extension: (YouTube) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-30]
CHR Extension: (Hojas de cálculo) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-11-30]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-11-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-30]
CHR Extension: (Gmail) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\SuperManolito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-30]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>
CHR HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>

Opera: 
=======
OPR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\SuperManolito\AppData\Roaming\Opera Software\Opera Stable\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-08-21]
OPR Extension: (Install Chrome Extensions) - C:\Users\SuperManolito\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Corporate.12.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\12.00\Licensing\CE\NetworkLicenseServer.exe [964848 2015-11-30] (ABBYY Production LLC -> ABBYY Production LLC)
R2 Apache2.4; T:\xampp\apache\bin\httpd.exe [29696 2019-08-11] (Apache Software Foundation) [File not signed]
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
S4 cfbackd; C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2016-09-29] (508 Software, LLC -> CleverFiles)
R2 FileZillaServer; T:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S4 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] (Abstradrome -> )
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-04-01] (SurfRight B.V. -> SurfRight B.V.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 mysql; T:\xampp\mysql\bin\mysqld.exe [16171432 2019-09-08] (MariaDB Corporation Ab -> )
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109536 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
S4 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)
S4 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2017-03-09] (Nitro Software, Inc. -> )
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
S4 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-02-27] (Geek Software GmbH -> Geek Software GmbH)
S4 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [1880416 2017-02-22] (ANDREA VACONDIO -> Andrea Vacondio)
S4 PDFsam Enhanced 4 CrashHandler; C:\Program Files\PDFsam Enhanced 4\crash-handler-ws.exe [931680 2017-02-22] (ANDREA VACONDIO -> Andrea Vacondio)
S4 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [739168 2017-02-22] (ANDREA VACONDIO -> Andrea Vacondio)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2019-07-30] (Photodex Corporation -> )
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
S2 TenorshareWinAdService; C:\Users\SuperManolito\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe [40448 2017-11-28] (Tenorshare Co,Ltd) [File not signed]
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2019-03-28] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AVerA706_x64; C:\Windows\System32\DRIVERS\AVerA706_x64.sys [1532928 2012-08-28] (Microsoft Windows Hardware Compatibility Publisher -> AVerMedia TECHNOLOGIES, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2019-11-30] (SurfRight B.V. -> )
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [66128 2019-03-28] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-03-28] (Martin Malik - REALiX -> REALiX(tm))
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [48672 2017-06-19] (IObit Information Technology -> IObit)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Generic USB smartcard reader)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [111456 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSDNS; C:\Windows\System32\DRIVERS\NNSDns.sys [104728 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [212360 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [125864 2019-03-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [133056 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [99680 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [150048 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [89296 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [135640 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [347832 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [291152 2019-03-25] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [123304 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [296320 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [132544 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2018-01-10] (PAIPTAC  Driver -> )
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [197720 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [159832 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [214616 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [146520 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [158808 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [128600 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72280 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3565056 2010-09-13] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2017-02-27] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [216080 2019-01-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [227008 2019-01-28] (Oracle Corporation -> Oracle Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [700624 2019-03-28] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc. -> VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
U3 a9j6ombe; C:\Windows\System32\Drivers\a9j6ombe.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FRST.TXT (Tercera Parte y última)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-30 16:17 - 2019-11-30 16:17 - 000003132 _____ C:\Users\SuperManolito\Desktop\Rkill.txt
2019-11-30 15:24 - 2017-05-22 11:29 - 000072280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2019-11-30 15:00 - 2019-11-30 15:00 - 000000085 _____ C:\Windows\wininit.ini
2019-11-30 05:56 - 2019-11-30 05:56 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2019-11-23 15:22 - 2019-11-23 15:23 - 000000000 ____D C:\Users\SuperManolito\Desktop\Páginas Libro - DWEC - RAMA
2019-11-13 01:31 - 2019-11-05 22:29 - 004061624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-11-13 01:31 - 2019-11-05 22:29 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-11-13 01:31 - 2019-11-05 22:29 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-11-13 01:31 - 2019-11-05 22:27 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-11-13 01:31 - 2019-11-05 22:25 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000627640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-11-13 01:31 - 2019-11-05 22:24 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:23 - 005553888 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-11-13 01:31 - 2019-11-05 22:23 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-11-13 01:31 - 2019-11-05 22:23 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-11-13 01:31 - 2019-11-05 22:23 - 000368352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-11-13 01:31 - 2019-11-05 22:23 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-11-13 01:31 - 2019-11-05 22:23 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-11-13 01:31 - 2019-11-05 22:22 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-11-13 01:31 - 2019-11-05 22:22 - 000115936 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-11-13 01:31 - 2019-11-05 22:21 - 001671296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000706560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-11-13 01:31 - 2019-11-05 22:20 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 22:12 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-11-13 01:31 - 2019-11-05 22:03 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2019-11-13 01:31 - 2019-11-05 22:03 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2019-11-13 01:31 - 2019-11-05 21:58 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-11-13 01:31 - 2019-11-05 21:57 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-11-13 01:31 - 2019-11-05 21:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-11-13 01:31 - 2019-11-05 21:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2019-11-13 01:31 - 2019-11-05 21:55 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-11-13 01:31 - 2019-11-05 21:52 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-11-13 01:31 - 2019-11-05 21:52 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-11-13 01:31 - 2019-11-05 21:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-11-13 01:31 - 2019-11-05 21:52 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-11-13 01:31 - 2019-11-05 21:51 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-11-13 01:31 - 2019-11-05 21:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-11-13 01:31 - 2019-11-05 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-11-13 01:31 - 2019-11-05 21:51 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2019-11-13 01:31 - 2019-11-05 21:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-11-13 01:31 - 2019-11-05 21:51 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-11-13 01:31 - 2019-11-05 21:51 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 21:51 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 21:51 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 21:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-11-13 01:31 - 2019-11-05 21:50 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-11-13 01:31 - 2019-11-05 21:49 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-11-13 01:31 - 2019-11-05 21:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-11-13 01:31 - 2019-11-05 21:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-11-13 01:31 - 2019-11-05 21:47 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-11-13 01:31 - 2019-11-05 21:44 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-11-13 01:31 - 2019-11-05 21:44 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-11-13 01:31 - 2019-11-05 21:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-11-13 01:31 - 2019-11-05 21:43 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-11-13 01:31 - 2019-11-05 21:43 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-11-13 01:31 - 2019-11-05 21:43 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-11-13 01:31 - 2019-11-05 21:42 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-11-13 01:31 - 2019-11-05 21:42 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-11-13 01:31 - 2019-11-05 20:43 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-11-13 01:31 - 2019-10-26 08:31 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-11-13 01:31 - 2019-10-26 07:40 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-11-13 01:31 - 2019-10-24 05:07 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-11-13 01:31 - 2019-10-24 04:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-11-13 01:31 - 2019-10-24 04:55 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-11-13 01:31 - 2019-10-24 04:43 - 002910720 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-11-13 01:31 - 2019-10-24 04:42 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-11-13 01:31 - 2019-10-24 04:41 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-11-13 01:31 - 2019-10-24 04:41 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-11-13 01:31 - 2019-10-24 04:41 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-11-13 01:31 - 2019-10-24 04:40 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-11-13 01:31 - 2019-10-24 04:34 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-11-13 01:31 - 2019-10-24 04:33 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-11-13 01:31 - 2019-10-24 04:31 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-11-13 01:31 - 2019-10-24 04:30 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-11-13 01:31 - 2019-10-24 04:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-11-13 01:31 - 2019-10-24 04:30 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-11-13 01:31 - 2019-10-24 04:29 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-11-13 01:31 - 2019-10-24 04:29 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-11-13 01:31 - 2019-10-24 04:23 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-11-13 01:31 - 2019-10-24 04:22 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-11-13 01:31 - 2019-10-24 04:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-11-13 01:31 - 2019-10-24 04:19 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-11-13 01:31 - 2019-10-24 04:12 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-11-13 01:31 - 2019-10-24 04:12 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-11-13 01:31 - 2019-10-24 04:11 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-11-13 01:31 - 2019-10-24 04:08 - 000496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-11-13 01:31 - 2019-10-24 04:08 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-11-13 01:31 - 2019-10-24 04:08 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-11-13 01:31 - 2019-10-24 04:08 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-11-13 01:31 - 2019-10-24 04:07 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-11-13 01:31 - 2019-10-24 04:07 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-11-13 01:31 - 2019-10-24 04:06 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-11-13 01:31 - 2019-10-24 04:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-11-13 01:31 - 2019-10-24 04:04 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-11-13 01:31 - 2019-10-24 04:04 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-11-13 01:31 - 2019-10-24 04:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-11-13 01:31 - 2019-10-24 04:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-11-13 01:31 - 2019-10-24 03:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-11-13 01:31 - 2019-10-24 03:58 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-11-13 01:31 - 2019-10-24 03:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-11-13 01:31 - 2019-10-24 03:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-11-13 01:31 - 2019-10-24 03:55 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-11-13 01:31 - 2019-10-24 03:53 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-11-13 01:31 - 2019-10-24 03:53 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-11-13 01:31 - 2019-10-24 03:51 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-11-13 01:31 - 2019-10-24 03:51 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-11-13 01:31 - 2019-10-24 03:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-11-13 01:31 - 2019-10-24 03:47 - 015445504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-11-13 01:31 - 2019-10-24 03:45 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-11-13 01:31 - 2019-10-24 03:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-11-13 01:31 - 2019-10-24 03:44 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-11-13 01:31 - 2019-10-24 03:42 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-11-13 01:31 - 2019-10-24 03:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-11-13 01:31 - 2019-10-24 03:40 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-11-13 01:31 - 2019-10-24 03:39 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-11-13 01:31 - 2019-10-24 03:39 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-11-13 01:31 - 2019-10-24 03:35 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-11-13 01:31 - 2019-10-24 03:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-11-13 01:31 - 2019-10-24 03:32 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-11-13 01:31 - 2019-10-24 03:32 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-11-13 01:31 - 2019-10-24 03:31 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-11-13 01:31 - 2019-10-24 03:28 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-11-13 01:31 - 2019-10-24 03:27 - 013838336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-11-13 01:31 - 2019-10-24 03:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-11-13 01:31 - 2019-10-24 03:13 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-11-13 01:31 - 2019-10-24 03:10 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-11-13 01:31 - 2019-10-24 03:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-11-13 01:31 - 2019-10-15 00:58 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-11-13 01:31 - 2019-10-15 00:58 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-11-13 01:31 - 2019-09-17 03:33 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-11-13 01:31 - 2019-09-17 03:28 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-11-13 01:31 - 2019-09-10 03:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-11-13 01:31 - 2019-09-10 03:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-11-13 01:31 - 2019-09-10 01:09 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-11-13 01:31 - 2019-09-10 01:09 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-11-13 01:30 - 2019-11-05 21:54 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-11-13 01:30 - 2019-11-05 21:46 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-11-13 01:24 - 2019-11-13 01:24 - 000000658 _____ C:\Users\SuperManolito\Desktop\Birc 5.0.lnk
2019-11-12 02:31 - 2019-11-12 02:31 - 000003380 _____ C:\Windows\system32\Tasks\AutoPico Daily Restart
2019-11-12 02:31 - 2019-11-12 02:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2019-11-12 02:31 - 2019-11-12 02:31 - 000000000 ____D C:\Program Files\KMSpico
2019-11-11 01:46 - 2019-11-11 01:46 - 000000270 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2019-11-10 14:30 - 2019-11-30 15:00 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-11-10 14:30 - 2019-11-30 15:00 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-11-10 00:35 - 2019-11-11 01:50 - 000001179 _____ C:\Users\SuperManolito\Desktop\JRT.txt
2019-11-09 01:38 - 2019-11-09 01:38 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2019-11-04 21:43 - 2019-11-04 21:43 - 000000968 _____ C:\Users\Public\Desktop\AutoFirma.lnk
2019-11-04 21:43 - 2019-11-04 21:43 - 000000968 _____ C:\ProgramData\Desktop\AutoFirma.lnk
2019-11-04 21:43 - 2019-11-04 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoFirma
2019-11-04 21:42 - 2019-11-04 21:43 - 000000000 ____D C:\Program Files\AutoFirma
2019-11-01 03:07 - 2019-11-09 12:52 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-30 16:48 - 2017-10-13 18:20 - 000000000 ____D C:\FRST
2019-11-30 16:46 - 2019-03-31 23:31 - 000000000 __SHD C:\ProgramData\system86
2019-11-30 16:23 - 2017-03-09 01:01 - 000000000 ____D C:\Program Files\EditPlus
2019-11-30 16:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-30 15:32 - 2009-07-14 05:45 - 000031696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-30 15:32 - 2009-07-14 05:45 - 000031696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-30 15:29 - 2009-07-14 10:31 - 000753936 _____ C:\Windows\system32\perfh00A.dat
2019-11-30 15:29 - 2009-07-14 10:31 - 000161486 _____ C:\Windows\system32\perfc00A.dat
2019-11-30 15:29 - 2009-07-14 06:13 - 001694648 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-30 15:24 - 2019-10-28 20:43 - 000000000 ____D C:\ProgramData\VMware
2019-11-30 15:24 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-30 15:16 - 2017-04-05 00:46 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-30 15:05 - 2017-01-16 04:45 - 001668298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-11-30 15:04 - 2019-10-08 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtreme Download Manager
2019-11-30 14:57 - 2017-07-19 22:53 - 000000000 ____D C:\Users\SuperManolito\AppData\Local\CrashDumps
2019-11-30 06:01 - 2019-03-31 00:50 - 000000000 ____D C:\Users\SuperManolito\AppData\Roaming\qBittorrent
2019-11-30 05:55 - 2019-04-01 00:56 - 000000000 ____D C:\ProgramData\HitmanPro
2019-11-26 11:15 - 2019-08-21 02:19 - 000004172 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1566350359
2019-11-24 12:03 - 2019-03-30 22:41 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-24 12:03 - 2019-03-30 22:41 - 000002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-24 12:03 - 2019-03-30 22:41 - 000002187 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000002006 _____ C:\Users\Public\Desktop\Google Slides.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000002006 _____ C:\ProgramData\Desktop\Google Slides.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000002004 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000002004 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000001994 _____ C:\Users\Public\Desktop\Google Docs.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000001994 _____ C:\ProgramData\Desktop\Google Docs.lnk
2019-11-24 12:01 - 2018-06-23 01:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-11-24 12:01 - 2017-01-10 05:29 - 000000000 ____D C:\Users\SuperManolito\AppData\LocalLow\Mozilla
2019-11-24 11:59 - 2019-05-01 13:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-11-24 11:59 - 2017-08-09 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-23 21:39 - 2017-02-04 20:05 - 000000000 ____D C:\Mirc
2019-11-13 04:07 - 2019-07-11 01:23 - 000000000 ____D C:\Windows\rescache
2019-11-13 03:18 - 2019-04-14 00:57 - 000665416 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-13 03:17 - 2017-01-16 06:01 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-11-13 03:17 - 2017-01-16 06:01 - 000000000 ____D C:\Windows\system32\appraiser
2019-11-13 03:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-11-13 02:12 - 2017-01-09 06:12 - 000000000 ____D C:\Users\SuperManolito\AppData\Roaming\vlc
2019-11-13 01:32 - 2019-05-16 19:37 - 000000000 ____D C:\DRuiDa40
2019-11-13 01:31 - 2019-05-13 20:06 - 000000000 ____D C:\Storm
2019-11-13 01:30 - 2019-05-14 20:40 - 000000000 ____D C:\Mesias5
2019-11-13 01:29 - 2019-05-14 17:39 - 000000000 ____D C:\FraNkensteiN
2019-11-13 01:29 - 2017-06-04 22:35 - 000000000 ____D C:\Program Files (x86)\HDD Regenerator
2019-11-13 01:28 - 2019-05-14 16:58 - 000000000 ____D C:\mirc_6_03
2019-11-13 01:28 - 2019-04-13 02:58 - 000000000 ____D C:\Program Files (x86)\DVBViewer
2019-11-13 01:25 - 2019-03-26 20:02 - 000000000 ____D C:\Users\SuperManolito\Desktop\I  R  C
2019-11-13 01:24 - 2019-05-13 19:49 - 000000000 ____D C:\backbeat
2019-11-12 02:46 - 2019-05-16 21:29 - 000000000 ____D C:\K-Zombie
2019-11-10 00:40 - 2019-03-28 00:46 - 000000000 ____D C:\Users\SuperManolito\AppData\LocalLow\IObit
2019-11-09 21:46 - 2019-03-28 00:46 - 000000000 ____D C:\Program Files (x86)\IObit
2019-11-09 21:43 - 2019-03-28 00:46 - 000000000 ____D C:\ProgramData\IObit
2019-11-09 21:43 - 2019-03-28 00:45 - 000000000 ____D C:\Users\SuperManolito\AppData\Roaming\IObit
2019-11-09 16:25 - 2017-04-20 22:10 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-09 16:25 - 2017-04-20 22:10 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-09 16:25 - 2017-01-09 04:04 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-08 21:58 - 2018-07-19 22:05 - 000000000 ____D C:\Program Files (x86)\blueMSX
2019-11-04 21:47 - 2017-01-19 12:45 - 000000000 ____D C:\Users\SuperManolito\.afirma

