Virus que anula mis antivirus


#1

Hola , tengo instalado avast premium y hoy mismo instale malware anti bytes o algo asi , cuando instale el malware la pc se congelo y se apago la pantalla , no podia hacer nada ni siquiera cuando presione el boton del case para apagar la pc forzosamente , al reinciar entre al modo seguro para usar el malware y avast pero ambos no funcionaban , ahora mismo sin estar en el modo seguro entre a avast pero tambien esta bloqueado , es decir ya no tengo proteccion alguna y cada semana mi pc se demora mas al encender ,a ahora tarda 5 minutos en estar activa para uso !! QUE HAGO ?


#2

Hola , tambien quiero mencionar que despues de instalar el malware y entrar en modo normal la pantalla se puso azul , la causa fue el malware asi que lo desintale , y ademas acabo de reparar mi avast con su herramienta de reparacion


#3

Hola

Descarga los siguientes programas y dejalos en el escritorio:

:one:

  • Ejecuta como admnistrador Rkill(botón derecho-ejecutar como administrador)
  • Se abrira una consola similar a CMD
  • Deja que trabaje de 2 a 5 minutos
  • Pega el reporte que esta dentro de Rkill.txt guardado en el escritorio. :warning: No reinicies el PC al terminar, y sigue con MBAM anti-rootkit :warning:

:two:

  • Actualiza MBAM Anti-Rootkit actualizando leyendo su manual, y ejecuta el analisis

Espero sus reportes y respectivos comentarios si aun sigue detectando. Saludos.


#4

MBM --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.700000 GHz
Memory total: 12820103168, free: 7751733248

Downloaded database version: v2018.12.04.11
Downloaded database version: v2018.12.04.11
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/04/2018 20:55:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\pwdrvio.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\system32\DRIVERS\amdkmpfd.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\drivers\aswNetSec.sys
\SystemRoot\system32\DRIVERS\aswNetNd6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\ICCWDT.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\ScreamingBAudio64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\womic.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0090.sys
\SystemRoot\system32\DRIVERS\tap-tb-0901.sys
\SystemRoot\system32\DRIVERS\tapwindscribe0901.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\CMUAC.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\ETdrv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\26149856.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.12.04.11
  rootkit: v2018.12.04.11

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a7eb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a7ebb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a7eb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a66aa90, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800a6559c0, DeviceName: \Device\0000007c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B7E4153

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 409393152
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600000  Numsec = 567171072
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8011e4c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8011e087a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011e4c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8011e08c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8011bbe2f0, DeviceName: \Device\000000b1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 112  Numsec = 31405712
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 16079781888 bytes
Sector size: 512 bytes

Done!
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AutodeskDesktopApp.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\cyberghost.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\drivereasy.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dtlauncher.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs32.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs64.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\pdvdlp.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\photoshop.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\powerdvd.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protonvpn.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\runsas.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\skype.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\superantispyware.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\unins000.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\webinstaller.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\windscribelauncher.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AutodeskDesktopApp.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\cyberghost.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\drivereasy.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dtlauncher.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs32.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs64.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\pdvdlp.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\photoshop.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\powerdvd.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protonvpn.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\runsas.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\skype.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\superantispyware.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\unins000.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\webinstaller.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\windscribelauncher.exe --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|Debugger --> [RiskWare.IFEOHijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|Debugger --> [RiskWare.IFEOHijack]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.

System shutdown occurred

RKILL Rkill 2.9.1 by Lawrence Abrams (Grinler)

Copyright 2008-2018 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/04/2018 08:52:08 PM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

  • No malware services found to stop.

Checking for processes to terminate:

  • No malware processes found to kill.

Checking Registry for malware related settings:

  • No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

  • Windows Defender Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender] “DisableAntiSpyware” = dword:00000001

Searching for Missing Digital Signatures:

  • No issues found.

Checking HOSTS File:

  • HOSTS file entries found:

Program finished at: 12/04/2018 08:52:23 PM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

PDT : CAMARADA ,AHORA CUANDO ENTRO A MI DISCO C NO PUEDO CREAR ARCHIVOS SOLO CARPETAS , ES NORMAL ? no recuerdo que fuera asi xD


#5

Por ahora todavía tenemos mas cosas que hacer…

Falta el Mbar.txt,pegamelo también y ademas:


Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.



