Virus en mi pc

#1

Buenas tardes, desde hace algunos dias he estado teniendo problemas con mi pc, primero no me abrian algunos programas como photoshop, teamviewer, etc. Se ejecutaban pero nunca aparecian en pantalla, luego mi internet no supera la velocidad de 1 mb cuando tengo 4 mb contratados, en otros dispositivos si da la velocidad completa.

Gracias, un saludo.

#2

Buenas @190009992233 bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

#3

Muchas gracias, publico los informes, quedo atento, un saludo.

Malwarebytes

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/5/19
Hora del análisis: 19:09
Archivo de registro: c3c6ec6a-71ee-11e9-8b0d-d017c2071437.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.10514
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.706)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-R5EOF8U\WILMER

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 354170
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 3 min, 50 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 1
PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, En cuarentena, [4571], [262040],1.0.10514

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner

 # ------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-08-2019
# Duration: 00:00:18
# OS:       Windows 10 Home Single Language
# Cleaned:  29
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Common Files\Tencent
Deleted       C:\ProgramData\Tencent
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\WILMER\AppData\Local\slimware utilities inc
Deleted       C:\Users\WILMER\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5005A2FF-BE74-421B-9571-0491C910C0AC}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C55693C6-7995-4552-BD2B-89AA0DA1B43A}
Deleted       HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted       HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted       HKLM\Software\Classes\METNSD
Deleted       HKLM\Software\Plumbytes Software
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\DownloadProxy.EXE
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKU\S-1-5-18\Software\ByteFence

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       Avira SafeSearch Plus

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4230 octets] - [08/05/2019 19:11:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-08-2019
# Duration: 00:00:35
# OS:       Windows 10 Home Single Language
# Scanned:  27198
# Detected: 29


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Program Files (x86)\Common Files\Tencent
PUP.Optional.Legacy             C:\ProgramData\Tencent
PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.Legacy             C:\Users\WILMER\AppData\Roaming\Tencent
PUP.Optional.SlimCleanerPlus    C:\Users\WILMER\AppData\Local\slimware utilities inc

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence          HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.ByteFence          HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence          HKU\S-1-5-18\Software\ByteFence
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5005A2FF-BE74-421B-9571-0491C910C0AC}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C55693C6-7995-4552-BD2B-89AA0DA1B43A}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
PUP.Optional.Legacy             HKLM\Software\Classes\METNSD
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\DownloadProxy.EXE
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
PUP.Optional.Plumbytes          HKLM\Software\Plumbytes Software

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy             Avira SafeSearch Plus

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#4

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by WILMER (Administrator) on mi‚. 08/05/2019 at 19:27:29,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate (Task)

Deleted the following from C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\prefs.js
user_pref(extensions.webextensions.uuids, {\[email protected]\:\ebe175ec-0f02-4267-8a07-ed18d6b3235d\,\[email protected]\:\c157b838-a515-4ea4-95d2-9fbc0ad1a490\,\



Registry: 0 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by WILMER (administrator) on DESKTOP-R5EOF8U (ASUSTeK COMPUTER INC. X455LF) (08-05-2019 19:33:08)
Running from C:\Users\WILMER\Desktop
Loaded Profiles: WILMER (Available Profiles: defaultuser0 & WILMER)
Platform: Windows 10 Home Single Language Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Chaos Software Ltd. -> ) [File not signed] C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\register-service.exe
(Chaos Software Ltd.) [File not signed] C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [706392 2017-12-19] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-04-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [329824 2019-03-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [Akamai NetSession Interface] => C:\Users\WILMER\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve -> Valve Corporation)
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [] => [X]
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {63319cba-b3a6-11e8-baed-3052cbebe2ae} - "E:\startme.exe" 
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {7d51b00c-2088-11e8-bace-3052cbebe2ae} - "E:\Startme.exe" 
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [3933296 2019-03-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-07] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2019-01-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Servidor de Red.lnk [2017-12-05]
ShortcutTarget: Servidor de Red.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {121FCCB8-D4B8-458F-BD2D-F6C64061B581} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B71275F-3567-40AD-ABAA-0C949C08162C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-03-09] (ASUSTeK Computer Inc. -> AsusTek)
Task: {2758476F-4575-433F-94A1-79DE2B31E648} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A6DA61E-BA7F-44EA-BF5B-727EF95C60D8} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-R5EOF8U-WILMER => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {3A1829B9-CDA2-4F05-AADB-70CF4DBF5661} - System32\Tasks\Avira\Safe Shopping\Launch => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [108688 2019-04-08] (Solute GmbH -> Avira)
Task: {4509E6BB-4840-4B97-8ED2-006C3969DD57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {54FFA1D9-CE04-4376-90BF-0518CC02E879} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5CA67C25-6C29-417D-8C64-CC1573BB2969} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CCEB479-F6A3-4CD4-853E-025D7F11660C} - System32\Tasks\Avira\Safe Shopping\Check => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [108688 2019-04-08] (Solute GmbH -> Avira)
Task: {73255ABA-A8D4-41F4-B7E1-9F8603B7492E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74D6F1DF-8AE2-4C2D-84CD-6B81637962F6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79E91943-F0A4-479C-8CA9-D91510F649E0} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A23D72D-C48C-431C-8132-A73D5A9BF44D} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-R5EOF8U-WILMER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {82260AB7-44E7-4136-B4BA-8A5CBBCC04BB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849448 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85AD621F-FF20-4238-BC3A-2011CB5D0E7F} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-R5EOF8U-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {87858714-0C60-4FB0-B679-6B33F9D0C006} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648232 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {931049D3-1A08-40F6-B8E9-E61548F3061A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98FFA84E-9A78-4176-9F3C-644AD781E637} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9DAE587A-3B7A-4E85-9513-73AEB180B562} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe)
Task: {A312F05E-8E5C-4BAC-A3A3-A1E529410595} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9B8E170-6056-4CA0-9F96-0BC496B3CC8C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [698400 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {AB4CAEEF-7DDC-45E4-8E92-DB205ECB7AD3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AD589FAF-709C-4305-B9F2-37D88AFE3CF6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BB494385-025C-49D2-B5C2-3AF2D20303CA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728936 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BCA0E883-5B02-4E04-9835-C19324545EA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-18] (Google Inc -> Google Inc.)
Task: {C9C8147F-0494-4582-9658-51259969C93C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-10] (Adobe Inc. -> Adobe)
Task: {D329AD0C-D32F-4BF7-929F-45091ED4B0B0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590888 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4FFE1A1-2ECD-4D59-A545-A48274D4BFCE} - no filepath
Task: {DAE82408-A873-4A12-9225-B665F7E375CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DB592963-E989-42B0-BEFB-DD8EF55120A8} - System32\Tasks\Avira\Safe Shopping\Update => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [108688 2019-04-08] (Solute GmbH -> Avira)
Task: {DC29FBA2-8E96-490F-8C99-5EFC387EFAEC} - no filepath
Task: {E89C4869-2186-4D78-980B-FF9C6B415040} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {EE5D7C02-0B34-4938-8DF2-928160E9B98D} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F397D058-D91A-4680-8AA6-734E49FCF55D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-18] (Google Inc -> Google Inc.)
Task: {F925D550-5817-46A1-A5E7-C425AFA70777} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {FF6585A1-D3DA-4AAA-AFF6-5F12130EE58C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{10e9e798-f254-4031-be23-28f7f374df1d}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6901b92d-54e4-4550-8d63-29b3f3f871c0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6d53eb1b-18e0-4cfe-9d8f-2f0bcfa811ec}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7a1c2745-4830-4a80-a4ea-856906b4145d}: [NameServer] 201.221.151.31,201.221.151.32
Tcpip\..\Interfaces\{7a1c2745-4830-4a80-a4ea-856906b4145d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-66125187-3135294938-1379978448-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-66125187-3135294938-1379978448-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)