==================== Files in the root of some directories ========

2019-03-31 23:31 - 2019-03-31 23:31 - 049527109 _____ (monsterkodi                                                 ) C:\ProgramData\kappo.exe
2019-08-02 21:47 - 2019-08-02 21:47 - 000000210 _____ () C:\Users\SuperManolito\AppData\Roaming\PCSUPERMANOLITO.MTBF.txt
2019-08-02 21:49 - 2019-08-02 21:49 - 000003584 _____ () C:\Users\SuperManolito\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-30 11:55 - 2017-11-30 11:55 - 000465408 _____ (Dirección General de la Policía) C:\Users\SuperManolito\AppData\Local\DNIeService.exe
2018-12-04 04:40 - 2019-03-31 02:03 - 000000397 _____ () C:\Users\SuperManolito\AppData\Local\katemetainfos
2018-12-04 04:38 - 2018-12-04 04:38 - 000001720 _____ () C:\Users\SuperManolito\AppData\Local\katepartrc
2018-12-04 04:38 - 2018-12-04 04:40 - 000000523 _____ () C:\Users\SuperManolito\AppData\Local\katerc
2018-12-04 04:40 - 2018-12-04 04:40 - 000000436 _____ () C:\Users\SuperManolito\AppData\Local\katevirc
2017-07-29 17:06 - 2017-07-29 17:06 - 000001246 _____ () C:\Users\SuperManolito\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-03-04 00:43
==================== End of FRST.txt ========================

ADDITION.TXT (Primera Parte)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by SuperManolito (30-11-2019 16:49:14)
Running from T:\Descargas
Windows 7 Professional Service Pack 1 (X64) (2017-01-09 02:23:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2024249287-706838763-1820079567-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2024249287-706838763-1820079567-1002 - Limited - Enabled)
Invitado (S-1-5-21-2024249287-706838763-1820079567-501 - Limited - Disabled)
SuperManolito (S-1-5-21-2024249287-706838763-1820079567-1000 - Administrator - Enabled) => C:\Users\SuperManolito

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
FW: Panda Firewall (Enabled) {F77F8DFC-1E5A-11E9-2FBF-DE5D4822445B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

