hola muchas gracias aqui coloco los reportes este de malewarebytes;
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 21/12/18
Hora del análisis: 13:20
Archivo de registro: 118d524a-054d-11e9-a3eb-001b24b8a460.json
-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8211
Licencia: Prueba
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Carmela-PC\Carmela
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 167042
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 3 min, 22 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 1
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, En cuarentena, [6845], [251589],1.0.8211
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 1
HackTool.FilePatch, C:\PROGRAM FILES\NERO\NERO15PATCH.EXE, En cuarentena, [7809], [281135],1.0.8211
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
ahora el de adware
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-21-2018
# Duration: 00:00:04
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1257 octets] - [21/12/2018 13:33:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
ahora el de junkware
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x86
Ran by Carmela (Administrator) on 21/12/2018 at 15:19:55,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 29
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\Users\Carmela\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Carmela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\033S2MKW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R2XQA5N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TGQP4Q3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48X5S84O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68KHACWO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M9GZ0OJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLGAFN7F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOY18FYH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY50U1O0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKV6C93B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCSNV2OM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R74OBP6M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y06YXOSN (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/12/2018 at 15:29:02,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ahora del farbar
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.12.2018
Ran by Carmela (administrator) on CARMELA-PC (21-12-2018 23:18:22)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-03] (AVAST Software)
HKLM\...\Run: [YouCam Service] => C:\Program Files\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKLM\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2268624 2018-10-22] (Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-10-22] (WinZip Computing)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [455360 2018-10-22] (WinZip Computing, S.L.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiShortCutUpdate] => C:\AntiShortCut\AntiUsb.exe [934400 2014-06-01] (AutoIt Team)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AntiUsbShortCut] => C:\Windows\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe "C:\AntiShortCut\AntiUsbShortCut.zip" & exit
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [AvastBrowserAutoLaunch_9B8B7F100EFE775F07CF254237F2FF6F] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1826600 2018-11-16] (AVAST Software)
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14554696 2018-11-06] (Piriform Software Ltd)
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiShortCutUpdate.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbShortCutUpdate.lnk [2016-10-05]
ShortcutTarget: AntiUsbShortCutUpdate.lnk -> C:\AntiShortCut\AntiUsb.exe (AutoIt Team)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{33C14BE5-2735-4365-9A6B-D7219A686119}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Internet Explorer:
==================
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
HKU\S-1-5-21-1712796923-342591897-1552680142-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 0wvtwoq6.default
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default [2018-12-21]
FF Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\0wvtwoq6.default\Extensions\[email protected] [2018-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll [2016-07-28] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/"
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default [2018-12-21]
CHR Extension: (Presentaciones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-05]
CHR Extension: (Documentos) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-05]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-25]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-21]