Edge: 
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-02-28]

FireFox:
========
FF DefaultProfile: vfrelyve.default
FF ProfilePath: C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default [2019-05-08]
FF Extension: (Avira Browser Safety) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-04-27]
FF Extension: (Avira Navegación segura) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-01-07] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-05-07]
FF Extension: (Avira Password Manager) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-04-27]
FF Extension: (Avira Password Manager) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected]pi [2019-04-23]
FF Extension: (Avira SafeSearch Plus) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-04-27] [hxxps://package.avira.com/package/safesearch/firefox/update-plus2.json]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-02-04]
FF Extension: (Avast Online Security) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\[email protected] [2019-04-29]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF Extension: (Baidu Search Update) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\features\{bc3c1d59-e83e-4676-beab-21b37b5d07fb}\[email protected] [2019-05-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\WILMER\AppData\Local\Google\Chrome\User Data\Default [2019-05-08]
CHR Extension: (Presentaciones) - C:\Users\WILMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-26]
CHR Extension: (Avira Navegación segura) - C:\Users\WILMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-04-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\WILMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\WILMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-15]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-12-19] (Autodesk, Inc. -> Autodesk Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [908168 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [310688 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [246336 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [246336 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1180496 2019-05-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [466280 2019-04-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2980056 2019-04-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [373952 2019-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [104752 2019-04-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [9199512 2018-02-26] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-12-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [25720 2017-02-17] (Avira Operations GmbH & Co. KG -> Olof Lagerkvist)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781864 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665240 2019-02-26] (TeamViewer GmbH -> TeamViewer GmbH)
R2 vrswrm-service; C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\register-service.exe [90176 2019-04-07] (Chaos Software Ltd. -> ) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [75432 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [200992 2019-04-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [194136 2019-04-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-12-08] (Broadcom Corporation -> Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794376 2017-09-05] (Broadcom Corporation -> Broadcom Corp)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [214320 2015-12-08] (Broadcom Corporation -> Broadcom Corporation.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel(R) Software -> Intel Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34744 2019-02-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120 2016-12-19] (ASUSTeK Computer Inc. -> ASUS)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [95376 2017-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Olof Lagerkvist)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel(R) Software -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-08] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_a3d5bcc37ff12fed\nvlddmkm.sys [20747736 2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [257488 2018-02-26] (Quectel Wireless Solutions Co., Ltd. -> Quectel Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-27] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2016-12-20] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
U1 avgbdisk; no ImagePath
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
#5