25Th-July v4.0 (HKLM-x32\...\25Th-July v4.0) (Version:  - )
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.609 - ABBYY Production LLC)
Acronis Disk Director 12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3219 - Acronis)
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced EFS Data Recovery (remove only) (HKLM-x32\...\Advanced EFS Data Recovery) (Version:  - )
AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version:  - A-PDF Solution)
Aptana Studio (HKLM-x32\...\{2D6C1116-78C6-469C-9923-3E549218773F}) (Version: 3.6.0 - Appcelerator) Hidden
Aptana Studio (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\Aptana Studio 3.6.0) (Version: 3.6.0 - Appcelerator)
Ashampoo WinOptimizer 17 (HKLM-x32\...\{4209F371-A288-7880-7A7F-D105477C7D11}_is1) (Version: 17.00.23 - Ashampoo GmbH & Co. KG)
AtoMiC SCripT (HKLM-x32\...\AtoMiC SCripT) (Version:  - )
Attribute Changer 8.60 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.60 - Romain Petges)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioLava 1.0 (HKLM-x32\...\AudioLava_is1) (Version: 1.0 - Acon Digital Media GmbH)
Auto Straightener (HKLM-x32\...\Auto Straightener_is1) (Version:  - SABSOFT)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.5 - Gobierno de España)
AVerMedia M135 PCI TV Tuner 3.6.64.30 (HKLM-x32\...\AVerMedia M135 PCI TV Tuner) (Version: 3.6.64.30 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.15 - AVerMedia Technologies, Inc.) Hidden
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.15 - AVerMedia Technologies, Inc.)
BaCKBEAT (HKLM-x32\...\BaCKBEAT) (Version:  - )
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
BiglyBT (HKLM\...\0112-2557-8304-7048) (Version: 1.0.0.0 - Bigly Software)
Birc (Brujeria/IRC) 5.0 (HKLM-x32\...\Birc (Brujeria/IRC) 5.0) (Version:  - )
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 50 - Convivea Inc.)
BleachBit 2.2 (HKLM-x32\...\BleachBit) (Version: 2.2 - BleachBit)
BlueGriffon version 3.0.1 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 3.0.1 - Disruptive Innovations SAS)
blueMSX (HKLM-x32\...\{05C02EE9-9F0A-4052-A4DA-8621F729B1F5}) (Version: 2.8.2 - Team blueMSX)
Brackets (HKLM-x32\...\{73C9B88C-61DF-4DC1-9F38-8FBB2AF45816}) (Version: 1.12.1 - brackets.io)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Chaos Assembler 3 (HKLM-x32\...\{B8D5A2B7-E3EC-4D68-B4A9-9821096BEB82}) (Version: 1.01.0037 - TeddyWareZ)
Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM)
Coniuno 2.4 (HKLM-x32\...\Coniuno 2.4) (Version:  - )
Coniuno 2.5 (HKLM-x32\...\Coniuno 2.5) (Version:  - )
Coniuno, VerbTables (HKLM-x32\...\Coniuno Verbtables) (Version:  - )
Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version:  - )
CPUID CPU-Z 1.88 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.88 - CPUID, Inc.)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.10019 - CyberLink Corp.)
Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle)
DeadLock versión 1.4 (HKLM-x32\...\{2BF583CB-084C-4732-B377-827D2E91C688}_is1) (Version: 1.4 - CodeDead)
Device Doctor v5.0.276 (HKLM-x32\...\Device Doctor_is1) (Version: 5.0.276 - Device Doctor Software Inc.)
Digital Level Meter Version 1.70 (HKLM-x32\...\Digital Level Meter_is1) (Version:  - )
Disk Drill 2.0.0.285 (HKLM-x32\...\{396B3F71-9DEC-4806-983B-4A174E7C4B2F}) (Version: 2.0.285 - CleverFiles)
Disk-Manager (HKLM-x32\...\{7E9321C3-67B7-47CB-AAEC-B00A10B223F6}) (Version: 0.15 - Lex Lechz)
DreaMule 3.2 (HKLM-x32\...\DreaMule_is1) (Version:  - Bruno Cabral)
Driver Easy 5.6.9 (HKLM\...\DriverEasy_is1) (Version: 5.6.9 - Easeware)
DriversCloud.com (64 bits) (HKLM\...\{F16EB563-04B2-41CF-8E73-19FFBE53F7E4}) (Version: 10.0.8.0 - Cybelsoft)
DRuiDa SCRiPT v4.0 (HKLM-x32\...\DRuiDa SCRiPT v4.0) (Version:  - )
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 6.1.2 - CM&V)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 12.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
EditPad Lite 7.5.0 (HKLM\...\EditPad Lite) (Version: 7.5.0 - Just Great Software)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version:  - ES-Computing)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
eMule Plus 1.2e (HKLM-x32\...\eMule Plus_is1) (Version:  - eMule Plus Team)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileSeek 5.2.1 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 5.2.1.0 - Binary Fortress Software)
FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
FormatFactory 4.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.8.0.0 - Free Time)
Fotos narradas 3 para Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
FraNkensteiN SCRiPT (HKLM-x32\...\FraNkensteiN SCRiPT) (Version:  - )
Free Pascal 2.6.4 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
Free PDF Compressor (HKLM-x32\...\{BFA49A14-EC18-4071-BC13-B43043B09222}_is1) (Version:  - freepdfcompressor.com)
Fronch Skript 2.0 (HKLM-x32\...\Fronch Skript 2.0) (Version:  - )
GetDataBack Simple version 3.13 (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}_is1) (Version: 3.13 - Runtime Software, LLC)
Git version 2.16.2 (HKLM-x32\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GoldWave v6.30 (HKLM\...\GoldWave v6.30) (Version: 6.30 - GoldWave Inc.)
Google Books Downloader version 2.7 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.7 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HDD Regenerator (HKLM-x32\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.10.298 - SurfRight B.V.)
HP Dropbox Plugin (HKLM-x32\...\{7BEBB31E-58C4-4FA5-9AD1-ACBE32BF0D12}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{63BD9C12-5CE9-4294-B1C3-A09F971FAFB5}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 8710 Ayuda (HKLM-x32\...\{594F3A1B-56EF-4D79-AF11-F4E30CCC98C3}) (Version: 38.0.0 - HP)
HP OfficeJet Pro 8710 Software básico del dispositivo (HKLM\...\{8E1FFA56-BE34-4C54-82F2-7FD3EEBC137F}) (Version: 40.12.1161.1896 - HP Inc.)
HWiNFO64 Version 6.02 (HKLM\...\HWiNFO64_is1) (Version: 6.02 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{8A9945B1-E6C9-4C03-BFEE-A00471EF2652}) (Version: 12.3.7.0 - HP)
Infobel Espana Office v6.2 (HKLM-x32\...\{1DAF12CF-9E20-475B-AAE4-4FB2AA63610C}) (Version: 1.00.2005 - Kapitol) Hidden
Infobel Espana Office v6.2 (HKLM-x32\...\InstallShield_{1DAF12CF-9E20-475B-AAE4-4FB2AA63610C}) (Version: 1.00.2005 - Kapitol)
Infobel Espana Office v7.1 (HKLM-x32\...\{32EB52F3-4B9F-4D78-84DB-E1996E7FFAF9}) (Version: 1.00.2005 - Kapitol) Hidden
Infobel Espana Office v7.1 (HKLM-x32\...\InstallShield_{32EB52F3-4B9F-4D78-84DB-E1996E7FFAF9}) (Version: 1.00.2005 - Kapitol)
Initio USB Default Controller Driver 64-bit (HKLM\...\{71B1F6BE-E9FE-42CF-B71C-009EA962BFA9}) (Version: 1.0.3 - Western Digital)
Instalable DNIe (HKLM\...\{B4A6EF31-AC22-4BE2-A714-581FC66DBFAF}) (Version: 13.1.0 - Cuerpo Nacional de Policía)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2.1 - IObit)
iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)
iSkysoft PDF Editor 6 Pro(Build 6.3.5) (HKLM-x32\...\{6018D2AA-9F85-41A6-8F2D-9D9528555457}_is1) (Version: 6.3.5.2806 - iSkysoft Studio)
Jamorama Bonus Software (HKLM-x32\...\{58BA953D-D4CD-4F0D-BAD8-0AAF34634E8E}) (Version: 1.0 - Rock Star Recipes)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
KillProcess 2.44 (HKLM-x32\...\KillProcess) (Version: 2.44 - Orange Lamp Software Solutions)
K-Lite Codec Pack 13.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
KMSpico v9.3.2 (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: 9.3.2 - )
Kodi (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\Kodi) (Version:  - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Le Petit Robert 2012 (HKLM-x32\...\PR1CD2012) (Version:  - Le Robert)
Lexibase Pro (HKLM-x32\...\{22AE875F-B8B3-46AF-856C-CE858538D912}) (Version: 6.2 - )
los Nukes para el DRuiDa SCRiPT (HKLM-x32\...\los Nukes para el DRuiDa SCRiPT) (Version:  - )
Mailbird (HKLM\...\{7831EF79-68DF-4D0C-A155-E10BD465DAC9}) (Version: 2.5.43 - Mailbird)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MemoriesOnTV 4.1.2 (HKLM-x32\...\MemoriesOnTV4_is1) (Version:  - )
MemoriesOnTV ClipShow Volume 1.1 (HKLM-x32\...\MemoriesOnTV3-CS1_is1) (Version:  - )
MemoriesOnTV ClipShow Volume 2 (HKLM-x32\...\MemoriesOnTV-CS2_is1) (Version:  - )
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Photo Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0706 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{E34002C7-8CE7-3F76-B36C-09FA973BC4F6}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1243.427 - Microsoft Corporation)
MiniTool Partition Wizard 10.2.1 (DEMO) (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
mIRC (HKLM-x32\...\mIRC) (Version:  - )
Mozilla Firefox 70.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 70.0.1 (x64 es-ES)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
Mozilla Thunderbird 60.9.1 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 60.9.1 (x86 es-ES)) (Version: 60.9.1 - Mozilla)
MSX Alert! (HKLM-x32\...\MSX Alert!) (Version:  - )
MSX CAS Packager version 0.2.0 (HKLM\...\MSX CAS Packager_is1) (Version: 0.2.0 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiCam Capture Lite (HKLM\...\{0E4CA68C-72C3-4B01-AE33-8854AC00D17B}) (Version: 1.1.4.10460 - Corel Corporation)
muvee Reveal 12 (HKLM-x32\...\{E7E963C4-BB62-454F-B9B3-18A5D6145125}) (Version: 12.0.0.27842 - muvee Technologies Pte Ltd)
muvee Reveal Runtime (HKLM-x32\...\{E3DF089A-61AE-407C-82CC-0D4B0046328A}) (Version: 12.0.0.27842 - muvee Technologies Pte Ltd)
mvMeter2 1.0.7 (HKLM\...\{97D23C74-E340-4E1E-8306-184BC7FB8C68}}_is1) (Version: 1.0.7 - TBProAudio)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
Nitro Pro (HKLM\...\{DED283CF-9FC6-4AC2-9D25-86A5E7740E16}) (Version: 11.0.3.173 - Nitro)
NNScript (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\NoNameScript) (Version: 4.22 - ESNation)
NNSDiag (HKLM\...\{45AE51F4-2D21-4C4E-AEA5-D11B063AE04E}_is1) (Version:  - Panda Security, S.L.)
Node.js (HKLM-x32\...\{2D41A012-35EE-4724-AE8E-E592EDD9F89D}) (Version: 0.10.13 - Joyent, Inc. and other Node contributors)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NTFS Data Recovery 9 (HKLM-x32\...\{E208650E-BC95-4331-965C-052D9EC59890}_is1) (Version: 9 - LSoft Technologies Inc)
openMSX (64-bit) (HKLM\...\{5B2C394D-5857-4794-9667-3CE972D211AC}) (Version: 0.13.0.0 - openMSX)
Opera Stable 65.0.3467.48 (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\Opera 65.0.3467.48) (Version: 65.0.3467.48 - Opera Software)
Oracle VM VirtualBox 5.2.26 (HKLM\...\{28CBFD88-CBF3-482C-978E-DB437CCEDFC8}) (Version: 5.2.26 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{D722A8FD-502E-4765-B92C-D6A55652D01C}) (Version: 10.07.35 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.7.4 - Panda Security)
Panel de control de NVIDIA 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.44 - NVIDIA Corporation) Hidden
PassFab for RAR (HKLM-x32\...\{PassFab for RAR}_is1) (Version: 9.3.3 - PassFab, Inc.)
PDF Repair Toolbox 2.7 (HKLM-x32\...\PDF Repair Toolbox_is1) (Version:  - Recovery Toolbox, Inc.)
PDF24 Creator 8.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFill PDF Editor Professional (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 14.0 - PlotSoft LLC)
PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
PDFsam Basic (HKLM\...\{C123F44A-999B-4BED-98E7-D550ED14C94B}) (Version: 4.0.3.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PDFsam Enhanced 4 (HKLM-x32\...\PDFsam Enhanced 4) (Version: 4.0.5.32198 - Copyright 2017 Andrea Vacondio)
PDFsam Enhanced 4 Asian Fonts Pack (HKLM\...\{B196CA8F-9E0B-4313-B869-D70ABBF39D65}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Convert Module (HKLM\...\{2703396F-9F8D-4B33-9505-EC9790843796}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Create Module (HKLM\...\{B1F90D78-911F-478A-807E-C11F549F54F0}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Edit Module (HKLM\...\{5738E844-1029-4CEF-A31C-E1825431EC5B}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Forms Module (HKLM\...\{C54F9BD4-9C60-4B72-A8D2-30B4D003F348}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Insert Module (HKLM\...\{EFE05902-4CD7-448E-9504-45FD34983C48}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 OCR Module (HKLM\...\{AE52B43E-540F-4144-895D-D84477ADBAD8}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Review Module (HKLM\...\{8CE14103-AA20-4F03-A119-5DA176ECFC1C}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 Secure Module (HKLM\...\{F9B225E5-3A68-4DAB-95E0-13B32DE69277}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDFsam Enhanced 4 View Module (HKLM\...\{DF4F9D60-BF67-4BA3-8847-899F6A3C157E}) (Version: 4.0.6.32323 - Andrea Vacondio) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd)
PDF-XChange Lite Home (HKLM\...\{46912053-0305-4877-8EA9-92BC697E69D0}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite Home (HKLM-x32\...\{7fdc8724-a945-40b8-9229-06f54783d75b}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.)
PhAnATiC ScRiPT 5.0 (HKLM-x32\...\PhAnATiC ScRiPT 5.0) (Version:  - )
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pinnacle 3D Title Editor (HKLM\...\{0A4DB5B8-8C83-458B-8D0F-603543BA50A2}) (Version: 1.0.8.185 - Corel Corporation)
Pinnacle Creative Pack Volume 1 (HKLM\...\{C42189EA-8768-4B9A-B54B-5B8872853D16}) (Version: 7.0 - Corel Corporation)
Pinnacle Hollywood FX Volumes 1-3 (HKLM\...\{D6CB064E-E69F-4E2A-A9F5-BD9F538B5911}) (Version: 6.0 - Corel Corporation)
Pinnacle MyDVD (HKLM\...\{C9CEF17D-DE54-4E20-9FC8-8AE13A31E419}) (Version: 3.0.019 - Nombre de su organización) Hidden
Pinnacle MyDVD (HKLM-x32\...\{6C7DC3C2-32EF-4B67-B2FB-5CBCE63313D7}) (Version: 3.0 - Pinnacle)
Pinnacle ScoreFitter Volumes 1-2 (HKLM\...\{009950B1-18A3-4F88-AD32-47415BF7DD52}) (Version: 6.0 - Corel Corporation)
Pinnacle Studio 22 - Standard Content Pack (HKLM\...\{EEC666DC-1B29-4F81-8D7B-A886C86159C6}) (Version: 22.1 - Corel Corporation)
Pinnacle Studio 22 (HKLM\...\{74D19994-F843-4BFE-9850-18DFFC8A1056}) (Version: 22.3.0.377 - Corel Corporation)
Pinnacle Title Extreme (HKLM\...\{9D319237-4D59-418B-A972-C9CAD471A7A5}) (Version: 6.0 - Corel Corporation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Postbox 6.1.15 (x86 en-US) (HKLM-x32\...\Postbox 6.1.15 (x86 en-US)) (Version: 6.1.15 - Postbox, Inc.)
Power Meter Plus 1.6.1 (remove only) (HKLM-x32\...\Power Meter Plus) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
ProgDVB Professional (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.2.2750 - Jan Fiala)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
qBittorrent 4.1.7 (HKLM-x32\...\qBittorrent) (Version: 4.1.7 - The qBittorrent project)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 4.0.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.0 - VS Revo Group, Ltd.)
RuMSX (HKLM-x32\...\{D73840FE-AA40-428D-AEDE-59A2D6001A89}) (Version: 0.82 - Lex Lechz)
Scan Tailor (HKLM-x32\...\Scan Tailor) (Version:  - )
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Simple Port Tester (HKLM-x32\...\Simple Port Tester3.0.0) (Version: 3.0.0 - PcWinTech.com)
Skorpyus Script 3.1b (HKLM-x32\...\Skorpyus Script 3.1b) (Version:  - )
SlimDrivers (HKLM-x32\...\{6DF079D7-2A57-4710-81B1-064649FF86FC}) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.) Hidden
Software para dispositivos de chipset Intel® (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSD Tweaker version 3.7.0 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.7.0 - Elpamsoft.com)
STorMBringêR v4.2 (HKLM-x32\...\STorMBringêR v4.2) (Version:  - )
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Subtitle Edit 3.5.3 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.3.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.5.1.208 - iolo technologies, LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.72 - Tennyson Maxwell Information Systems, Inc.)
TextEdit 3 (HKLM-x32\...\{81C71501-D10F-4DE8-AFD9-E718E82B1D41}_is1) (Version: 3.0.0.4825 - Core Software Solutions)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.0 - Tweaking.com)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 25.20.0.72 - IDM Computer Solutions, Inc.)
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Universal Document Converter Server Edition (HKLM-x32\...\Universal Document Converter_is1) (Version: 6.6 - fCoder Group, Inc.)
Usb GamePad (HKLM-x32\...\{DEC7CD2E-2BB5-40C3-9592-078F64677E6C}) (Version: 1.00.0000 - )
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 9.0.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.1 - VMware, Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\WinDirStat) (Version:  - )
Window On Top version 3.8 (HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (12/15/2016 1.0.2.5) (HKLM\...\3A8235ACF0CF89B7EACE136B69B0B68ADC94D283) (Version: 12/15/2016 1.0.2.5 - Dirección General de la Policía)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
WinHex (HKLM-x32\...\WinHex) (Version:  - )
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wondershare Data Recovery(Build 5.0.9.6) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.9.6 - Wondershare Software Co.,Ltd.)
Wondershare Filmora(Build 8.4.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare PDFelement 7 Pro(Build 7.0.2) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.0.2.4291 - Wondershare Software Co.,Ltd.)
XAMPP (HKLM\...\xampp) (Version: 7.3.10-0 - Bitnami)
X-CRiPt 5.1 (HKLM-x32\...\X-CRiPt 5.1) (Version:  - )
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)
ZX-Blockeditor (HKLM-x32\...\{E621EA0D-87E5-42E7-9DC0-BB3839765E31}) (Version: 2.4.3.0 - Claus Jahn)
ZX-Editor Second Edition (HKLM-x32\...\{8D928CCE-6C3C-46DF-8AE2-76D833488A89}) (Version: 2.3.1.0 - Claus Jahn)