#6

amigo del mbar ya lo pegue :v es este

EDITADO


#7

Efectivamente, pegas UNO de ellos, pero si miras el manual, veras que hay Dos, el Systemlog.txt que es el que me pusiste dos veces, pero falta el que te indique, mbar.txt…

Donde pone “informe de Analisis”


#8
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.12.04.11
  rootkit: v2018.12.04.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
user :: USER-PC [administrator]

04/12/2018 08:56:02 p.m.
mbar-log-2018-12-04 (20-56-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 266600
Time elapsed: 46 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 32
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AutodeskDesktopApp.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\cyberghost.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\drivereasy.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dtlauncher.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs32.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs64.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\pdvdlp.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\photoshop.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\powerdvd.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protonvpn.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\runsas.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\skype.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\superantispyware.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\unins000.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\webinstaller.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\windscribelauncher.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AutodeskDesktopApp.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\cyberghost.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\drivereasy.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dtlauncher.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs32.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\obs64.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\pdvdlp.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\photoshop.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\powerdvd.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protonvpn.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\runsas.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\skype.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\superantispyware.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\unins000.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\webinstaller.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\windscribelauncher.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]

Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe -> Delete on reboot. [bd1e88df9e1bd46295ab833af20eab55]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe" -> Delete on reboot. [da01b9ae9c1d270f4db91aa39d6354ac]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|Debugger (RiskWare.IFEOHijack) -> Data: C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe -> Delete on reboot. [bb20fe694277e155fe42cbf29a66f907]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe (RiskWare.IFEOHijack) -> Delete on reboot. [cb1066011e9bee488a7c3f7e16ea956b]

Physical Sectors Detected: 0
(No malicious items detected)

#9

Ok, ahora cuando los tengas, pega los logs de Malwarebytes y Adwcleaner y vas comentado como sigue el pc


#11
> Malwarebytewww.malwarebytes.coms
> 
> 
> -Detalles del registro-
> Fecha del análisis: 8/12/18
> Hora del análisis: 10:49
> Archivo de registro: d73cb1cc-fb00-11e8-b3d8-00ff103104a3.json
> 
> -Información del software-
> Versión: 3.6.1.2711
> Versión de los componentes: 1.0.508
> Versión del paquete de actualización: 1.0.8223
> Licencia: Prueba
> 
> -Información del sistema-
> SO: Windows 7 Service Pack 1
> CPU: x64
> Sistema de archivos: NTFS
> Usuario: user-PC\user
> 
> -Resumen del análisis-
> Tipo de análisis: Análisis personalizado
> Análisis iniciado por:: Manual
> Resultado: Completado
> Objetos analizados: 402706
> Amenazas detectadas: 1
> Amenazas en cuarentena: 1
> Tiempo transcurrido: 4 hr, 25 min, 15 seg
> 
> -Opciones de análisis-
> Memoria: Activado
> Inicio: Activado
> Sistema de archivos: Activado
> Archivo: Activado
> Rootkits: Activado
> Heurística: Activado
> PUP: Detectar
> PUM: Detectar
> 
> -Detalles del análisis-
> Proceso: 0
> (No hay elementos maliciosos detectados)
> 
> Módulo: 0
> (No hay elementos maliciosos detectados)
> 
> Clave del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Valor del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Datos del registro: 0
> (No hay elementos maliciosos detectados)
> 
> Secuencia de datos: 0
> (No hay elementos maliciosos detectados)
> 
> Carpeta: 0
> (No hay elementos maliciosos detectados)
> 
> Archivo: 1
> Generic.Malware/Suspicious, C:\WINDOWS\SETUP\SCRIPTS\TEMP\KMSERVICE.EXE, En cuarentena, [0], [392686],1.0.8223
> 
> Sector físico: 0
> (No hay elementos maliciosos detectados)
> 
> WMI: 0
> (No hay elementos maliciosos detectados)
> 
> 
> (end)

#12
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-08-2018
# Duration: 00:00:10
# OS:       Windows 7 Ultimate
# Cleaned:  16
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\Program Files (x86)\mipony
Deleted       C:\Users\user\AppData\Roaming\mipony
Deleted       C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Deleted       C:\Users\user\Documents\mipony

***** [ Files ] *****

Deleted       C:\Users\Invitado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted       C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted       C:\Users\Invitado\Desktop\MiPony.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\TSMApplication
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Deleted       HKLM\Software\Classes\mpybrowser
Deleted       HKLM\Software\Classes\mipony
Deleted       HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2525 octets] - [08/12/2018 15:17:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

amigo quiero detallar que no puedo crear archivos en el disco C solo carpetas , eso era nromal ? o era por el antivirus ya no lo recuerdo xd y quiero aclarar que la pc me anda mas rapido que al inicio


#15

En Disco C, solo puedes crear carpetas y luego dentro de estas, puedes crear , por ejemplo, documentos etc, pero directamente en C , con botón derecho - nuevo, solo sale la opción de Carpeta…

Es eso lo que me preguntas?