FRST

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-08 19:32 - 2019-05-08 19:32 - 000000918 _____ C:\Users\WILMER\Desktop\JRT.txt
2019-05-08 19:28 - 2019-05-08 19:34 - 000034662 _____ C:\Users\WILMER\Desktop\FRST.txt
2019-05-08 19:28 - 2019-05-08 19:28 - 000000000 ____D C:\FRST
2019-05-08 19:26 - 2019-05-08 19:26 - 002430976 _____ (Farbar) C:\Users\WILMER\Desktop\FRST64.exe
2019-05-08 19:17 - 2019-05-08 19:17 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-08 19:10 - 2019-05-08 19:11 - 000000000 ____D C:\AdwCleaner
2019-05-08 19:08 - 2019-05-08 19:08 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-08 19:08 - 2019-05-08 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-08 19:08 - 2019-05-08 19:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-08 19:08 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-08 19:08 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-08 19:04 - 2019-05-08 19:04 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-08 18:43 - 2019-05-08 19:24 - 000000000 ____D C:\Users\WILMER\Desktop\programas
2019-05-08 18:35 - 2019-05-08 18:35 - 000895488 _____ C:\Users\WILMER\Desktop\Formatter_SiliconPower.exe
2019-05-08 17:56 - 2019-05-08 17:56 - 000000000 ____D C:\ProgramData\SystemAcCrux
2019-05-08 17:56 - 2019-05-08 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 13.5
2019-05-08 17:55 - 2019-05-08 17:55 - 000000000 ____D C:\Program Files (x86)\EaseUS
2019-05-08 17:55 - 2019-04-24 15:44 - 000132176 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2019-05-08 17:55 - 2019-04-24 15:41 - 005304912 _____ C:\WINDOWS\system32\BootMan.exe
2019-05-08 17:55 - 2019-04-24 15:41 - 003593296 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2019-05-08 17:55 - 2019-04-24 15:41 - 000022096 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2019-05-08 17:55 - 2019-04-24 15:41 - 000018512 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2019-05-08 17:55 - 2019-04-12 14:16 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\EPMVolFl.sys
2019-05-08 17:55 - 2019-04-12 14:16 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2019-05-08 17:55 - 2019-02-18 09:31 - 000034744 _____ C:\WINDOWS\system32\epmntdrv.sys
2019-05-08 17:40 - 2019-05-08 17:49 - 037952136 _____ (EaseUS ) C:\Users\WILMER\Desktop\epm_trial.exe
2019-05-08 10:56 - 2019-05-08 10:57 - 000642848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-07 16:38 - 2019-05-07 16:38 - 007278128 _____ C:\Users\WILMER\Desktop\Sin Título.pln
2019-05-07 16:37 - 2019-05-07 18:54 - 000827811 _____ C:\Users\WILMER\Desktop\casa.skb
2019-05-07 16:25 - 2019-05-07 19:10 - 000852766 _____ C:\Users\WILMER\Desktop\casa.skp
2019-05-07 13:59 - 2019-05-07 13:59 - 000000000 ____D C:\Users\WILMER\AppData\Local\ElevatedDiagnostics
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Specular.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Raw_Shadows.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Raw_Refraction.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Raw_Reflection.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Raw_Light.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Material_ID_Color.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Extra_Texture.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.effectsResult.tif
2019-05-05 13:42 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Denoiser.tif
2019-05-05 13:41 - 2019-05-05 13:42 - 014685474 _____ C:\Users\WILMER\Desktop\0.Diffuse.tif
2019-05-05 13:41 - 2019-05-05 13:41 - 014685474 _____ C:\Users\WILMER\Desktop\0.tif
2019-05-05 13:41 - 2019-05-05 13:41 - 014685474 _____ C:\Users\WILMER\Desktop\0.Alpha.tif
2019-05-03 18:40 - 2019-05-03 18:40 - 006600818 _____ C:\Users\WILMER\Desktop\Dam-2k.hdr
2019-05-03 18:23 - 2019-05-03 18:24 - 010711762 _____ C:\Users\WILMER\Desktop\vm_v2_030.skp
2019-05-03 15:41 - 2019-05-03 15:41 - 000000000 ____D C:\Users\WILMER\AppData\Local\ChaosGroup
2019-05-03 15:35 - 2019-05-03 15:35 - 020614559 _____ C:\Users\WILMER\Desktop\COCINA.3ds
2019-05-03 15:28 - 2019-05-03 15:28 - 000034312 _____ C:\Users\WILMER\Desktop\PHOTO+0018.skp
2019-05-03 12:50 - 2019-05-03 12:50 - 000659936 _____ C:\Users\WILMER\Desktop\Brizo-Odin_Black_Mechanical_Wide_Spread_Lavoratory_Faucet.skp
2019-05-03 00:08 - 2019-05-03 00:08 - 007739745 _____ C:\Users\WILMER\Desktop\Plane076.skp
2019-05-03 00:03 - 2019-05-03 00:03 - 003571334 _____ C:\Users\WILMER\Desktop\Maison_Sarah_Lavoine_Vadim_Wall_Lamp_mat(2).skp
2019-05-03 00:03 - 2019-05-03 00:03 - 001632320 _____ C:\Users\WILMER\Desktop\LUMINÁRIA+PENDENTE+CORDEL.skp
2019-05-03 00:01 - 2019-05-03 00:01 - 007792598 _____ C:\Users\WILMER\Desktop\pendente+industrial.skp
2019-05-02 23:59 - 2019-05-02 23:59 - 002571458 _____ C:\Users\WILMER\Desktop\STOR+ref+2930.skp
2019-05-02 22:55 - 2019-05-02 22:55 - 001794548 _____ C:\Users\WILMER\Desktop\coifa_ilha_vidro.skp
2019-05-02 22:52 - 2019-05-02 22:52 - 000013580 _____ C:\Users\WILMER\Desktop\Hood_5'.skp
2019-05-02 22:47 - 2019-05-02 22:47 - 000556010 _____ C:\Users\WILMER\Desktop\déco+moderne.skp
2019-05-02 22:45 - 2019-05-02 22:45 - 000265520 _____ C:\Users\WILMER\Desktop\SJÖPENNA++Table+lamp.skp
2019-05-02 22:33 - 2019-05-02 22:34 - 016018651 _____ C:\Users\WILMER\Desktop\kartell+masters+banqueta.skp
2019-05-02 21:33 - 2019-05-04 12:11 - 070078726 _____ C:\Users\WILMER\Desktop\COCINA.skb
2019-05-02 21:24 - 2019-05-02 21:24 - 002081994 _____ C:\Users\WILMER\Desktop\Fogão+Brastemp+-+MARCOS.skp
2019-05-02 21:12 - 2019-05-02 21:12 - 000276898 _____ C:\Users\WILMER\Desktop\fridge.skp
2019-05-02 20:45 - 2019-05-05 15:16 - 070223192 _____ C:\Users\WILMER\Desktop\COCINA.skp
2019-05-02 14:40 - 2019-05-02 20:48 - 020511840 _____ C:\Users\WILMER\Desktop\COCINA.pln
2019-05-02 14:40 - 2019-05-02 17:48 - 019996592 _____ C:\Users\WILMER\Desktop\COCINA.bpn
2019-05-02 14:32 - 2012-08-11 18:40 - 024471246 _____ C:\Users\WILMER\Desktop\Oven N110812.gsm
2019-05-01 14:49 - 2019-05-01 14:08 - 001929130 _____ C:\Users\WILMER\Desktop\Data.lol
2019-04-28 21:47 - 2019-04-28 21:47 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2019-04-28 21:47 - 2019-04-17 13:56 - 000200992 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-04-28 21:47 - 2019-04-03 16:52 - 000194136 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-04-28 21:47 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2019-04-28 21:47 - 2019-03-20 18:50 - 000075432 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2019-04-28 21:47 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-04-28 21:47 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2019-04-28 21:47 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys
2019-04-27 00:14 - 2019-05-08 11:03 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-04-27 00:12 - 2019-04-27 00:12 - 000001265 _____ C:\Users\Public\Desktop\Avira.lnk
2019-04-26 23:59 - 2019-04-26 23:59 - 005925976 _____ (Avira Operations GmbH & Co. KG) C:\Users\WILMER\Desktop\avira_es_fass0_1808068681-1556341151__ws.exe
2019-04-26 22:55 - 2019-04-26 22:55 - 000002836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2019 (32 Bit).lnk
2019-04-26 21:24 - 2019-04-26 22:50 - 000000000 ____D C:\Users\WILMER\Downloads\Adobe.Illustrator.CC.2019.23.0.1.540.x86.Multi.WIN
2019-04-26 21:24 - 2019-04-26 21:24 - 000000000 ____D C:\Users\WILMER\AppData\Local\BitTorrentHelper
2019-04-25 16:54 - 2019-04-25 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray Next for 3ds Max 2018
2019-04-25 16:51 - 2019-04-25 16:51 - 000000000 ____D C:\Users\WILMER\Downloads\VR_41002_m2018-2019 FULL CRACK
2019-04-24 13:37 - 2019-04-24 13:37 - 000000000 ____D C:\Users\WILMER\AppData\Local\SmartView2
2019-04-24 13:36 - 2019-04-24 13:36 - 000000000 ____D C:\Program Files (x86)\Smart View
2019-04-21 23:40 - 2019-04-22 00:52 - 1062539095 _____ C:\Users\WILMER\Downloads\VR_41002_m2018-2019 FULL CRACK.rar
2019-04-19 21:23 - 2019-04-19 21:23 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\SUPERAntiSpyware.com
2019-04-19 21:23 - 2019-04-19 21:23 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-04-19 20:22 - 2019-04-19 20:22 - 000000000 ___HD C:\$AV_AVG
2019-04-19 18:12 - 2019-04-10 09:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-04-19 18:12 - 2019-04-10 09:54 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-04-19 18:12 - 2019-04-10 09:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-19 18:12 - 2019-04-10 09:54 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-04-19 18:12 - 2019-04-10 09:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-19 18:12 - 2019-04-10 09:54 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-04-19 18:12 - 2019-04-10 09:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-19 18:12 - 2019-04-10 09:54 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-04-19 18:12 - 2019-04-10 09:53 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-04-19 18:12 - 2019-04-10 09:53 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 040421064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 035268296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 005276064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 004625552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 002033112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 001734288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6442531.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 001536144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6442531.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 001465432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 001130584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 000668664 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 000631896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 000534936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-04-19 18:12 - 2019-04-10 09:52 - 000522144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-04-19 18:12 - 2019-04-10 06:52 - 010320528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-04-19 18:12 - 2019-04-10 06:52 - 008785944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-04-19 18:12 - 2019-04-10 06:52 - 001169120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-04-19 18:12 - 2019-04-10 06:52 - 000915088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-04-19 18:12 - 2019-04-10 06:51 - 020107920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-04-19 18:12 - 2019-04-10 06:51 - 017432992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-04-19 18:12 - 2019-04-10 06:51 - 004304672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-04-19 18:12 - 2019-04-10 06:51 - 000794440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-04-19 18:12 - 2019-04-10 06:51 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-04-19 13:15 - 2019-04-19 13:15 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-04-19 13:15 - 2019-04-19 13:15 - 000001764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-04-17 20:14 - 2019-04-17 20:14 - 001070232 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2019-04-17 20:14 - 2019-04-17 20:14 - 001010720 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCHRT20.OCX
2019-04-17 20:14 - 2019-04-17 20:14 - 000224016 ___RS (Microsoft Corporation) C:\WINDOWS\SysWOW64\TABCTL32.OCX
2019-04-17 20:14 - 2019-04-17 20:14 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TMAC v6.lnk
2019-04-17 20:14 - 2019-04-17 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6
2019-04-17 20:14 - 2019-04-17 20:14 - 000000000 ____D C:\Program Files (x86)\Technitium
2019-04-17 19:59 - 2019-04-17 19:59 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Skatter
2019-04-15 20:22 - 2019-04-15 20:22 - 000000000 ____D C:\Users\WILMER\Documents\Sony
2019-04-15 20:22 - 2019-04-15 20:22 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Apple Computer
2019-04-15 19:42 - 2019-04-17 12:51 - 000000000 ____D C:\Program Files (x86)\KingRoot
2019-04-15 19:42 - 2019-04-15 19:42 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\KingRoot
2019-04-15 19:40 - 2019-04-15 19:41 - 033292096 _____ (KingRoot ) C:\Users\WILMER\Documents\KingRootSetup_v3.5.0.1157_105203.exe
2019-04-15 12:48 - 2019-05-03 12:40 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Adobe
2019-04-12 13:01 - 2019-04-19 21:05 - 000000077 _____ C:\WINDOWS\system32\Drivers\avgSP.sys.sum