ADDITION.TXT (Segunda Parte)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2024249287-706838763-1820079567-1000_Classes\CLSID\{2E9C5A80-A39C-ABAF-7E7C-9D0C73C8E91E}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2024249287-706838763-1820079567-1000_Classes\CLSID\{93CF5929-A18C-68AB-1181-2633EEA27F4B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2024249287-706838763-1820079567-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll (IDM Computer Solutions, Inc. -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] (Notepad++ -> )
ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2016-12-30] (ES-Computing -> )
ContextMenuHandlers1: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers1: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64.dll [2016-08-09] (Binary Fortress Software Ltd. -> Binary Fortress Software)
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll [2019-07-02] (Free Time) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers1: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt64.dll [2014-09-01] (BreakPoint Software, Inc. -> BreakPoint Software, Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers1: [PDFsamEnhanced4_ManagerExt] -> {6641FF9D-C10F-4B6A-B25E-9978121F33FF} => C:\Program Files\PDFsam Enhanced 4\creator-context-menu.dll [2017-02-22] (ANDREA VACONDIO -> Andrea Vacondio)
ContextMenuHandlers1-x32: [TextEdit] -> {81C71501-D10F-4DE8-AFD9-E718E82B1D41} => C:\Program Files (x86)\TextEdit\ShellExt.dll [2006-06-19] (Core Software Solutions) [File not signed]
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges) [File not signed]
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt64.dll [2014-09-01] (BreakPoint Software, Inc. -> BreakPoint Software, Inc.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2012-11-01] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges) [File not signed]
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll [2019-07-02] (Free Time) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64.dll [2016-08-09] (Binary Fortress Software Ltd. -> Binary Fortress Software)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-12-19] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2018-05-17] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2024249287-706838763-1820079567-1000: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2018-12-07] (IDM Computer Solutions, Inc. -> )
ContextMenuHandlers6_S-1-5-21-2024249287-706838763-1820079567-1000: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2018-12-07] (IDM Computer Solutions, Inc. -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => pvmjpgx40.dll
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-14] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506312 2014-01-08] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [VIDC.VMnc] => C:\Windows\SysWOW64\vmnc.dll [353280 2012-11-01] (VMware, Inc.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\SuperManolito\Desktop\BaseX GUI.lnk -> C:\Program Files (x86)\BaseX\bin\basexgui.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Grееn Меssеngеr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
ShortcutWithArgument: C:\Users\SuperManolito\Desktop\Iniciar Base de Datos.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k C:\oraclexe\app\oracle\product\10.2.0\server\BIN\StartDB.bat
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Green Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jbdenakghoccpkjaboikhbinhmopiiio
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a73232b98ec7aa12\Web for Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=icjaongejfbiniochnadipceeikmhbaj
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8520157b0c24be80\Telegram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=djjkifoefibfoodilnhkmbhmadbgacni