Si es así, lo que te mencione antes es como funciona el sistema ,no es ningún error ni causa del antivirus,es asi


Por otra parte, para verificar que todo este bien y eliminar si queda algo, realizas:

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#16
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by user (administrator) on USER-PC (12-12-2018 09:12:17)
Running from C:\Users\user\Desktop
Loaded Profiles: user &  (Available Profiles: user & Invitado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
() C:\Users\user\AppData\Local\Kingosoft\Kingo Root\update_37510\bin\KingoSoftService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Smart PC Utilities, Ltd.) D:\My pony descargas\GFTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7562456 2014-03-25] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-16] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [49152 2006-09-29] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Policies\Explorer: [] 
HKU\S-1-5-21-2082071340-3476837701-2702432445-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085920822\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2082071340-3476837701-2702432445-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085920822\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [11405416 2017-11-12] (Windscribe Limited)
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\windscribelauncher.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-04]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{ECB8006B-44F4-4CB8-A255-02D848890824}: [DhcpNameServer] 200.48.225.130 200.48.225.146

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ikujuja7.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ikujuja7.default [2018-10-01]
FF Extension: (Avast SafePrice) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ikujuja7.default\Extensions\[email protected] [2018-09-04]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ikujuja7.default\Extensions\[email protected] [2018-09-04]
FF Extension: (User Agent Switcher) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ikujuja7.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-10-13] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-28] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-18] (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2082071340-3476837701-2702432445-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
StartMenuInternet: Firefox-A8758A538F23BB34 - D:\GonVisor\firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.smarter.yt
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2018-12-12]
CHR Extension: (Traductor de Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-12-06]
CHR Extension: (YouTube Center Developer Build) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajijnmbjgaeekdpmpohgppkckmnagimk [2017-11-11] [UpdateUrl: hxxps://raw.github.com/YePpHa/YouTubeCenter/master/dist/chrome-update.xml] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-21]
CHR Extension: (AdGuard AdBlocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-11-22]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-12-04]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-21]
CHR Extension: (Improve YouTube! (Open-Source for YouTube)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2018-12-12]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-25]
CHR Extension: (EditThisCookie) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-30]
CHR Extension: (BriefTube - Instant video summarizer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfckdcbnnkobldfaefmhaigdolfniill [2017-12-31]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Save to Facebook) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-07-14]
CHR Extension: (SmartVideo For YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2017-12-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2018-10-23]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Extension: (Cortar audio) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2017-11-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.37PBB64OUV2S5YBH5CJCM6UGAA - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2018-11-16] (AVAST Software)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-07-26] (Apple Inc.)
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [205016 2018-08-03] (CyberGhost S.A.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
S4 Disc Soft Lite Bus Service; D:\Games\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-04-25] (Intel Corporation)
R2 KingoSoftService; C:\Users\user\AppData\Local\Kingosoft\Kingo Root\update_37510\bin\checkupdate.exe [367584 2016-07-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-12-04] ()