2019-04-10 13:29 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 13:29 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 13:29 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 13:29 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 13:29 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 13:29 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 13:29 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 13:29 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 13:29 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 13:29 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 13:29 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 13:29 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 13:29 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 13:29 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 13:29 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 13:29 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 13:29 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 13:29 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 13:29 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 13:29 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 13:29 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 13:29 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 13:29 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 13:29 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 13:29 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 13:29 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 13:29 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 13:29 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 13:29 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 13:29 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 13:29 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 13:29 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 13:29 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 13:29 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 13:29 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 13:29 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 13:29 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 13:29 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 13:29 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 13:29 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 13:29 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 13:29 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 13:29 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 13:29 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 13:29 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 13:29 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 13:29 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 13:29 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 13:29 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 13:29 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 13:29 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 13:29 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 13:29 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 13:29 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 13:29 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 13:29 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 13:29 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 13:29 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 13:29 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 13:29 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 13:29 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 13:29 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 13:29 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 13:29 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 13:29 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 13:29 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 13:29 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 13:29 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 13:29 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 13:29 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 13:29 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 13:29 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 13:29 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 13:29 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 13:29 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 13:29 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 13:29 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 13:29 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 13:29 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 13:29 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 13:29 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 13:29 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 13:29 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 13:29 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 13:29 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 13:29 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 13:29 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 13:29 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 13:29 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 13:29 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 13:29 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 13:29 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 13:29 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 13:29 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 13:29 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 13:29 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 13:29 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 13:29 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 13:29 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 13:29 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 13:29 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 13:29 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 13:29 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 13:29 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 13:29 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 13:29 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 13:29 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 13:29 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 13:29 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 13:29 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 13:29 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 13:29 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 13:29 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 13:29 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 13:29 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 13:29 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 13:29 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 13:29 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 13:29 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 13:29 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 13:29 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 13:29 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 13:29 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 13:28 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 13:28 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 13:28 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 13:28 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 13:28 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 13:28 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 13:28 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 13:28 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 13:28 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 13:28 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 13:28 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 13:28 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 13:28 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 13:28 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 13:28 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 13:28 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 13:28 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 13:28 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 13:28 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 13:28 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 13:28 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 13:28 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 13:28 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 13:28 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 13:28 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 13:28 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 13:28 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 13:28 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 13:28 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 13:28 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 13:28 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 13:28 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 13:28 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 13:28 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 13:28 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 13:28 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 13:28 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 13:28 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 13:28 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 13:28 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 13:28 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 13:28 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 13:28 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 13:28 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 13:28 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 13:28 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 13:28 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 13:28 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 13:28 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 13:28 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 13:28 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 13:28 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 13:28 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 13:28 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 13:28 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 13:28 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 13:28 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 13:28 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 13:28 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 13:28 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 13:28 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 13:28 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 13:28 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 13:28 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 13:28 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 13:28 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 13:28 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 13:28 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 13:28 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 13:28 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 13:28 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 13:28 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 13:28 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 13:28 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 13:28 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 13:28 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 13:28 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 13:28 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 13:28 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 13:28 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 13:28 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 13:28 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 10:13 - 2019-04-19 13:24 - 000000000 ____D C:\Users\WILMER\Documents\Real_Light_HDRi_Muestra_Gratuita_4K