ADDITION.TXT (Tercera Parte y última)

==================== Loaded Modules (Whitelisted) =============

2017-01-09 22:08 - 2012-06-10 02:33 - 000053248 _____ () [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2017-06-05 17:31 - 2013-08-26 13:12 - 000087040 _____ () [File not signed] C:\Windows\System32\redmonnt.dll
2019-10-14 12:49 - 2019-09-24 14:01 - 000225792 _____ () [File not signed] T:\xampp\apache\bin\libssh2.dll
2019-10-14 12:49 - 2019-02-28 12:36 - 000391168 _____ () [File not signed] T:\xampp\apache\bin\pcre.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000190464 _____ () [File not signed] T:\XAMPP\php\libpq.dll
2019-10-14 12:49 - 2019-08-11 13:19 - 000208384 _____ (Apache Software Foundation) [File not signed] T:\xampp\apache\bin\libapr-1.dll
2019-10-14 12:49 - 2019-08-11 13:19 - 000036352 _____ (Apache Software Foundation) [File not signed] T:\xampp\apache\bin\libapriconv-1.dll
2019-10-14 12:49 - 2019-08-11 13:19 - 000276992 _____ (Apache Software Foundation) [File not signed] T:\xampp\apache\bin\libaprutil-1.dll
2019-10-14 12:49 - 2019-08-11 13:20 - 000437248 _____ (Apache Software Foundation) [File not signed] T:\xampp\apache\bin\libhttpd.dll
2019-10-14 12:50 - 2019-08-11 13:21 - 000016896 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_access_compat.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000014848 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_actions.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000020992 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_alias.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000012800 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_allowmethods.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000013312 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_asis.so
2019-10-14 12:50 - 2019-08-11 13:20 - 000017920 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_auth_basic.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000015872 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authn_core.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000014336 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authn_file.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000023552 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authz_core.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000016896 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authz_groupfile.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000016896 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authz_host.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000012800 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_authz_user.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000037888 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_autoindex.so
2019-10-14 12:50 - 2019-08-11 13:20 - 000058368 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_cache.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000031744 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_cache_disk.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000025600 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_cgi.so
2019-10-14 12:50 - 2019-08-11 13:20 - 000092160 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_dav.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000023040 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_dav_lock.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000015872 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_dir.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000013312 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_env.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000022528 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_headers.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000048128 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_include.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000028672 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_info.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000029696 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_isapi.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000031744 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_log_config.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000022528 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_mime.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000035840 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_negotiation.so
2019-10-14 12:50 - 2019-08-11 13:20 - 000106496 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_proxy.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000041984 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_proxy_ajp.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000063488 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_rewrite.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000018432 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_setenvif.so
2019-10-14 12:50 - 2019-08-11 13:22 - 000024576 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_socache_shmcb.so
2019-10-14 12:50 - 2019-08-11 13:23 - 000181248 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_ssl.so
2019-10-14 12:50 - 2019-08-11 13:23 - 000026624 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_status.so
2019-10-14 12:50 - 2019-08-11 13:21 - 000014848 _____ (Apache Software Foundation) [File not signed] T:\XAMPP\apache\modules\mod_version.so
2017-01-09 22:08 - 2010-08-10 05:59 - 000118784 _____ (AVerMedia Technologies, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\AVERAPI.dll
2017-01-09 22:08 - 2012-08-31 23:07 - 000110592 _____ (AVerMedia Technologies, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\CardID.dll
2017-01-09 22:08 - 2011-07-21 18:40 - 000368640 _____ (AVerMedia Technologies, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\GraphMaster.dll
2017-01-09 22:08 - 2012-06-10 02:29 - 000159744 _____ (AVerMedia TECHNOLOGIES, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\M135.dll
2019-07-02 10:29 - 2019-07-02 10:29 - 000301568 _____ (Free Time) [File not signed] C:\Program Files (x86)\FormatFactory\ShellEx64_106.dll
2019-10-14 12:49 - 2019-08-04 14:26 - 000136704 _____ (hxxps://nghttp2.org/) [File not signed] T:\xampp\apache\bin\nghttp2.dll
2018-04-09 08:06 - 2018-01-28 16:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-06-05 02:23 - 2016-12-30 15:10 - 000159744 _____ (Romain Petges) [File not signed] C:\Program Files\Attribute Changer\acshell.dll
2012-11-01 01:37 - 2012-11-01 01:37 - 001019392 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Workstation\libeay32.dll
2012-11-01 01:37 - 2012-11-01 01:37 - 000211456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Workstation\ssleay32.dll
2019-10-14 12:49 - 2019-05-29 12:15 - 003407360 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] T:\xampp\apache\bin\libcrypto-1_1-x64.dll
2019-10-14 12:49 - 2019-05-29 12:16 - 000681472 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] T:\xampp\apache\bin\libssl-1_1-x64.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000086016 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_bz2.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000542208 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_curl.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000070656 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_exif.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 005395456 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_fileinfo.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000054272 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_ftp.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 001683968 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_gd2.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000054272 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_gettext.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 001417728 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_mbstring.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000110592 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_mysqli.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000122880 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_openssl.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000030720 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_pdo_mysql.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000901120 _____ (The PHP Group) [File not signed] T:\XAMPP\php\ext\php_pdo_sqlite.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 000035840 _____ (The PHP Group) [File not signed] T:\XAMPP\php\php7apache2_4.dll
2019-10-14 12:50 - 2019-09-24 14:01 - 009350656 _____ (The PHP Group) [File not signed] T:\XAMPP\php\php7ts.dll
2012-11-01 00:47 - 2012-11-01 00:47 - 000086528 _____ (VMware, Inc.) [File not signed] C:\Program Files (x86)\VMware\VMware Workstation\amqp.DLL
2019-07-07 19:58 - 2017-10-19 09:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\Windows\System32\WSPDFelementMonitor.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:SummaryInformation [151]
AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [390]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\fnmt.es -> hxxp://fnmt.es
IE trusted site: HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\fnmt.gob.es -> hxxps://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-2024249287-706838763-1820079567-1000\...\fnmt.gob.es -> hxxp://fnmt.gob.es

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-04-01 03:09 - 000000199 ___SH C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost 
127.0.0.1         app.drivereasy.com
149.202.196.40         dow0.drivereasy.com
149.202.196.40         dow1.drivereasy.com
127.0.0.1	svc.iolo.com
127.0.0.1	216.246.89.93