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [54024 2017-12-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [442472 2017-11-12] (Windscribe Limited)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [92944 2018-10-03] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-16] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-11-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512072 2018-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-16] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-23] (Bluestack System Inc. )
S1 cgnetfilter1521; C:\Windows\System32\drivers\cgnetfilter1521.sys [81696 2017-03-22] (Windows (R) Win 7 DDK provider)
R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.sys [646656 2015-06-25] (C-MEDIA)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-15] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-07-02] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-03] (Intel Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2018-12-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2018-12-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2018-12-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2018-12-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2018-12-12] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2018-04-21] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0090.sys [38432 2017-03-01] (SoftEther Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-09-13] (The OpenVPN Project)
R3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6416256 2011-07-08] (Etron)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35840 2017-05-06] (Windows (R) Win 7 DDK provider)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2018-02-12] (BigNox Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\D:\My pony descargas\GameFire.sys [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\user\Desktop\PROYECTO X "
2018-12-12 09:12 - 2018-12-12 09:12 - 000025539 _____ C:\Users\user\Desktop\FRST.txt
2018-12-12 09:11 - 2018-12-12 09:12 - 000000000 ____D C:\FRST
2018-12-12 09:10 - 2018-12-12 09:10 - 002417152 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2018-12-12 09:10 - 2018-12-12 09:10 - 001776640 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2018-12-12 08:58 - 2018-12-12 08:58 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-12 08:58 - 2018-12-12 08:58 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-12 08:57 - 2018-12-12 08:59 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-12 08:57 - 2018-12-12 08:57 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-11 09:07 - 2018-12-11 09:07 - 000027637 _____ C:\Users\user\Downloads\EXAMEN+DE+PROGRA+REAL.rar
2018-12-11 00:00 - 2018-12-11 00:03 - 000000000 ____D C:\Users\user\Desktop\EXAMEN DE PROGRA REAL
2018-12-10 23:45 - 2018-12-10 23:53 - 000000000 ____D C:\Users\user\Desktop\EXAMEN DE PROGRA
2018-12-09 14:33 - 2018-12-09 14:33 - 000000194 _____ C:\Users\user\Desktop\gustos.txt
2018-12-08 18:27 - 2018-12-08 19:00 - 996147203 _____ C:\Users\user\Downloads\D0MRv6-PGM.part01.rar
2018-12-08 15:25 - 2018-12-08 15:25 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-08 15:15 - 2018-12-08 15:15 - 000001611 _____ C:\Users\user\Desktop\informe.txt
2018-12-08 10:48 - 2018-12-08 10:48 - 000082595 _____ C:\Users\user\Desktop\LOHGG.txt
2018-12-08 10:33 - 2018-12-08 10:33 - 007321808 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_7.2.5.0.exe
2018-12-08 10:25 - 2018-12-08 10:25 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2018-12-08 10:24 - 2018-12-08 10:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-08 10:22 - 2018-12-08 10:23 - 081227760 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-08 00:57 - 2018-12-08 00:57 - 001810273 _____ C:\Users\user\Downloads\ENGLISH+II+PPT.pptx
2018-12-08 00:56 - 2018-12-08 00:56 - 001810273 _____ C:\Users\user\Desktop\ENGLISH II PPT.pptx
2018-12-07 23:35 - 2018-12-07 23:35 - 000090313 _____ C:\Users\user\Downloads\Sem16_GuiaLab+(Archivos) (1).pdf
2018-12-06 22:50 - 2018-12-06 22:50 - 001423696 _____ C:\Users\user\Downloads\ENGLISH II 5-6 (1).pptx
2018-12-06 22:46 - 2018-12-06 22:46 - 001423696 _____ C:\Users\user\Downloads\ENGLISH II 5-6.pptx
2018-12-06 19:46 - 2018-12-06 19:46 - 000018135 _____ C:\Users\user\Downloads\HITD  Examen Final LC Turno mañana.xlsx
2018-12-05 22:21 - 2018-12-05 22:21 - 000000000 ____D C:\Users\user\AppData\Local\Electronic Arts
2018-12-05 22:20 - 2018-12-05 22:20 - 000000000 ____D C:\Users\user\Documents\Electronic Arts
2018-12-05 22:15 - 2018-12-05 22:15 - 000000634 _____ C:\Users\Public\Desktop\Dead Space.lnk
2018-12-05 22:15 - 2018-12-05 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
2018-12-04 20:55 - 2018-12-04 20:55 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\26149856.sys
2018-12-04 20:53 - 2018-12-05 09:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-12-04 20:53 - 2018-12-04 21:44 - 000000000 ____D C:\Users\user\Desktop\mbar