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-08 19:33 - 2017-11-14 22:05 - 000000000 ____D C:\Users\WILMER\AppData\LocalLow\Mozilla
2019-05-08 19:29 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-08 19:29 - 2017-11-15 09:57 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-08 19:24 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-08 19:23 - 2018-05-20 11:13 - 000004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3950DC0C-177F-4E2F-B28C-72E6FDA2148F}
2019-05-08 19:21 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-08 19:20 - 2017-12-07 19:53 - 000000000 ____D C:\Users\WILMER\AppData\Local\CrashDumps
2019-05-08 19:18 - 2017-11-15 09:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-08 19:18 - 2017-11-14 22:13 - 000000000 __SHD C:\Users\WILMER\IntelGraphicsProfiles
2019-05-08 19:16 - 2018-05-20 11:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-08 19:15 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-08 19:08 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-08 19:06 - 2018-06-13 19:35 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\uTorrent
2019-05-08 19:05 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-08 19:04 - 2018-05-20 11:13 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-08 18:33 - 2018-05-20 10:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-08 10:59 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-08 10:57 - 2019-03-12 11:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-08 10:56 - 2019-02-24 10:39 - 000000000 ____D C:\Users\WILMER\AppData\Local\AVG
2019-05-08 10:56 - 2019-02-24 10:26 - 000000000 ____D C:\ProgramData\AVG
2019-05-08 10:56 - 2018-02-20 21:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-08 10:56 - 2018-02-20 21:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-07 19:54 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-07 17:47 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-07 14:06 - 2017-12-05 14:46 - 000000000 ____D C:\Users\WILMER\GRAPHISOFT
2019-05-07 12:41 - 2019-03-26 11:34 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-06 11:25 - 2018-02-20 21:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-03 20:50 - 2018-11-02 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-05-02 12:13 - 2018-01-14 12:28 - 000000000 ____D C:\Fraps
2019-04-30 18:40 - 2017-12-20 10:42 - 000000000 ____D C:\Users\WILMER\AppData\Local\Packages
2019-04-28 21:47 - 2018-11-02 22:37 - 000000000 ____D C:\ProgramData\Avira
2019-04-28 21:47 - 2017-11-17 19:55 - 000000000 ____D C:\Program Files (x86)\Avira
2019-04-28 18:40 - 2018-05-20 11:13 - 000003684 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-R5EOF8U-WILMER
2019-04-27 21:30 - 2018-03-16 19:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-27 16:47 - 2018-05-20 15:26 - 000000000 ____D C:\Users\WILMER\AppData\Local\D3DSCache
2019-04-27 12:15 - 2019-04-01 15:32 - 000000000 ____D C:\ProgramData\Adobe
2019-04-27 00:49 - 2019-04-01 15:32 - 000000000 ____D C:\Users\WILMER\AppData\Local\Adobe
2019-04-27 00:44 - 2018-05-20 11:13 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-27 00:43 - 2018-02-20 10:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-27 00:18 - 2018-11-02 22:53 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2019-04-27 00:17 - 2018-11-03 00:53 - 000000000 ____D C:\Users\WILMER\AppData\Local\Avira
2019-04-27 00:17 - 2018-05-20 11:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2019-04-27 00:11 - 2019-03-12 00:27 - 000024576 _____ C:\TUHistoryManager2.db.bak
2019-04-27 00:11 - 2019-03-12 00:27 - 000024576 _____ C:\TUHistoryManager2.db
2019-04-27 00:11 - 2019-03-12 00:27 - 000008192 _____ C:\TUActionCenter.db.bak
2019-04-27 00:11 - 2019-03-12 00:27 - 000008192 _____ C:\TUActionCenter.db
2019-04-27 00:11 - 2019-02-26 22:33 - 001012607 _____ C:\lsdb2.json
2019-04-27 00:11 - 2018-11-11 20:08 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-27 00:11 - 2017-11-15 13:22 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-26 22:53 - 2017-11-15 13:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-04-26 22:38 - 2019-04-07 20:03 - 000002586 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-04-26 22:38 - 2018-11-11 20:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-26 22:38 - 2018-11-07 12:16 - 000003152 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:16 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:15 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:15 - 000003196 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:15 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:15 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-11-07 12:15 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-07-07 17:46 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-66125187-3135294938-1379978448-1003
2019-04-26 22:38 - 2018-06-20 10:17 - 000002854 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-66125187-3135294938-1379978448-1001
2019-04-26 22:38 - 2018-05-20 11:13 - 000003778 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-26 22:38 - 2018-05-20 11:13 - 000003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-26 22:38 - 2018-05-20 11:13 - 000003454 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-26 22:38 - 2018-05-20 11:13 - 000003258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-26 22:38 - 2018-05-20 11:13 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-05-20 11:13 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-05-20 11:13 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-05-20 11:13 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-26 22:38 - 2018-05-20 11:13 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-26 19:42 - 2019-02-26 22:33 - 001012607 _____ C:\lsdb2.json.old
2019-04-26 19:42 - 2019-02-26 22:33 - 000015048 _____ C:\swh_stats.json
2019-04-25 17:06 - 2019-04-07 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2019-04-25 17:06 - 2017-12-07 18:28 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup
2019-04-25 14:56 - 2019-03-02 11:33 - 000000000 ____D C:\dwjobs
2019-04-20 13:27 - 2017-11-14 22:52 - 000000000 ____D C:\Users\WILMER\AppData\Local\NVIDIA
2019-04-19 19:11 - 2019-01-04 17:19 - 000000000 ____D C:\Users\WILMER\Documents\Renders
2019-04-19 19:10 - 2018-04-01 22:34 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\WhatsApp
2019-04-19 19:10 - 2018-04-01 22:34 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-04-19 19:10 - 2018-04-01 22:34 - 000000000 ____D C:\Users\WILMER\AppData\Local\WhatsApp
2019-04-19 19:10 - 2018-01-27 15:26 - 000000000 ____D C:\ProgramData\Razer
2019-04-19 19:10 - 2018-01-27 15:26 - 000000000 ____D C:\Program Files (x86)\Razer
2019-04-19 19:09 - 2018-01-27 15:29 - 000000000 ____D C:\Users\WILMER\AppData\Local\Razer
2019-04-19 19:08 - 2018-01-11 16:59 - 000000000 ____D C:\Program Files\Autodesk
2019-04-19 19:04 - 2018-04-21 18:04 - 000000000 ____D C:\Users\WILMER\AppData\Local\Bluestacks
2019-04-19 13:59 - 2018-05-20 10:52 - 000002400 _____ C:\Users\WILMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-19 13:59 - 2017-11-14 21:56 - 000000000 ___RD C:\Users\WILMER\OneDrive
2019-04-17 21:13 - 2018-11-25 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-04-17 20:52 - 2017-11-15 09:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-17 20:51 - 2017-11-15 09:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-17 20:51 - 2017-11-14 22:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-17 20:11 - 2019-03-30 16:36 - 000000000 ____D C:\ProgramData\Skatter
2019-04-17 19:59 - 2017-12-07 17:02 - 000000000 ____D C:\ProgramData\SketchUp
2019-04-17 13:49 - 2018-04-12 23:52 - 000000000 ____D C:\Program Files (x86)\Wondershare
2019-04-17 13:49 - 2017-12-17 21:27 - 000000000 ____D C:\Program Files (x86)\Colasoft MAC Scanner 2.3
2019-04-17 13:48 - 2018-04-12 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-04-17 12:58 - 2019-01-02 22:07 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\SecondLife
2019-04-17 12:53 - 2019-01-20 19:46 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Movienizer
2019-04-17 12:51 - 2018-09-15 18:37 - 000000000 ____D C:\Users\WILMER\AppData\Local\Enscape
2019-04-17 12:48 - 2018-01-31 09:51 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Abvent_Artlantis6
2019-04-17 12:48 - 2018-01-31 09:41 - 000000000 ____D C:\Program Files\Artlantis Studio 6.5
2019-04-17 12:47 - 2017-12-05 14:48 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\MAXON
2019-04-17 12:47 - 2017-12-05 14:46 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\GRAPHISOFT
2019-04-17 12:47 - 2017-12-05 12:31 - 000000000 _____ C:\WINDOWS\vpd.properties
2019-04-17 12:47 - 2017-12-05 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2019-04-17 12:47 - 2017-12-05 12:25 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\Install.GS
2019-04-16 19:47 - 2019-02-09 21:34 - 000000000 ____D C:\Users\WILMER\Downloads\Vray 3.40.04 for SketchUp 2017
2019-04-16 19:47 - 2019-01-29 15:12 - 000000000 ____D C:\Users\WILMER\Downloads\GRAPHISOFT ARCHICAD 22 Build 5009 + Crack [KolomPC]
2019-04-15 20:22 - 2018-01-11 18:09 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-04-15 10:49 - 2018-04-18 22:41 - 000000000 ____D C:\Users\WILMER\AppData\Local\Google
2019-04-11 21:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-11 06:29 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-11 06:29 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-11 06:29 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 22:14 - 2019-02-24 13:16 - 000000000 ____D C:\log
2019-04-10 21:35 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-10 13:28 - 2017-11-15 02:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 13:24 - 2017-11-15 02:08 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-10 06:51 - 2018-01-20 15:24 - 005045704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-04-09 08:40 - 2018-01-20 15:24 - 000049910 _____ C:\WINDOWS\system32\nvinfo.pb
2019-04-09 06:43 - 2017-11-15 09:57 - 005365744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 000651576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-04-09 06:43 - 2017-11-15 09:57 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-04-09 05:08 - 2017-11-15 09:57 - 008530822 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2018-01-26 21:00 - 2018-01-26 21:00 - 000000286 _____ () C:\ProgramData\fontcacheev1.dat
2017-11-15 13:51 - 2019-03-18 10:04 - 000000033 _____ () C:\Users\WILMER\AppData\Roaming\AdobeWLCMCache.dat
2018-09-27 16:52 - 2018-12-06 12:25 - 000000205 _____ () C:\Users\WILMER\AppData\Local\oobelibMkey.log
2018-11-02 22:18 - 2018-11-02 22:35 - 000007601 _____ () C:\Users\WILMER\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
#6