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\FPC\2.6.4\bin\i386-Win32;C:\Program Files\IDM Computer Solutions\UltraEdit;C:\Program Files (x86)\Git\cmd;C:\Program Files\AutoFirma\AutoFirma
HKU\S-1-5-21-2024249287-706838763-1820079567-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SuperManolito\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Corporate.12.0 => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AdvancedSystemCareService12 => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AVerRemote => 2
MSCONFIG\Services: AVerScheduleService => 2
MSCONFIG\Services: AVerUpdateServer => 2
MSCONFIG\Services: cfbackd => 3
MSCONFIG\Services: DSAService => 2
MSCONFIG\Services: DSAUpdateService => 3
MSCONFIG\Services: hddrsrv => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool11 => 2
MSCONFIG\Services: NitroUpdateService => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OracleMTSRecoveryService => 3
MSCONFIG\Services: OracleServiceXE => 2
MSCONFIG\Services: OracleXEClrAgent => 3
MSCONFIG\Services: OracleXETNSListener => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: PDF24 => 2
MSCONFIG\Services: PDFsam Enhanced 4 => 3
MSCONFIG\Services: PDFsam Enhanced 4 CrashHandler => 3
MSCONFIG\Services: PDFsam Enhanced 4 Creator => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupfolder: C:^Program Files (x86)^Common Files^AVerMedia^AVerQuick^AVerQuick.exe => C:\Windows\pss\AVerQuick.exe.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: Blogger => C:\ProgramData\Blogger\Blogger.exe
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HDD Regenerator => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Mailbird => "C:\Program Files\Mailbird\Mailbird.exe" startup
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [TCP Query User{59F3C5EC-9430-4F2B-8D7D-0EC02A66C0EF}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxps://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{B697E4A5-27A7-453B-9F82-99E2D1DF0031}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxps://www.emule-project.net) [File not signed]
FirewallRules: [{96C2F06D-0D5A-4243-9D06-BB90086D41D1}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe (PcWinTech.com) [File not signed]
FirewallRules: [{BB3F2AF1-056B-4F3F-8F80-91CDA97366E2}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe (PcWinTech.com) [File not signed]
FirewallRules: [{48401EE7-8DE8-4254-810A-18DDC51E5DD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{541C5392-8250-452A-918D-44777853B816}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{4F1C13E1-CF03-4BC6-A7A1-246D710E8D3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{66529ED8-6762-408C-9549-840FC43F0765}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{222A8E64-C720-472C-A760-F0D93B8AD2AA}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{36664268-DD6B-4AEE-A194-23BDE84819BE}C:\mirc\mirc.exe] => (Allow) C:\mirc\mirc.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [TCP Query User{BBFAAC4F-BFCD-4C2E-9763-5DB3FF9A9E1D}C:\program files (x86)\dreamule\emule.exe] => (Allow) C:\program files (x86)\dreamule\emule.exe (hxxp://www.dreamule.org) [File not signed]
FirewallRules: [UDP Query User{AF0B24BE-40E3-4C56-9201-5636C44333E4}C:\program files (x86)\dreamule\emule.exe] => (Allow) C:\program files (x86)\dreamule\emule.exe (hxxp://www.dreamule.org) [File not signed]
FirewallRules: [TCP Query User{143678F7-2576-4EA5-A7C0-055605E2CA71}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxps://www.emule-project.net) [File not signed]
FirewallRules: [UDP Query User{7BC1DCA1-381F-4626-87A9-C2877D1BA9EF}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxps://www.emule-project.net) [File not signed]
FirewallRules: [TCP Query User{FA96ECA7-7BC0-4698-8128-9CDB693C3C97}C:\mesias7.4\mesias.exe] => (Allow) C:\mesias7.4\mesias.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{89082BBA-FE6F-4516-88E4-BDC9F3EE92C8}C:\mesias7.4\mesias.exe] => (Allow) C:\mesias7.4\mesias.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{8F2C80BB-0528-4F88-B466-EA44F4A32E05}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{112131AE-8D7A-418D-ADBF-89FBC4FA9384}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{972464AA-343B-4D8C-96B9-C1AAF7525443}] => (Allow) C:\Program Files\BiglyBT\BiglyBT.exe (Bigly Software) [File not signed]
FirewallRules: [{D72B796D-985E-48EC-A0BD-BAA38BE1B3E8}] => (Allow) C:\Program Files\BiglyBT\BiglyBT.exe (Bigly Software) [File not signed]
FirewallRules: [{2A975FD1-89CF-40F3-B14F-8C81BCA1AF52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BD9F5FE-BD65-4139-988B-B7AC8C95F03C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CAB305D8-49AF-4096-9DC4-88A8E46374C4}] => (Allow) 㩃啜敳獲卜灵牥慍潮楬潴䅜灰慄慴剜慯業杮獜湳獜湳攮數 No File
FirewallRules: [{438D3400-9F96-4825-ACEF-1684C6CE94EC}] => (Allow) 㩃啜敳獲卜灵牥慍潮楬潴䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e No File
FirewallRules: [{581CA6F9-9395-4954-BCA1-BA85FEBE37AD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F320BEF9-ACA0-4267-A243-F8E797EDE84E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{2BECFEA7-D24C-4B63-86B2-1AB74A9B216E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{563EF931-03B9-4FDC-8211-8F543D732A7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DB2039FD-06AB-463F-9714-6EC24806D89F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{733825A4-801C-4C19-8C65-00BC5BF70004}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{5300BDBF-897B-4443-82E0-639A25452B9B}C:\mesias7.4\mesias.exe] => (Allow) C:\mesias7.4\mesias.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [UDP Query User{E903FE17-AF55-4841-82EC-B473306E4C32}C:\mesias7.4\mesias.exe] => (Allow) C:\mesias7.4\mesias.exe (mIRC Co. Ltd.) [File not signed]
FirewallRules: [{6102EB18-E21B-4572-93E8-B479DD43BF9F}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{4B8C7EC0-9D56-418D-A6F0-EAA3F9A8FFA7}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe (CYBELSOFT -> CybelSoft)
FirewallRules: [{01AC7DBE-8FBA-487A-B565-42AAFB97723A}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{C794344C-F212-4039-9D0F-A8C6F2E74A7D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{5A0EA8E8-9ED4-4DE5-96A6-ABBAF54ADBBA}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B04F6032-BC53-41E9-9FF7-5262311134BF}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{497DA11E-A18F-44CF-A37B-1051C85A2072}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D89685E8-2F96-4E82-BFBE-0D53054E97DD}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7345BD7C-DDC0-40A7-B6F6-153D8989334F}] => (Allow) LPort=5357
FirewallRules: [{B7FDD5EC-82BB-4E04-823B-B539E68D1818}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{376D0C8F-627A-4F24-B2E0-265F1D5AF776}] => (Allow) C:\Program Files (x86)\DVBViewer\DVBViewer.exe (CM&V Hackbart) [File not signed]
FirewallRules: [TCP Query User{69AF2AFB-0601-40BD-B1D7-D9064D9FB42C}C:\program files (x86)\progdvb professional\progtv.exe] => (Allow) C:\program files (x86)\progdvb professional\progtv.exe (Andrey Borodin -> Prog)
FirewallRules: [UDP Query User{261D24D0-8660-4288-8A60-86D408976999}C:\program files (x86)\progdvb professional\progtv.exe] => (Allow) C:\program files (x86)\progdvb professional\progtv.exe (Andrey Borodin -> Prog)
FirewallRules: [{78E2AA15-F519-4218-9987-8B0118F2721F}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{930ADB26-E40C-40B9-B19C-4A68BAF10685}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{8A848E2E-7714-4F8F-A188-77135A79C791}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{E9242C59-D37A-4095-8864-5FF3D0D778E6}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{FDEC37F8-EE50-4ECA-9B0E-582E1638F5AE}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{560E19CD-B888-4BF6-BB2C-064327D89038}] => (Allow) T:\Pinnacle_Studio_22_3__0_377-Instalado\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{0C1FCE5F-9207-4AEB-85FD-62546992CE0E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0F50DAF8-FC4A-48E1-9F7F-FF0F3EE8D99C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1A3B0E25-821E-4DE0-B27C-00BECAD50F5C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{BB034C0B-C54F-4044-992D-176D2EC37864}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{341BF939-5256-478A-9BF6-B489AF15DF6E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{03B39A46-00EF-4B5C-A9CA-3AE9604942B1}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{F406AB45-11A1-4BEC-8546-1577DC139CCA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) [File not signed]
FirewallRules: [{9ADC1059-C6B1-442A-8AA3-FCC00C3DB816}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) [File not signed]
FirewallRules: [{97DC0084-31C4-4F80-ACF2-DA0B4C3E5B0A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe () [File not signed]
FirewallRules: [{9AED9CA8-0034-4C25-8C45-DB534E17D584}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe () [File not signed]
FirewallRules: [{6A498019-8EF2-44F4-BB08-D3B02FFA0735}] => (Allow) C:\Users\SuperManolito\AppData\Local\Programs\Opera\64.0.3417.92\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{BC6B52AC-91C6-47D2-986C-9D92C1EE0A58}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{415D58E8-63CA-498B-85A6-B7BDE9778A4F}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{B853FC66-8E65-48C6-91CB-AB6C0AF02FCF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{6EF73FBF-CD3B-449A-A0FF-43818C14CF13}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{E5F6205D-63AE-46FF-A65E-9A3C763468E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A1A8BBE0-03B9-42D0-9B16-767D495D40AB}] => (Allow) C:\Users\SuperManolito\AppData\Local\Programs\Opera\65.0.3467.48\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/30/2019 04:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0xbd0
Hora de inicio de la aplicación con errores: 0x01d5a789e21e93d2
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: 82632060-1385-11ea-bacd-005056c00008

Error: (11/30/2019 02:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x14ac
Hora de inicio de la aplicación con errores: 0x01d5a77744a75182
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: e452aef9-1372-11ea-bceb-005056c00008

Error: (11/30/2019 01:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x16fc
Hora de inicio de la aplicación con errores: 0x01d5a76ecaf688ef
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: 6ab5de18-136a-11ea-bceb-005056c00008

Error: (11/30/2019 12:09:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x5c4
Hora de inicio de la aplicación con errores: 0x01d5a7664ac144b4
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: ea8b7a98-1361-11ea-bceb-005056c00008

Error: (11/30/2019 11:08:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x1c38
Hora de inicio de la aplicación con errores: 0x01d5a75dc36fad0f
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: 63394a5c-1359-11ea-bceb-005056c00008

Error: (11/30/2019 10:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x1f54
Hora de inicio de la aplicación con errores: 0x01d5a7553cfc68b2
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: dc802310-1350-11ea-bceb-005056c00008

Error: (11/30/2019 09:06:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x5cc
Hora de inicio de la aplicación con errores: 0x01d5a74cb8a08a67
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: 58c23890-1348-11ea-bceb-005056c00008

Error: (11/30/2019 08:05:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: PSANHost.exe, versión: 18.7.1.0, marca de tiempo: 0x5c7d350a
Nombre del módulo con errores: PSENKrnl.dll, versión: 4.0.6.0, marca de tiempo: 0x5c18e16d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000d92a
Id. del proceso con errores: 0x5c0
Hora de inicio de la aplicación con errores: 0x01d5a7443540a6a4
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSENKrnl.dll
Id. del informe: d50617d4-133f-11ea-bceb-005056c00008


System errors:
=============
Error: (11/30/2019 04:25:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Panda Protection Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (11/30/2019 04:17:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio TenorshareWinAdService se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (11/30/2019 03:27:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Ejecutar el programa de recuperación configurado) después de la terminación inesperada del servicio VMware Workstation Server, pero ocurrió el siguiente error: 
3 no es una aplicación Win32 válida.

Error: (11/30/2019 03:26:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio VMware Workstation Server terminó inesperadamente. Esto se ha repetido 3 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Ejecutar el programa de recuperación configurado.

Error: (11/30/2019 03:25:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio VMware Workstation Server terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (11/30/2019 03:24:48 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.

Error: (11/30/2019 03:24:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio VMware Workstation Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (11/30/2019 03:24:26 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: El servicio Programador de tareas no pudo cargar las tareas al inicio del servicio. Datos adicionales: valor del error: 2147942402.