2018-12-04 20:52 - 2018-12-04 20:52 - 000002334 _____ C:\Users\user\Desktop\Rkill.txt
2018-12-04 20:51 - 2018-12-04 20:51 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\iExplore.exe
2018-12-04 20:50 - 2018-12-04 20:50 - 014178840 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.10.3.1001.exe
2018-12-04 20:39 - 2018-12-04 20:39 - 005610750 _____ C:\Users\user\Downloads\user-guide-axini-en (1).pdf
2018-12-04 20:34 - 2018-12-04 20:34 - 005610750 _____ C:\Users\user\Downloads\user-guide-axini-en.pdf
2018-12-04 20:31 - 2018-12-04 20:31 - 000000000 ___HD C:\$AV_ASW
2018-12-04 15:21 - 2018-12-04 15:21 - 000360876 _____ C:\Users\user\Downloads\ZQ03  QuímicaGeneral final  noche_2017_1.pdf
2018-12-04 15:18 - 2018-12-04 15:18 - 007795580 _____ C:\Users\user\Downloads\VID-20181130-WA0102.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 006124333 _____ C:\Users\user\Downloads\VID-20181130-WA0083.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 003720812 _____ C:\Users\user\Downloads\VID-20181130-WA0101.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 003603950 _____ C:\Users\user\Downloads\VID-20181130-WA0100.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 003099598 _____ C:\Users\user\Downloads\VID-20181130-WA0072.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 003015424 _____ C:\Users\user\Downloads\VID-20181130-WA0095.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 002535630 _____ C:\Users\user\Downloads\VID-20181130-WA0078.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 002395103 _____ C:\Users\user\Downloads\VID-20181130-WA0076.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 001791093 _____ C:\Users\user\Downloads\VID-20181130-WA0094.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 001702024 _____ C:\Users\user\Downloads\VID-20181130-WA0051.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 001356746 _____ C:\Users\user\Downloads\VID-20181130-WA0069.3gp
2018-12-04 15:17 - 2018-12-04 15:17 - 001233421 _____ C:\Users\user\Downloads\VID-20181130-WA0077.mp4
2018-12-04 15:17 - 2018-12-04 15:17 - 000417885 _____ C:\Users\user\Downloads\VID-20181130-WA0068.mp4
2018-12-03 01:45 - 2018-11-16 12:11 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-12-03 01:03 - 2018-12-03 01:26 - 000490388 _____ C:\Windows\ntbtlog.txt
2018-12-03 00:48 - 2018-12-03 01:20 - 000000000 ____D C:\Windows\Minidump
2018-12-03 00:48 - 2018-12-03 01:19 - 603718298 _____ C:\Windows\MEMORY.DMP
2018-12-03 00:43 - 2018-12-08 10:24 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-03 00:43 - 2018-12-08 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-03 00:43 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-03 00:43 - 2018-12-03 00:43 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2018-12-03 00:42 - 2018-12-03 00:42 - 080557120 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025.exe
2018-12-02 22:47 - 2018-12-02 22:47 - 000090313 _____ C:\Users\user\Downloads\Sem16_GuiaLab+(Archivos).pdf
2018-12-01 23:53 - 2018-12-01 23:53 - 009891065 _____ C:\Users\user\Downloads\1_4947562335104401439.rar
2018-12-01 23:51 - 2018-12-01 23:55 - 000000000 ____D C:\Users\user\Downloads\COLE
2018-12-01 23:05 - 2018-12-02 00:55 - 000000000 ____D C:\Windows\SysWOW64\18120200_stream
2018-12-01 16:16 - 2018-12-01 22:59 - 000000000 ____D C:\Windows\SysWOW64\18120106_stream
2018-11-30 23:07 - 2018-11-30 23:07 - 000073326 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD11.pdf
2018-11-30 23:07 - 2018-11-14 21:39 - 000062944 _____ C:\Users\user\Desktop\TAREA 1 DE AUTOCAD.bak
2018-11-30 23:07 - 2018-11-03 22:46 - 000193504 _____ C:\Users\user\Desktop\autocad trabajo final 3.bak
2018-11-30 23:05 - 2018-11-30 23:05 - 000486256 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD11.bak
2018-11-30 22:57 - 2018-11-30 23:07 - 000487948 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD11.dwg
2018-11-30 22:57 - 2018-11-30 22:57 - 000241980 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD.dwg
2018-11-30 20:32 - 2018-11-30 20:32 - 000062968 _____ C:\Users\user\Desktop\TAREA 3.pdf
2018-11-30 20:31 - 2018-11-30 20:31 - 000061490 _____ C:\Users\user\Desktop\TAREA 1 DE AUTOCAD.pdf
2018-11-30 20:07 - 2018-11-30 14:37 - 000041853 _____ C:\Users\user\Desktop\TAREA 3.bak
2018-11-30 19:05 - 2018-11-30 19:05 - 000049842 _____ C:\Users\user\Downloads\cajetin+completo(+vertical).dwg
2018-11-30 19:05 - 2018-11-30 19:05 - 000040377 _____ C:\Users\user\Downloads\cajetin+(horizontal)+completo.dwg
2018-11-30 14:42 - 2018-11-30 23:08 - 000038656 _____ C:\Users\user\Desktop\tarea 3.txt
2018-11-30 14:37 - 2018-11-30 20:07 - 000061952 _____ C:\Users\user\Desktop\TAREA 3.dwg
2018-11-30 14:28 - 2018-11-30 14:28 - 000000211 ____H C:\Users\user\Documents\Drawing1.dwl2