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by WILMER (08-05-2019 19:35:14)
Running from C:\Users\WILMER\Desktop
Windows 10 Home Single Language Version 1803 17134.706 (X64) (2018-05-20 16:15:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-66125187-3135294938-1379978448-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-66125187-3135294938-1379978448-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-66125187-3135294938-1379978448-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-66125187-3135294938-1379978448-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-66125187-3135294938-1379978448-504 - Limited - Disabled)
WILMER (S-1-5-21-66125187-3135294938-1379978448-1001 - Administrator - Enabled) => C:\Users\WILMER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\uTorrent) (Version: 3.5.5.45146 - BitTorrent Inc.)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Actualización de NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.0.421 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_1) (Version: 22.0.1 - Adobe Systems Incorporated)
Adobe Illustrator CC 2019 (32 Bit) (HKLM-x32\...\ILST_23_0_1_32) (Version: 23.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version:  - Alien Skin)
Aplicación de escritorio de Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Aplicaciones destacadas de Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
ARCHICAD 22 R1 SPA (HKLM\...\ARCHICAD 22.0 SPA FULL R1 1) (Version: 22.0.0.3009 - GRAPHISOFT SE)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
AutoCAD 2018 - Español (Spanish) (HKLM\...\{28B89EEF-1001-040A-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018  Language Pack - Español (Spanish) (HKLM\...\{28B89EEF-1001-040A-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk 3ds Max 2018 (HKLM\...\{52B37EC7-D836-0410-0764-3C24BCED2010}) (Version: 20.0.0.966 - Autodesk) Hidden
Autodesk 3ds Max 2018 (HKLM\...\Autodesk 3ds Max 2018) (Version: 20.0.0.966 - Autodesk)
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - Español (Spanish) (HKLM\...\AutoCAD 2018 - Español (Spanish)) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Backburner 2018.0 (HKLM-x32\...\{0038F5AA-8482-4BB2-8A28-3FEA1D58D78A}) (Version: 18.0.0.0 - Autodesk)
Autodesk Civil View for 3ds Max 2018 64-bit (HKLM\...\{51C8EDF7-FFDA-430A-8B5E-1895FF14ACB7}) (Version: 20.0.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2018 (HKLM\...\{1984E20A-184B-4073-87F4-6755F3EE5769}) (Version: 20.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2018 (HKLM-x32\...\{6EC5DA32-D02D-47D4-A3C4-988C1BC1A5FE}) (Version: 16.11.1.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2018 (HKLM\...\{0BB716E0-1800-0610-0000-097DC2F354DF}) (Version: 18.0.0.412 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2018 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2018) (Version: 18.0.0.412 - Autodesk)
Avira (HKLM-x32\...\{2504137A-5E42-4340-8F34-2086B49FBD1A}) (Version: 1.2.133.21088 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{b3f1f775-e558-4660-a503-9129ae9d7310}) (Version: 1.2.133.21088 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.45.1214 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.23.1.32633 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 1.9.1.1886 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{B36F43B7-750E-4023-A5D9-32E6D062F468}) (Version: 1.1.28.3798 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{6D485478-BEB3-43F2-83C0-75CD673D0E3A}) (Version: 2.0.6.13424 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 5.4.3.10308 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
CodeMeter Runtime Kit v6.60a (HKLM\...\{34F620A7-AAD8-4C48-8ED6-9A8E7F894D15}) (Version: 6.60.2878.501 - WIBU-SYSTEMS AG)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.52 - Conexant)
Corona Renderer for 3ds Max (HKLM\...\CoronaForMax) (Version: 2 - Render Legion a.s.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
EaseUS Partition Master 13.5 (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.22.5 - Google Inc.) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 22.0 GEN FULL R1 1) (Version: 2018.2.1534.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 SPA FULL R1 1) (Version: 20.0.0.4590 - GRAPHISOFT SE)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Laubwerk Plants (HKLM\...\Laubwerk) (Version: 1.0.27 - Laubwerk GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 66.0.4 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.4 (x64 es-ES)) (Version: 66.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.18 - DxO)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de gráficos 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA mental ray and IRay feature plugins for 3ds Max 2018 (HKLM\...\{C76BBD60-09DB-43B3-B5B0-BF00C80B500C}) (Version: 19.0.0.0 - Autodesk)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Panel de control de NVIDIA 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 425.31 - NVIDIA Corporation) Hidden
Photoshop Cs6 versión Final (HKLM-x32\...\{5CF1F901-ED27-4C34-A9CE-A10E8C1DDDB2}_is1) (Version: Final - Braian Urzagaste)
Skatter version 1.4.7 (HKLM-x32\...\{76AA4711-86EB-4AEA-9ECD-19B4AE1D9D07}_is1) (Version: 1.4.7 - Thomas Hauchecorne)
SketchUp 2019 (HKLM\...\{0FB756F3-A84B-E5F8-387F-B9F186E6D497}) (Version: 19.0.685.20289 - Trimble, Inc.)
Skype versión 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{5F8A3D28-643E-4062-80C9-37AD463EB61D}) (Version: 1.0.0.0 - Samsung )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.18533 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
V-Ray for 3dsmax 2018 for x64 (HKLM\...\V-Ray for 3dsmax 2018 for x64) (Version: 4.10.02 - Chaos Software Ltd)
V-Ray for SketchUp (HKLM\...\V-Ray for SketchUp) (Version: 4.00.01 - Chaos Software Ltd)
V-Ray Swarm (HKLM\...\V-Ray Swarm) (Version: 1.4.3 - Chaos Software Ltd)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-31699E65CFFE} -> [Creative Cloud Files] => C:\Users\WILMER\Creative Cloud Files [2019-03-01 11:43]
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{8be1f80b-ea9a-a1bc-858d-7f0b27518d4d2}\InprocServer32 -> 0x573999294E4DD401CA1DF33F1CEED4017F0000009501000000000000 => No File
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} =>  -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} =>  -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2017-02-02] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-02] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-03-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-03-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-03-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-07 20:56 - 2019-04-07 20:56 - 000174592 _____ () [File not signed] \\?\C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\node_modules\ffi\build\Release\ffi_bindings.node
2019-04-07 20:56 - 2019-04-07 20:56 - 000163328 _____ () [File not signed] \\?\C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\node_modules\ref\build\Release\binding.node
2019-04-07 20:56 - 2019-04-07 20:56 - 000204800 _____ () [File not signed] \\?\C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\node_modules\v8-profiler\build\profiler\v5.6.5\node-v48-win32-x64\profiler.node
2019-04-07 20:56 - 2019-04-07 20:56 - 000090176 _____ (Chaos Software Ltd. -> ) [File not signed] C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\register-service.exe
2019-04-07 20:56 - 2019-04-07 20:56 - 006529536 _____ (Chaos Software Ltd.) [File not signed] C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2019-01-29 17:28 - 000002029 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 platform.wondershare.com
127.0.0.1        wit-ams-cloudservice.cloudapp.net
127.0.0.1        licensemanager.graphisoft.com
127.0.0.1        licensemanager-test.graphisoft.com
127.0.0.1        bimx-api.graphisoft.com
127.0.0.1        licensemanager-subtest.graphisoft.com
127.0.0.1        graphisoftid-subtest.graphisoft.com
127.0.0.1        graphisoftid-test.graphisoft.com
127.0.0.1        graphisoftid.graphisoft.com
127.0.0.1        ruleservice-api-subscr-test.graphisoft.com
127.0.0.1        ruleservice-api-test.graphisoft.com
127.0.0.1        ruleservice-api.graphisoft.com
127.0.0.1        license-manager-api.azurewebsites.net
127.0.0.1        waws-prod-am2-069.vip.azurewebsites.windows.net
127.0.0.1        waws-prod-am2-069.cloudapp.net
127.0.0.1        e5486.g.akamaiedge.net
127.0.0.1        e8218.dscb1.akamaiedge.net
127.0.0.1        par10s22-in-f232.1e100.net
127.0.0.1        par10s28-in-f8.1e100.net
127.0.0.1        par10s34-in-f8.1e100.net
127.0.0.1        gs-com.cloudapp.net
127.0.0.1        usagelogger.graphisoft.com
127.0.0.1        poneytelecom.eu
127.0.0.1        swupdate.graphisoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files (x86)\Autodesk\Backburner\
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\WILMER\Desktop\g5fUxWupgKTSqV3cHSx0QdGT2tB.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Servidor de Red.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{7C1B647F-8D35-4BC6-9430-5C4A6A67A8FC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D7A2E4C6-0410-447F-B976-0E19B4327583}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{067764A1-CEA0-472A-8988-BCC0309330EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F3B77FED-51C0-4A91-9A83-F90E29ACD00F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28D62916-A519-43A2-8D83-48A03A9D49CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E974921F-C8C2-4B9F-99CD-C77B3A9CC2E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{620B09ED-758A-41A1-BFA6-CFF601EE201E}C:\users\wilmer\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\wilmer\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{44B1C920-7DB2-436A-87B0-8DDA9C4EECC5}C:\users\wilmer\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\wilmer\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{F89FC253-D2F5-4478-8B94-7A7105F01CC8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEB23E23-9AC2-43BE-84B4-6AE9AE8C2AFB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{ED82899B-A262-48C7-8D93-A9C5A312B836}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{018A80FE-19C9-4A77-A336-81AC2DABD365}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [TCP Query User{C7C918BF-1E83-4C11-8BF7-335E95F0E47F}C:\users\wilmer\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\wilmer\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{CB26709A-B221-46B1-871A-060D404CEF42}C:\users\wilmer\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\wilmer\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{4BE5AD42-E8A7-44D0-81DD-5ACF49AF363A}] => (Allow) C:\Users\WILMER\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DF9462B0-7DBF-429C-B902-662A92EAA686}] => (Allow) C:\Users\WILMER\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{54762C65-AA6B-4D3B-965B-56D29173A4B7}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{459F9727-7227-45BE-A5C8-52B1A1E445AF}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{2CDD4E8E-E170-4D54-AA70-486EB2052AB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{803A9ECA-4663-49B3-986D-6A7EEB4280B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A748F847-4C85-4412-BABC-705BF4C90AE9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{140FD952-5B4D-4995-BC72-1F01E5194194}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{6728DBB9-6412-4A8C-A34B-99EA8C6AF628}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{A23E1EE9-3ABC-459C-B043-0941861D9768}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 22\ARCHICAD.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{A0D64421-2109-42FD-A55D-1A7C06CE952D}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 22\CineRender\CineRenderNEM.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{4E879FB1-357F-4B5A-8331-D3BF7047A624}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 22\BIMxUploader.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{F8BD97EB-4309-49DD-88C5-BA8E47A64C81}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 22\OverwatchServer.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{675C8425-315A-41DF-BD3E-27D19E52F3FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{781340AE-44B0-4977-950B-D1B19058198D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{63CF286A-E709-436B-9B90-2FD31337C304}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3E7B1E49-7FFA-4FFA-BE30-5049CDDCE870}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1CB9B2F8-1CDB-4E36-83C7-2807C899320B}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe (Chaos Software, Ltd) [File not signed]
FirewallRules: [{63488738-5489-4262-B7A9-5698597FFAD1}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe (Chaos Software, Ltd) [File not signed]
FirewallRules: [{0AB6937F-9652-4455-A073-F03588DD1851}] => (Allow) LPort=20208
FirewallRules: [{88830544-3D9D-4821-A44D-1A8A2D58B9B7}] => (Allow) LPort=20208
FirewallRules: [{41C9D5D4-8B2C-46B3-95D5-9C4C2087BBAA}] => (Allow) C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe (Chaos Software Ltd.) [File not signed]
FirewallRules: [{F81B6A64-79F5-4735-A094-717D86BADF03}] => (Allow) C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\swrm.exe (Chaos Software Ltd.) [File not signed]
FirewallRules: [TCP Query User{DD44D9BB-AF87-40C9-90A0-9F84359BB5CE}C:\program files\sketchup\sketchup 2019\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2019\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [UDP Query User{D801008D-29E7-4E65-B3CB-14B762757A0A}C:\program files\sketchup\sketchup 2019\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2019\sketchup.exe (Trimble Navigation -> Trimble, Inc.) [File not signed]
FirewallRules: [{45649AF3-969F-4AE0-9435-FC0DC3385AC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3067ADED-6DCC-499B-A532-107D18F540D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{341039DC-B650-49F3-AF8D-566492D03171}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D3D4EFB1-2A52-451A-9F59-DA8BAA5D46DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F384B47-1CD9-4F1E-AFA2-B76333D79610}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{970F75B4-0A4C-4AE7-B465-2AC9AFB76841}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6E38C997-9A89-4B53-950E-FE610DAFB287}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{FAD052EA-B236-4E30-A327-9A9FFFB7701F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{58F39121-4553-474B-8094-66A9170D589B}D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{9FCF7491-59CB-455E-8093-790EBECDCC08}D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe] => (Allow) D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.199\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{6F38F655-6B34-4A48-9418-C0CBC573F333}D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{2ADD91A0-4A44-4478-A035-CD1A197ABD49}D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) D:\programas\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{75985F46-C3FE-43C7-818C-238496873873}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{64C8D8DB-73E8-4739-9CAD-6F60843AD064}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{8FF42FC7-B512-4405-995E-FB4E61E622CD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5D83DD80-112A-4786-8701-F93EF453C9CD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