CHR Extension: (Hojas de cálculo) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Avast Online Security) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKU\S-1-5-21-1712796923-342591897-1552680142-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-12-03] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-03] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-20] (AVAST Software)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel(R) Corporation)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-11] (Google Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [199320 2016-07-28] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [394904 2016-07-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows (R) Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-12-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-12-03] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-12-03] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-12-03] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-12-03] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183176 2018-12-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-12-03] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-12-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-12-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-12-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-12-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-12-03] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [1925632 2007-09-13] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2018-12-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2018-12-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2018-12-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2018-12-21] (Malwarebytes)
S3 NETw3v32; C:\Windows\System32\DRIVERS\NETw3v32.sys [2225664 2008-01-18] (Intel Corporation) [File not signed]
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [44544 2006-11-02] (Realtek Corporation) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-03] (Samsung Electronics) [File not signed]
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-16] (CyberLink Corp.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-21 23:18 - 2018-12-21 23:19 - 000018024 _____ C:\Users\Carmela\Desktop\FRST.txt
2018-12-21 23:18 - 2018-12-21 23:18 - 000000000 ____D C:\FRST
2018-12-21 23:15 - 2018-12-21 23:15 - 001778176 _____ (Farbar) C:\Users\Carmela\Desktop\FRST.exe
2018-12-21 23:08 - 2018-12-21 23:08 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-21 23:07 - 2018-12-21 23:19 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-21 23:07 - 2018-12-21 23:07 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-21 23:04 - 2018-12-21 23:04 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-21 15:29 - 2018-12-21 15:29 - 000005050 _____ C:\Users\Carmela\Desktop\JRT.txt
2018-12-21 13:32 - 2018-12-21 13:33 - 000000000 ____D C:\AdwCleaner
2018-12-21 13:27 - 2018-12-21 13:27 - 000001764 _____ C:\Users\Carmela\Downloads\reporte malwarebytes 21.12.18 1.13.txt
2018-12-21 13:17 - 2018-12-21 13:17 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbam
2018-12-21 13:15 - 2018-12-21 13:15 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-21 13:15 - 2018-12-21 13:15 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Users\Carmela\AppData\Local\mbamtray
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-21 13:15 - 2018-12-21 13:15 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-21 13:15 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-21 13:04 - 2018-12-21 13:04 - 000002510 _____ C:\Users\Carmela\Documents\cc_20181221_130441.reg
2018-12-21 11:29 - 2018-12-21 11:29 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Downloads\JRT (1).exe
2018-12-21 11:28 - 2018-12-21 11:28 - 007320272 _____ (Malwarebytes) C:\Users\Carmela\Desktop\adwcleaner_7.2.6.0.exe
2018-12-21 11:25 - 2018-12-21 11:28 - 081227760 _____ (Malwarebytes ) C:\Users\Carmela\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-21 11:24 - 2018-12-21 11:24 - 001790024 _____ (Malwarebytes) C:\Users\Carmela\Desktop\JRT.exe
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-18 13:30 - 2018-12-18 13:30 - 000101355 _____ C:\Users\Carmela\Downloads\18.04.23CampProjectLeaderJobDetails.pdf
2018-12-18 13:24 - 2018-12-18 13:24 - 000109330 _____ C:\Users\Carmela\Downloads\Depatment-Tax-Refund-November-2018-Id1287336.pdf
2018-12-18 13:22 - 2018-12-18 13:22 - 000109837 _____ C:\Users\Carmela\Downloads\HMRC_9292.pdf
2018-12-18 13:04 - 2018-12-18 13:04 - 000332740 _____ C:\Users\Carmela\Downloads\PERU_DEFINITIVO__Clausula_In_.pdf
2018-12-15 17:02 - 2018-12-15 17:02 - 000339459 _____ C:\Users\Carmela\Documents\expo11.pptx
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-14 09:38 - 2018-12-14 09:38 - 000008509 _____ C:\Users\Carmela\Downloads\20380456444-03-BA22-0000284.pdf
2018-12-06 00:46 - 2018-12-06 00:46 - 000412272 _____ C:\Users\Carmela\Documents\UNAS-UCPS Comercio Exterior.pptx
2018-12-05 19:51 - 2018-12-05 19:51 - 000120320 _____ C:\Users\Carmela\Downloads\CU-010-PVA-RAARE-2018.xls
2018-12-05 19:49 - 2018-12-05 19:49 - 000147461 _____ C:\Users\Carmela\Downloads\CM-013-SUP-RAARE-2018.xlsx
2018-12-05 19:48 - 2018-12-05 19:48 - 000236096 _____ C:\Users\Carmela\Downloads\CM-019-SUP-RAARE-2018.xlsx
2018-12-05 18:08 - 2018-12-05 18:08 - 001474158 _____ C:\Users\Carmela\Downloads\test2.pdf
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (3).xls
2018-12-05 16:34 - 2018-12-05 16:34 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (2).xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018.xls