2018-11-30 14:28 - 2018-11-30 14:28 - 000000061 ____H C:\Users\user\Documents\Drawing1.dwl
2018-11-29 20:27 - 2018-11-29 20:27 - 000000000 ____D C:\Users\user\AppData\Local\skybn
2018-11-29 20:14 - 2018-11-29 20:14 - 000203965 _____ C:\Users\user\Downloads\always-on-top.exe
2018-11-27 22:06 - 2018-11-27 22:06 - 014478164 _____ C:\Users\user\Downloads\1_5024299987501056042.rar
2018-11-26 22:18 - 2018-11-26 22:18 - 000051486 _____ C:\Users\user\Desktop\EXCEL.xlsx
2018-11-26 21:13 - 2018-11-26 21:13 - 010596933 _____ C:\Users\user\Downloads\Sociedad desarrollo urbano Lima 1900 1980 Antonio Zapata (1).pdf
2018-11-26 20:35 - 2018-11-26 20:37 - 003955572 _____ C:\Users\user\Downloads\Dialnet-FundamentosTeologicosDeLaActuacionPublicaDeBartolo-252577.pdf
2018-11-26 15:11 - 2018-11-26 15:11 - 000090000 _____ C:\Users\user\Downloads\radeon-software-adrenalin-18.11.2-minimalsetup-181119_64bit.exe
2018-11-24 00:09 - 2018-11-24 00:09 - 000033042 _____ C:\Users\user\Documents\Drawing1.dwg
2018-11-21 21:29 - 2018-11-21 21:30 - 000289055 _____ C:\Users\user\Downloads\jel.zip
2018-11-19 23:21 - 2018-11-19 23:21 - 000921741 _____ C:\Users\user\Desktop\Estadística descriptiva y probabilidades (2).pptx
2018-11-18 13:02 - 2018-11-18 13:02 - 001516497 _____ C:\Users\user\Downloads\descarga.htm
2018-11-18 13:02 - 2018-11-18 13:02 - 001433790 _____ C:\Users\user\Downloads\descarga (1).htm
2018-11-18 13:02 - 2018-11-18 13:02 - 001433327 _____ C:\Users\user\Downloads\descarga (2).htm
2018-11-18 13:02 - 2018-11-18 13:02 - 001432250 _____ C:\Users\user\Downloads\descarga (3).htm
2018-11-18 13:02 - 2018-11-18 13:02 - 001398873 _____ C:\Users\user\Downloads\descarga (5).htm
2018-11-18 13:02 - 2018-11-18 13:02 - 001335309 _____ C:\Users\user\Downloads\descarga (4).htm
2018-11-18 11:50 - 2018-11-18 11:50 - 000924336 _____ C:\Users\user\Desktop\Estadística descriptiva y probabilidades (1)pts.pptx
2018-11-18 11:49 - 2018-11-18 11:49 - 000013707 _____ C:\Users\user\Desktop\Encuestas (1)xd.xlsx
2018-11-18 11:48 - 2018-11-18 11:48 - 000924122 _____ C:\Users\user\Downloads\Estadística descriptiva y probabilidades (1).pptx
2018-11-18 11:48 - 2018-11-18 11:48 - 000013809 _____ C:\Users\user\Downloads\Encuestas (1).xlsx
2018-11-18 03:14 - 2018-11-18 03:14 - 000924122 _____ C:\Users\user\Downloads\Estadística descriptiva y probabilidades.pptx
2018-11-18 00:14 - 2018-11-18 00:14 - 000013809 _____ C:\Users\user\Downloads\Encuestas.xlsx
2018-11-16 18:39 - 2018-11-14 23:05 - 000189722 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD A MEDIO TERMINAR.bak
2018-11-16 17:38 - 2018-11-16 17:38 - 000585808 _____ C:\Users\user\Downloads\TRABAJO FINAL (1).pdf
2018-11-15 03:54 - 2018-11-15 03:54 - 000316330 _____ C:\Users\user\Downloads\13208-52594-1-PB (1).pdf
2018-11-15 03:46 - 2018-11-15 03:46 - 000316330 _____ C:\Users\user\Downloads\13208-52594-1-PB.pdf
2018-11-15 02:41 - 2018-11-15 02:41 - 000486021 _____ C:\Users\user\Downloads\19646-78039-2-PB.pdf
2018-11-14 23:05 - 2018-11-30 23:08 - 000079340 _____ C:\Users\user\Desktop\TAREEA 2 DE ATUOCAD A MEDIO TERMINAR.txt
2018-11-14 23:05 - 2018-11-16 18:39 - 000244640 _____ C:\Users\user\Desktop\TAREA 2 DE AUTOCAD A MEDIO TERMINAR.dwg
2018-11-14 21:54 - 2018-11-30 23:06 - 000119549 _____ C:\Users\user\Desktop\AUTOCAD TAREA 1 FINAL.txt
2018-11-14 21:50 - 2018-11-14 21:50 - 000000214 ____H C:\Users\user\Downloads\Drawing2.dwl2
2018-11-14 21:50 - 2018-11-14 21:50 - 000000063 ____H C:\Users\user\Downloads\Drawing2.dwl
2018-11-14 21:39 - 2018-11-30 23:07 - 000242785 _____ C:\Users\user\Desktop\TAREA 1 DE AUTOCAD.dwg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-12 09:10 - 2017-12-07 10:20 - 000005036 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for user-PC-user user-PC
2018-12-12 09:08 - 2018-09-04 21:46 - 000000000 ____D C:\Users\user\AppData\Local\AVAST Software
2018-12-12 09:08 - 2009-07-13 23:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-12 09:08 - 2009-07-13 23:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-12 08:56 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-12 01:00 - 2018-04-03 18:00 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-12-12 00:59 - 2018-11-05 04:00 - 000003152 _____ C:\Windows\System32\Tasks\StartCN
2018-12-12 00:59 - 2018-11-05 04:00 - 000003066 _____ C:\Windows\System32\Tasks\StartDVR
2018-12-12 00:59 - 2018-09-04 22:42 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-12-12 00:59 - 2018-03-13 22:22 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-12 00:59 - 2017-08-25 08:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-12-12 00:59 - 2017-08-22 10:38 - 000003066 _____ C:\Windows\System32\Tasks\{9CF9B835-5349-4EBC-8DEB-EB21F035A0BA}
2018-12-12 00:59 - 2017-07-18 01:44 - 000003102 _____ C:\Windows\System32\Tasks\{C236FC9A-BEC4-498A-975D-251B6EEE6949}