CodeIntegrity:
===================================

Date: 2019-11-30 14:57:13.588
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2019-11-30 14:57:13.432
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2019-11-30 14:57:13.260
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2019-11-30 14:57:13.104
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2019-11-30 14:57:12.932
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-11-30 14:57:12.760
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\eagleGet.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-11-30 14:57:12.588
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\EagleGet\eagleGet_x64.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-11-30 14:57:12.416
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\EagleGet\eagleGet_x64.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.40 12/06/2013
Motherboard: ASRock G41C-GS
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8191.09 MB
Available physical RAM: 3297.56 MB
Total Virtual: 16380.32 MB
Available Virtual: 11107.35 MB

==================== Drives ================================

Drive c: (WIND_7) (Fixed) (Total:390.63 GB) (Free:4.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (WIND_XP) (Fixed) (Total:98.42 GB) (Free:87.51 GB) NTFS
Drive f: (Disc) (CDROM) (Total:1.29 GB) (Free:0 GB) CDFS
Drive g: (Windows_7) (Fixed) (Total:230 GB) (Free:61.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (DATOS) (Fixed) (Total:221.62 GB) (Free:25.81 GB) NTFS
Drive i: (Windows_XP) (Fixed) (Total:14.14 GB) (Free:5.32 GB) NTFS
Drive t: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:76.48 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 489 GB) (Disk ID: CD19A73B)
Partition 1: (Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 76837683)
Partition 1: (Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: AFB08CF4)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Lo primero, corta y pega Frst.exe, en el escritorio, pues se indicaba muy claro que habia que ejecutarlo desde esa ubicacion y no desde una carpeta, como la de descargas que usaste

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {782733E4-D621-4DC2-9B94-940124603426} - no filepath
Task: {A78FDDE9-20D0-4256-BEA2-12A1C92809F0} - \tZHw7Jx3gY -> No File <==== ATTENTION
Task: {B55170F7-6FC3-4F86-9649-3D58EA5AB2A7} - no filepath
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>
CHR HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
U3 a9j6ombe; C:\Windows\System32\Drivers\a9j6ombe.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
2018-12-04 04:38 - 2018-12-04 04:38 - 000001720 _____ () C:\Users\SuperManolito\AppData\Local\katepartrc
2018-12-04 04:38 - 2018-12-04 04:40 - 000000523 _____ () C:\Users\SuperManolito\AppData\Local\katerc
2018-12-04 04:40 - 2018-12-04 04:40 - 000000436 _____ () C:\Users\SuperManolito\AppData\Local\katevirc
Shortcut: C:\Users\SuperManolito\Desktop\BaseX GUI.lnk -> C:\Program Files (x86)\BaseX\bin\basexgui.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Grееn Меssеngеr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
ShortcutWithArgument: C:\Users\SuperManolito\Desktop\Iniciar Base de Datos.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k C:\oraclexe\app\oracle\product\10.2.0\server\BIN\StartDB.bat
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Green Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jbdenakghoccpkjaboikhbinhmopiiio
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a73232b98ec7aa12\Web for Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=icjaongejfbiniochnadipceeikmhbaj
ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8520157b0c24be80\Telegram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=djjkifoefibfoodilnhkmbhmadbgacni
AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:SummaryInformation [151]
AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [390]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el pc

Hola:

Pues sigo igual: me siguen apareciendo nuevas pestañas del puñetero… ADF.LY :frowning:

Os pego el Contenido del FIXLOG.TXT

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by SuperManolito (30-11-2019 18:41:33) Run:1
Running from C:\Users\SuperManolito\Desktop
Loaded Profiles: SuperManolito (Available Profiles: SuperManolito)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:

CloseProcesses:



HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, <==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-18\...\Run: [] => [X]

GroupPolicyScripts: Restriction <==== ATTENTION

Task: {782733E4-D621-4DC2-9B94-940124603426} - no filepath

Task: {A78FDDE9-20D0-4256-BEA2-12A1C92809F0} - \tZHw7Jx3gY -> No File <==== ATTENTION

Task: {B55170F7-6FC3-4F86-9649-3D58EA5AB2A7} - no filepath

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>

CHR HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>

U3 a9j6ombe; C:\Windows\System32\Drivers\a9j6ombe.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

2018-12-04 04:38 - 2018-12-04 04:38 - 000001720 _____ () C:\Users\SuperManolito\AppData\Local\katepartrc

2018-12-04 04:38 - 2018-12-04 04:40 - 000000523 _____ () C:\Users\SuperManolito\AppData\Local\katerc

2018-12-04 04:40 - 2018-12-04 04:40 - 000000436 _____ () C:\Users\SuperManolito\AppData\Local\katevirc

Shortcut: C:\Users\SuperManolito\Desktop\BaseX GUI.lnk -> C:\Program Files (x86)\BaseX\bin\basexgui.bat (No File)

Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)

Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)

Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files\Mozilla Firefox\firefox.bat (No File)

Shortcut: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Gr??n ??ss?ng?r.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

ShortcutWithArgument: C:\Users\SuperManolito\Desktop\Iniciar Base de Datos.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k C:\oraclexe\app\oracle\product\10.2.0\server\BIN\StartDB.bat

ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Green Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jbdenakghoccpkjaboikhbinhmopiiio

ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a73232b98ec7aa12\Web for Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=icjaongejfbiniochnadipceeikmhbaj

ShortcutWithArgument: C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8520157b0c24be80\Telegram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=djjkifoefibfoodilnhkmbhmadbgacni

AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:SummaryInformation [151]

AlternateDataStreams: C:\LA-BERREA-TORRE-DE-BABEL.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

AlternateDataStreams: C:\Windows:nlsPreferences [386]

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [390]



HOSTS:

REMOVEPROXY:

EMPTYTEMP:

CMD: netsh winsock reset

CMD: ipconfig /renew

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"="C:\Windows\system32\userinit.exe," => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{782733E4-D621-4DC2-9B94-940124603426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{782733E4-D621-4DC2-9B94-940124603426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A78FDDE9-20D0-4256-BEA2-12A1C92809F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A78FDDE9-20D0-4256-BEA2-12A1C92809F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tZHw7Jx3gY" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B55170F7-6FC3-4F86-9649-3D58EA5AB2A7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B55170F7-6FC3-4F86-9649-3D58EA5AB2A7}" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo => removed successfully
HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => removed successfully
a9j6ombe => service not found.
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
C:\Users\SuperManolito\AppData\Local\katepartrc => moved successfully
C:\Users\SuperManolito\AppData\Local\katerc => moved successfully
C:\Users\SuperManolito\AppData\Local\katevirc => moved successfully
C:\Users\SuperManolito\Desktop\BaseX GUI.lnk => moved successfully
"C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Could not move.
"C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Gr??n ??ss?ng?r.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
C:\Users\SuperManolito\Desktop\Iniciar Base de Datos.lnk => Shortcut argument removed successfully
C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b9ad9201ffa0c844\Green Messenger.lnk => Shortcut argument removed successfully
C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a73232b98ec7aa12\Web for Telegram.lnk => Shortcut argument removed successfully
C:\Users\SuperManolito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8520157b0c24be80\Telegram for Chrome.lnk => Shortcut argument removed successfully
C:\LA-BERREA-TORRE-DE-BABEL.JPG => ":SummaryInformation" ADS could not remove.
C:\LA-BERREA-TORRE-DE-BABEL.JPG => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully
C:\ProgramData\TEMP => ":B755D674" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14442166 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 128876 B
Edge => 0 B
Chrome => 120474637 B
Firefox => 18184971 B
Opera => 517809 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66972 B
systemprofile32 => 286733 B
LocalService => 286733 B
NetworkService => 299877 B
SuperManolito => 5784286 B

RecycleBin => 155541419 B
EmptyTemp: => 309.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:41:39 ====
  • Realiza copia marcadores de Chrome (Exportar MARCADORES) >> https://support.google.com/chrome/answer/96816?hl=es

  • Desinstalas Chrome con Revo.

  • Descarga e instalas >> Revo Uninstaller | InfoSpyware

  • Luego, segun Indico, desinstalas el / los programas indicados, seleccionando cuando lo indique Revo, el Modo Avanzado

  • Marcas NOMBRE PROGRAMA y pulsas desinstalar en el menu de Revo, en Modo Avanzado

  • Cuando lo hagas, se iniciara el desinstalador de NOMBRE DE PROGRAMA y al finalizar (si alguno te pide reiniciar, pulsas en NO o Cancelar y continuas con Revo), realizas:

  1. Pulsas Analizar en Revo, para que analice los restos del programa

  2. Pulsas seleccionar todo, para eliminar restos del registro

  3. Pulsas borrar todo

  4. Pulsas siguiente

  5. Pulsas seleccionar todo, para eliminar, si hay, carpetas

  6. Pulsas borrar todo

  7. Pulsas finalizar

Eliminas estas carpetas si estan:

  1. C:\ProgramData\Google/Chrome

  2. C:\Users\All Users\Google\Chrome

  3. C:\Users\TU NOMBRE DE USUARIO\AppData\Local\Google\Chrome

  4. C:\Users\TU NOMBRE DE USUARIO\AppData\Roaming\Google\Chrome

Reinstalas >> https://www.google.es/chrome/browser/desktop/

Hola de nuevo:

La idea de desinstalar el Chrome también la había valorado yo. No obstante, te comento… He desinstalado el Chrome, revisado que no haya Carpetas “residuales” y demás, lo he vuelto a instalar y… ¡siguen apareciendo las dichosas ventanas…!, así que ya no sé que hacer.

T

Tienes sincronizado Crome con otros dispositivos?

Hola:

Disculpa por no haberte podido responder antes, @Miguelgrado pero debido a las limitaciones de Post por día no me dejó publicar nada hasta ahora.

Te comento:

  • No, no tengo sincronizado Chrome con otros dispositivos.

  • Ya te puse el Contenido Completo de los Ficheros TXT generados por FRST (esta vez lo hice ejecutándolo desde el Escritorio)

Gracias & Saludetes. :wink:

No hacia falta repetir con Frst, si no te lo huebiese pedido.

Realizas:

Me pegas los logs y comentas como sigue.

Si el problema continua ,sube alguna imagen de esos anuncios/pestañas.