2018-12-05 16:21 - 2018-12-05 16:21 - 000159744 _____ C:\Users\Carmela\Downloads\Ficha de Datos Virtual 2018 (1).xls
2018-12-05 10:38 - 2018-12-07 20:33 - 000000000 ____D C:\Users\Carmela\AppData\Local\ESET
2018-12-05 10:37 - 2018-12-05 10:38 - 006986872 _____ (ESET spol. s r.o.) C:\Users\Carmela\Downloads\esetonlinescanner_esl.exe
2018-12-03 23:54 - 2018-12-03 23:53 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-30 23:27 - 2018-11-30 23:27 - 000001930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000001830 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-11-30 23:27 - 2018-11-30 23:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2018-11-30 23:26 - 2018-12-03 16:11 - 000000000 ____D C:\Users\Carmela\AppData\Local\WinZip
2018-11-30 23:25 - 2018-11-30 23:26 - 000000000 ____D C:\Program Files\WinZip
2018-11-27 12:46 - 2018-11-27 12:46 - 001261829 _____ C:\Users\Carmela\Downloads\CLIMA ORGANIZACIONAL Y PRODUCTIVIDAD LABORAL.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:18 - 2009-07-13 23:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-21 23:14 - 2016-07-17 16:31 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-21 23:06 - 2018-04-20 11:29 - 000000000 ____D C:\Users\Carmela\AppData\Local\AVAST Software
2018-12-21 23:05 - 2016-07-18 19:41 - 000000000 ____D C:\Users\Carmela\Documents\Youcam
2018-12-21 23:02 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-21 13:26 - 2016-07-17 20:47 - 000000000 ____D C:\Program Files\Nero
2018-12-21 13:15 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2018-12-21 11:33 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-17 21:04 - 2016-07-17 21:47 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 21:04 - 2016-07-17 21:47 - 000002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-17 20:38 - 2016-07-17 21:38 - 000000000 ____D C:\Users\Carmela\AppData\Local\ElevatedDiagnostics
2018-12-17 12:27 - 2016-07-17 20:54 - 000000000 ____D C:\Users\Carmela\AppData\Roaming\Nitro PDF
2018-12-15 17:07 - 2011-01-22 05:22 - 000750828 _____ C:\Windows\system32\perfh00A.dat
2018-12-15 17:07 - 2011-01-22 05:22 - 000159838 _____ C:\Windows\system32\perfc00A.dat
2018-12-15 17:07 - 2010-11-20 16:01 - 001684772 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-14 09:32 - 2018-04-04 17:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-05 23:21 - 2016-07-17 16:31 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-05 23:21 - 2016-07-17 16:31 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-05 20:30 - 2016-10-05 01:05 - 000000000 _RSHD C:\AntiUsbShortCut
2018-12-05 20:30 - 2016-10-05 01:04 - 000000000 _RSHD C:\AntiShortCut
2018-12-05 10:42 - 2016-07-17 20:24 - 000000000 __RHD C:\MSOCache
2018-12-03 23:56 - 2018-03-05 18:12 - 000183176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-12-03 23:53 - 2018-10-30 21:02 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000284256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000188976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000167480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000165384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-12-03 23:53 - 2018-03-05 18:12 - 000057904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000784560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000397992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000310200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000156936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000135200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000100984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-12-03 23:53 - 2016-07-17 21:00 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-12-03 16:19 - 2016-07-18 19:10 - 000000000 ____D C:\Temp
2018-12-03 16:19 - 2009-07-13 21:37 - 000000000 ____D C:\PerfLogs
2018-12-03 16:01 - 2016-07-17 20:36 - 000000000 ____D C:\ProgramData\WinZip
2018-11-30 23:27 - 2009-07-13 21:04 - 000000532 _____ C:\Windows\win.ini
2018-11-30 23:18 - 2016-07-17 16:45 - 000000974 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-30 20:56 - 2017-02-10 18:18 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Adobe
2018-11-29 13:42 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-28 04:52 - 2018-07-13 18:13 - 000000000 ____D C:\Users\Carmela\AppData\LocalLow\Mozilla
2018-11-28 04:51 - 2018-07-13 18:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-27 10:39 - 2018-04-20 11:38 - 000002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-27 10:39 - 2018-04-20 11:38 - 000002339 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
==================== Files in the root of some directories =======
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{03785BBF-E784-444E-9FFD-538CF2309F33}
2018-12-18 20:05 - 2018-12-18 20:05 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{A50F792C-0BF5-4661-B5CF-CEBB1DF9F44A}
2018-12-15 10:44 - 2018-12-15 10:44 - 000000000 _____ () C:\Users\Carmela\AppData\Local\{BCBD2C34-FF33-4DD0-814C-6B48B7AA591E}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-14 09:19
==================== End of FRST.txt ============================
espero tu respuesta gracias de antemano