2018-12-12 00:59 - 2017-07-07 23:56 - 000003290 _____ C:\Windows\System32\Tasks\GameFire
2018-12-12 00:59 - 2017-07-07 23:56 - 000002982 _____ C:\Windows\System32\Tasks\GameFireSkipUAC
2018-12-12 00:59 - 2016-12-04 14:54 - 000003194 _____ C:\Windows\System32\Tasks\{2CD6C93C-36B7-484D-83FC-B93AEE2427D5}
2018-12-12 00:59 - 2016-12-04 14:45 - 000003034 _____ C:\Windows\System32\Tasks\{EFF8CBDC-EBA6-42B5-B86A-9DAD403631AB}
2018-12-12 00:59 - 2016-12-04 14:39 - 000003028 _____ C:\Windows\System32\Tasks\{7FBD0E2F-A226-4928-8552-0C121886BA46}
2018-12-12 00:59 - 2016-06-04 16:20 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-12 00:59 - 2016-03-23 15:11 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-12-12 00:59 - 2016-03-21 23:49 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-12 00:59 - 2016-03-21 23:49 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-12 00:58 - 2017-04-06 18:31 - 000000000 ____D C:\Users\user\AppData\Local\Battle.net
2018-12-12 00:55 - 2018-09-05 07:12 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-12-11 15:11 - 2017-04-06 18:27 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-12-11 14:07 - 2018-09-04 21:40 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-11 07:33 - 2017-08-25 08:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-09 18:43 - 2018-05-31 19:02 - 000000000 ____D C:\Users\user\Desktop\MEMES
2018-12-08 23:22 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-12-08 22:57 - 2018-10-18 17:51 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-12-08 15:17 - 2016-03-30 23:46 - 000000000 ____D C:\AdwCleaner
2018-12-05 23:22 - 2016-06-04 16:20 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-05 23:22 - 2016-06-04 16:20 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-05 23:22 - 2016-06-04 16:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-05 23:22 - 2016-06-04 16:19 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-05 09:37 - 2010-11-21 02:09 - 000747120 _____ C:\Windows\system32\perfh00A.dat
2018-12-05 09:37 - 2010-11-21 02:09 - 000158592 _____ C:\Windows\system32\perfc00A.dat
2018-12-05 09:37 - 2009-07-14 00:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-05 09:37 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-12-04 20:56 - 2016-03-30 23:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-04 20:46 - 2017-08-23 19:09 - 000000000 ____D C:\Program Files\ANTRYX AXINI 7.1 GAMING HEADSET
2018-12-04 20:45 - 2016-06-03 13:50 - 000000000 ____D C:\Program Files\OBS
2018-12-04 18:42 - 2018-06-01 03:08 - 000000000 ____D C:\Users\user\Desktop\UTP HERRAMIENTAS
2018-12-03 06:47 - 2017-07-01 21:57 - 000000000 ____D C:\Users\user\Desktop\Cosas nuevas
2018-12-03 01:46 - 2018-11-04 04:09 - 000001922 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2018-12-03 01:12 - 2016-05-08 14:20 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-12-02 22:48 - 2018-05-29 19:28 - 000000000 ____D C:\Users\user\Desktop\Examen
2018-11-30 23:07 - 2018-11-03 22:46 - 000287600 _____ C:\Users\user\Desktop\autocad trabajo final 3.dwg
2018-11-27 20:53 - 2016-03-21 23:49 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 20:53 - 2016-03-21 23:49 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-26 14:05 - 2018-11-04 04:08 - 000512072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-11-23 11:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-11-23 11:22 - 2018-10-10 04:28 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-11-22 03:48 - 2018-04-21 16:19 - 000000328 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-11-22 03:41 - 2018-06-14 10:23 - 000003496 _____ C:\Windows\System32\Tasks\BlueStacksHelper
2018-11-22 03:41 - 2018-04-21 16:19 - 000003734 _____ C:\Windows\System32\Tasks\Driver Easy Scheduled Scan
2018-11-21 22:43 - 2017-06-26 03:18 - 000000132 _____ C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-11-17 23:17 - 2017-06-15 14:55 - 000000000 ____D C:\Users\user\Documents\My Games
2018-11-17 18:52 - 2016-12-11 15:24 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-16 12:11 - 2018-09-04 21:40 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-16 12:11 - 2018-09-04 21:40 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-16 12:10 - 2018-10-19 11:04 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-16 12:09 - 2018-09-04 21:40 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-16 12:09 - 2018-09-04 21:40 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-16 12:09 - 2018-09-04 21:40 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-16 12:09 - 2018-09-04 21:40 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-16 12:09 - 2018-09-04 21:40 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-16 12:08 - 2018-11-04 04:03 - 000004194 _____ C:\Windows\System32\Tasks\Avast Cleanup Update