Hola:

Te pego aquí los LOG:

ZHPCleaner(S):

~ ZHPCleaner v2019.11.22.160 by Nicolas Coolman (2019/11/22)
~ Run by SuperManolito (Administrator)  (01/12/2019 19:10:15)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\SuperManolito\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\SuperManolito\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (1)
ENCONTRADOS: [kh2osx4e.default] - user_pref("extensions.webextensions.uuids", "{\"[email protected]\":\"7ec0f4f8-c323-4df8-a5c9-[...]  =>.SUP.Amazon1ButtonApp


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (45)
ENCONTRADOS archivo: C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default\browser-extension-data\[email protected]  =>.SUP.Amazon1ButtonApp
ENCONTRADOS carpeta: C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default\browser-extension-data\[email protected]\storage.js    =>.SUP.Amazon1ButtonApp
ENCONTRADOS carpeta: C:\Users\SuperManolito\AppData\Roaming\PCSUPERMANOLITO.MTBF.txt    =>SUP.Optional.PCSpeedUp
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\antiLeech.dll [http://xtreme-mod.net - antiLeech Dynamic Link Library (DLL)]  =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\downloads.bak    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\downloads.txt    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\emule.exe [http://www.dreamule.org - Dreamule]  =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\libvlc.dll    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\libvlccore.dll    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\MediaInfo.dll [http://mediainfo.sourceforge.net - Library for read info about media files]  =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\simplevlc.dll    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\unins000.dat    =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\unins000.exe [ - Setup/Uninstall]  =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files (x86)\DreaMule\unrar.dll    =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\config  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\incoming  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\lang  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\plugins  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\skins  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\Temp  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule\webserver  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\Program Files (x86)\DreaMule  =>Adware.aMULEcustom
ENCONTRADOS carpeta: C:\Program Files\KMSpico\AutoPico.exe [@ByELDI - AutoPico]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\KMSELDI.exe [@ByELDI - KMS GUI ELDI]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS]  =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.dat    =>HackTool.KMSpico
ENCONTRADOS carpeta: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall]  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\cert  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\driver  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\icons  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\logs  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\scripts  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\sounds  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\TokensBackup  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\x64  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico\x86  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreaMule  =>Adware.aMULEcustom
ENCONTRADOS archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
ENCONTRADOS archivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
ENCONTRADOS archivo: C:\ProgramData\QuickTime  =>Riskware.QuickTime
ENCONTRADOS archivo: C:\ProgramData\Application Data\IObit\ASCDownloader  =>SUP.Optional.AdvancedSystemCare
ENCONTRADOS archivo: C:\ProgramData\IObit\ASCDownloader  =>SUP.Optional.AdvancedSystemCare
ENCONTRADOS archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Claves, Valores, Datos) (12)
ENCONTRADOS clave: HKCU\Software\undefined [AdditionalScan 148]  =>.SUP.Downloader
ENCONTRADOS clave: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime [AdditionalScan 549]  =>Riskware.QuickTime
ENCONTRADOS clave: HKEY_USERS\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\GreenTree Applications []  =>.SUP.GreenTreeApp
ENCONTRADOS clave: HKCU\Software\GreenTree Applications []  =>.SUP.GreenTreeApp
ENCONTRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55595FB-4963-4EDD-87CB-2775CDBD59D2}\\NameServer [Bad : 1.1.1.1,1.0.0.1]  =>Hijacker.Browser
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico v9.3.2]  =>HackTool.KMSpico
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\GreenTree Applications []  =>.SUP.GreenTreeApp
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DF079D7-2A57-4710-81B1-064649FF86FC} [Slimware Utilities Holdings, Inc.]  =>.SUP.SlimWareUtilities
ENCONTRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{BC6B52AC-91C6-47D2-986C-9D92C1EE0A58} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
ENCONTRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{415D58E8-63CA-498B-85A6-B7BDE9778A4F} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
ENCONTRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{B853FC66-8E65-48C6-91CB-AB6C0AF02FCF} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico
ENCONTRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6EF73FBF-CD3B-449A-A0FF-43818C14CF13} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico


---\\  Resumen de elementos en su estación de trabajo (10)
https://nicolascoolman.eu/2017/12/01/sup-amazon1buttonapp/  =>.SUP.Amazon1ButtonApp
https://nicolascoolman.eu/2017/03/05/superfluous-pcspeeduppro/  =>SUP.Optional.PCSpeedUp
https://nicolascoolman.eu/2017/03/10/adware-amulecustom/  =>Adware.aMULEcustom
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>SUP.Optional.AdvancedSystemCare
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.GreenTreeApp
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/03/03/superfluous-slimwareutilities/  =>.SUP.SlimWareUtilities


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK


---\\ STATISTIQUES
~ Items escaneado : 100547
~ Items encontrado : 86
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h16mn44s

---\\  Reporte (0)
ZHPCleaner-[S]-01122019-19_26_59.txt

ZHPCleaner®:

~ ZHPCleaner v2019.11.22.160 by Nicolas Coolman (2019/11/22)
~ Run by SuperManolito (Administrator)  (01/12/2019 19:30:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\SuperManolito\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\SuperManolito\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (1)
BORRADOS: [kh2osx4e.default] - user_pref("extensions.webextensions.uuids", "{\"[email protected]\":\"7ec0f4f8-c323-4df8-a5c9-[...]  =>.SUP.Amazon1ButtonApp


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (14)
MOVIDO carpeta: C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default\browser-extension-data\[email protected]\storage.js    =>.SUP.Amazon1ButtonApp
MOVIDO carpeta: C:\Users\SuperManolito\AppData\Roaming\PCSUPERMANOLITO.MTBF.txt    =>SUP.Optional.PCSpeedUp
MOVIDO carpeta: C:\Program Files\KMSpico\KMSELDI.exe [@ByELDI - KMS GUI ELDI]  =>HackTool.KMSpico
MOVIDO carpeta: C:\Program Files\KMSpico\AutoPico.exe [@ByELDI - AutoPico]  =>HackTool.KMSpico
MOVIDO archivo: C:\Users\SuperManolito\AppData\Roaming\Mozilla\Firefox\Profiles\kh2osx4e.default\browser-extension-data\[email protected]  =>.SUP.Amazon1ButtonApp
MOVIDO archivo: C:\Program Files (x86)\DreaMule  =>Adware.aMULEcustom
MOVIDO archivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreaMule  =>Adware.aMULEcustom
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVIDO archivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVIDO archivo: C:\ProgramData\QuickTime  =>Riskware.QuickTime
MOVIDO archivo: C:\ProgramData\Application Data\IObit\ASCDownloader  =>SUP.Optional.AdvancedSystemCare
MOVIDO archivo: C:\ProgramData\IObit\ASCDownloader  =>SUP.Optional.AdvancedSystemCare
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Claves, Valores, Datos) (12)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B55595FB-4963-4EDD-87CB-2775CDBD59D2}\\NameServer [Bad : 1.1.1.1,1.0.0.1]  =>Hijacker.Browser
BORRADOS clave*: HKCU\Software\undefined [AdditionalScan 148]  =>.SUP.Downloader
BORRADOS clave^: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime [AdditionalScan 549]  =>Riskware.QuickTime
BORRADOS clave*: HKEY_USERS\S-1-5-21-2024249287-706838763-1820079567-1000\SOFTWARE\GreenTree Applications []  =>.SUP.GreenTreeApp
BORRADOS clave**: HKCU\Software\GreenTree Applications []  =>.SUP.GreenTreeApp
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico v9.3.2]  =>HackTool.KMSpico
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\GreenTree Applications []  =>.SUP.GreenTreeApp
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DF079D7-2A57-4710-81B1-064649FF86FC} [Slimware Utilities Holdings, Inc.]  =>.SUP.SlimWareUtilities
BORRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{BC6B52AC-91C6-47D2-986C-9D92C1EE0A58} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
BORRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{415D58E8-63CA-498B-85A6-B7BDE9778A4F} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
BORRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{B853FC66-8E65-48C6-91CB-AB6C0AF02FCF} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico
BORRADOS valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6EF73FBF-CD3B-449A-A0FF-43818C14CF13} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico


---\\  Resumen de elementos en su estación de trabajo (10)
https://nicolascoolman.eu/2017/12/01/sup-amazon1buttonapp/  =>.SUP.Amazon1ButtonApp
https://nicolascoolman.eu/2017/03/05/superfluous-pcspeeduppro/  =>SUP.Optional.PCSpeedUp
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/03/10/adware-amulecustom/  =>Adware.aMULEcustom
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>SUP.Optional.AdvancedSystemCare
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.GreenTreeApp
https://nicolascoolman.eu/2017/03/03/superfluous-slimwareutilities/  =>.SUP.SlimWareUtilities


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Opera OK
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 3038
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h00mn49s

---\\  Reporte (2)
ZHPCleaner-[S]-01122019-19_26_59.txt
ZHPCleaner-[R]-01122019-19_31_45.txt

Por desgracia sigo igual que al principio… A ver si soy capaz de ponerte aquí la imagen de lo que me sale (es siempre la misma Página) (además yo creo que hasta que se me abre el Chrome solo, aunque lo tenga cerrado después de un tiempo se me abre el Chrome y me sale esa Página):

Lo de la imagen lo había intentado el primer día, pero creo que por ser Usuario nuevo en el Foro no me dejaba, ¡a ver si ahora hay más suerte!

Gracias & Saludetes. :wink:

Y el log de Eset online?

¡Hola de nuevo!:

Perdón por el tiempo transcurrido sin pasarme por aquí… :frowning_face:

Pues bien, el caso es que me dio por pasar el Panda Cloud Cleaner ¡y ha sido mano de santo!

Por fin el dichoso virus ha desaparecido y ya no se me ha vuelto a abrir ninguna pestaña. :wink:

Mil gracias @Miguelgrado por el seguimiento de mi tema, tus prontas respuestas y supervisión y sabios consejos. :wink:

¡Gracias & Saludetes! :wink:

Pd. Se puede cerrar el Hilo. :wink:

Este tema se cerró automáticamente 2 días después de la última publicación. No se permiten nuevas respuestas.