26-04-2019 21:15:55 Punto de control programado
06-05-2019 17:59:19 Punto de control programado
08-05-2019 19:27:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2019 07:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Creative Cloud.exe, versión: 4.8.0.421, marca de tiempo: 0x5c472608
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000
Identificador del proceso con errores: 0x2160
Hora de inicio de la aplicación con errores: 0x01d505fd006d251c
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 31ac9a09-dad4-4f41-bd9b-8f7db25d45b6
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/08/2019 04:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.SystemSpeedup.Maintenance.exe, versión: 5.4.3.10308, marca de tiempo: 0x5c8a28ac
Nombre del módulo con errores: clr.dll, versión: 4.7.3394.0, marca de tiempo: 0x5c537182
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x00569fe7
Identificador del proceso con errores: 0xf3c
Hora de inicio de la aplicación con errores: 0x01d505e36d00f42c
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
Ruta de acceso del módulo con errores: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Identificador del informe: ef953dce-b4dc-417a-850d-e16b1c3ac578
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/08/2019 11:04:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Creative Cloud.exe, versión: 4.8.0.421, marca de tiempo: 0x5c472608
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000
Identificador del proceso con errores: 0x1f94
Hora de inicio de la aplicación con errores: 0x01d505b7b360540c
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 96558fd2-52bf-4d8e-b586-72a6e4c02fc3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/08/2019 11:04:12 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (05/08/2019 11:04:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (05/07/2019 04:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.SystemSpeedup.Maintenance.exe, versión: 5.4.3.10308, marca de tiempo: 0x5c8a28ac
Nombre del módulo con errores: clr.dll, versión: 4.7.3394.0, marca de tiempo: 0x5c537182
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x00569fe7
Identificador del proceso con errores: 0x4200
Hora de inicio de la aplicación con errores: 0x01d5051a4239aa34
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
Ruta de acceso del módulo con errores: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Identificador del informe: de9ffd67-42aa-4657-9386-645655029beb
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (05/06/2019 05:59:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed

System Error:
El sistema no puede encontrar el archivo especificado.
.

Error: (05/06/2019 05:59:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Antivirus since QueryServiceConfig API failed

System Error:
El sistema no puede encontrar el archivo especificado.
.


System errors:
=============
Error: (05/08/2019 07:29:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA LocalSystem Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

Error: (05/08/2019 07:29:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Display Container LS terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

Error: (05/08/2019 07:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/08/2019 07:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/08/2019 07:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/08/2019 07:17:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (05/08/2019 07:17:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio RemoteAccess se cerró con el error específico de servicio 
El nombre solicitado es válido pero no se encontraron datos del tipo solicitado.

Error: (05/08/2019 07:17:16 PM) (Source: RemoteAccess) (EventID: 20152) (User: )
Description: El proveedor de autenticación configurado actualmente no puede cargarse e inicializarse correctamente. El nombre solicitado es válido pero no se encontraron datos del tipo solicitado.


Windows Defender:
===================================
Date: 2019-02-26 11:45:26.371
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/CoinHive.A&threatid=2147729066&enterprise=0
Nombre: Trojan:JS/CoinHive.A
Id.: 2147729066
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.2571.0, AS: 1.283.2571.0, NIS: 1.283.2571.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-09 12:08:37.467
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/CoinHive.A&threatid=2147729066&enterprise=0
Nombre: Trojan:JS/CoinHive.A
Id.: 2147729066
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Versión de firma: AV: 1.283.2571.0, AS: 1.283.2571.0, NIS: 1.283.2571.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-11-11 18:52:02.010
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Gendows&threatid=2147646077&enterprise=0
Nombre: HackTool:Win32/Gendows
Id.: 2147646077
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_C:\Users\WILMER\Desktop\Windows Loader 2.1.rar; file:_C:\Users\WILMER\Desktop\Windows Loader 2.1.rar->Windows Loader 2.1.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.279.1641.0, AS: 1.279.1641.0, NIS: 1.279.1641.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-10-31 21:29:46.896
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {6F5C859C-501C-4329-82CC-DD6EE52A6A36}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-31 21:20:21.123
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E2D8FC91-317B-4BAC-A945-5DE5FC75570D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-10-28 15:56:55.485
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.279.652.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15400.4
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-04-07 19:54:00.749
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\WILMER\AppData\Local\Temp\7y4ch9x4g9\WinDivert64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. X455LF.205 08/03/2015
Motherboard: ASUSTeK COMPUTER INC. X455LF
Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 12190.41 MB
Available physical RAM: 9324.64 MB
Total Virtual: 18590.41 MB
Available Virtual: 15334.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:370.95 GB) (Free:277.89 GB) NTFS
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:512.84 GB) NTFS

\\?\Volume{c5903223-e94f-420c-ab4c-f537047d9663}\ () (Fixed) (Total:0.89 GB) (Free:0.45 GB) NTFS
\\?\Volume{33eaa6b6-79f0-4ce6-a240-8c471b0fae3e}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{527d4f00-e510-4bf5-97fe-97f16bcb11da}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C115E5F4)

Partition: GPT.

==================== End of Addition.txt ============================
#7

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{8be1f80b-ea9a-a1bc-858d-7f0b27518d4d2}\InprocServer32 -> 0x573999294E4DD401CA1DF33F1CEED4017F0000009501000000000000 => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [] => [X]
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: []
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {63319cba-b3a6-11e8-baed-3052cbebe2ae} - "E:\startme.exe"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {7d51b00c-2088-11e8-bace-3052cbebe2ae} - "E:\Startme.exe"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [3933296 2019-03-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {D4FFE1A1-2ECD-4D59-A545-A48274D4BFCE} - no filepath
Task: {DAE82408-A873-4A12-9225-B665F7E375CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DC29FBA2-8E96-490F-8C99-5EFC387EFAEC} - no filepath
Task: {E89C4869-2186-4D78-980B-FF9C6B415040} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (Baidu Search Update) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\features\{bc3c1d59-e83e-4676-beab-21b37b5d07fb}\[email protected] [2019-05-07]
U1 avgbdisk; no ImagePath
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
2019-05-08 19:18 - 2017-11-15 09:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-19 21:23 - 2019-04-19 21:23 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\SUPERAntiSpyware.com
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

#8

Aún siguen sin abrir los programas

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by WILMER (09-05-2019 14:44:18) Run:1
Running from C:\Users\WILMER\Desktop
Loaded Profiles: WILMER (Available Profiles: defaultuser0 & WILMER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{8be1f80b-ea9a-a1bc-858d-7f0b27518d4d2}\InprocServer32 -> 0x573999294E4DD401CA1DF33F1CEED4017F0000009501000000000000 => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Run: [] => [X]
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: []
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {63319cba-b3a6-11e8-baed-3052cbebe2ae} - "E:\startme.exe"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\MountPoints2: {7d51b00c-2088-11e8-bace-3052cbebe2ae} - "E:\Startme.exe"
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [3933296 2019-03-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {D4FFE1A1-2ECD-4D59-A545-A48274D4BFCE} - no filepath
Task: {DAE82408-A873-4A12-9225-B665F7E375CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DC29FBA2-8E96-490F-8C99-5EFC387EFAEC} - no filepath
Task: {E89C4869-2186-4D78-980B-FF9C6B415040} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (Baidu Search Update) - C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\features\{bc3c1d59-e83e-4676-beab-21b37b5d07fb}\[email protected] [2019-05-07]
U1 avgbdisk; no ImagePath
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
2019-05-08 19:18 - 2017-11-15 09:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-19 21:23 - 2019-04-19 21:23 - 000000000 ____D C:\Users\WILMER\AppData\Roaming\SUPERAntiSpyware.com
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-66125187-3135294938-1379978448-1001_Classes\CLSID\{8be1f80b-ea9a-a1bc-858d-7f0b27518d4d2} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1 => removed successfully
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2 => removed successfully
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3 => removed successfully
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1 => not found
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2 => not found
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3 => not found
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AccExt => removed successfully
HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\AccExt => removed successfully
HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`20hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`29hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowCpl" => removed successfully
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63319cba-b3a6-11e8-baed-3052cbebe2ae} => removed successfully
HKLM\Software\Classes\CLSID\{63319cba-b3a6-11e8-baed-3052cbebe2ae} => not found
HKU\S-1-5-21-66125187-3135294938-1379978448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d51b00c-2088-11e8-bace-3052cbebe2ae} => removed successfully
HKLM\Software\Classes\CLSID\{7d51b00c-2088-11e8-bace-3052cbebe2ae} => not found
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4FFE1A1-2ECD-4D59-A545-A48274D4BFCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4FFE1A1-2ECD-4D59-A545-A48274D4BFCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DAE82408-A873-4A12-9225-B665F7E375CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE82408-A873-4A12-9225-B665F7E375CD}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC29FBA2-8E96-490F-8C99-5EFC387EFAEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC29FBA2-8E96-490F-8C99-5EFC387EFAEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E89C4869-2186-4D78-980B-FF9C6B415040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E89C4869-2186-4D78-980B-FF9C6B415040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\WILMER\AppData\Roaming\Mozilla\Firefox\Profiles\vfrelyve.default\features\{bc3c1d59-e83e-4676-beab-21b37b5d07fb}\[email protected] => moved successfully
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\EuGdiDrv => removed successfully
EuGdiDrv => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\WILMER\AppData\Roaming\SUPERAntiSpyware.com => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-66125187-3135294938-1379978448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::714e:1610:3415:7fc8%10
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::1%10
                                       192.168.1.1

Adaptador de Ethernet Conexi¢n de red Bluetooth 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{97A65E61-B3BC-432A-8696-E8D8D7E72889} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49199264 B
Java, Flash, Steam htmlcache => 108872106 B
Windows/system/drivers => 1178838 B
Edge => 619220 B
Chrome => 148083 B
Firefox => 178223412 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 180539 B
LocalService => 0 B
NetworkService => 37892944 B
NetworkService => 0 B
defaultuser0 => 0 B
WILMER => 15710444 B

RecycleBin => 0 B
EmptyTemp: => 384.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-05-2019 14:50:28)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 14:50:28 ====
#9

Bien… pues vamos a revisar si queda algo en tu equipo. :thinking:

Ahora ejecuta un análisis con :arrow_forward: ESET Online y cuando te salga esta pantalla :


Debes seguir estos pasos :

  • 1.- Marcas :ballot_box_with_check: todas esas opciones.
  • 2.- Pulsar sobre " Cambiar……" y seleccionas todas las unidades de disco y/o usb que tengas.
  • 3.- Pulsar en “Iniciar” y comenzara el análisis.

Con esto realizaras un análisis completo de todo el equipo, cuando termines todo el proceso, guardas el informe, que veras la opción para exportar/guardar en TXT y lo dejas guardado en tu escritorio para ponerlo en tu próxima respuesta.

Finalizas el proceso desinfectando los elementos encontrados y Reinicia tu PC, y nos pones el informe en tu próxima respuesta.

Y coméntanos como funciona tu equipo.

Saludos.