==================== Files in the root of some directories =======

2017-06-26 03:18 - 2018-11-21 22:43 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-04-12 22:08 - 2017-02-08 20:21 - 000000132 _____ () C:\Users\user\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2017-03-12 21:04 - 2017-03-12 21:04 - 000045270 _____ () C:\Users\user\AppData\Roaming\room_v3.dat
2016-07-28 02:42 - 2016-07-28 03:22 - 000000172 _____ () C:\Users\user\AppData\Local\uts.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-08 16:50

==================== End of FRST.txt ============================

#17
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by user (12-12-2018 09:13:40)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-22 00:03:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2082071340-3476837701-2702432445-500 - Administrator - Disabled)
Invitado (S-1-5-21-2082071340-3476837701-2702432445-501 - Limited - Disabled) => C:\Users\Invitado
user (S-1-5-21-2082071340-3476837701-2702432445-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.10.2 - Advanced Micro Devices, Inc.)
ANTRYX AXINI 7.1 GAMING HEADSET (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0021 - C-Media Electronics, Inc.)
Aplicación Blizzard (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Aplicaciones destacadas de Autodesk 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.45.5 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\{5F0F7049-0000-1033-0102-73A6DA3D7FA6}) (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.76.1867 - BlueStack Systems, Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Citra (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\{bc44478e-2d40-4882-943f-047c86551801}) (Version: 1.0.0 - Citra Team)
Citra (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\{bc44478e-2d40-4882-943f-047c86551801}) (Version: 1.0.0 - Citra Team)
Curse (HKLM-x32\...\{75080CC9-4C7A-45C4-B149-9C2790FA88F6}) (Version: 6.0.0.0 - Curse)
CyberGhost 6 (HKLM\...\CyberGhost 6) (Version: 6.6.0.3645 - CyberGhost S.A.)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dead Space versión 1.0 (HKLM-x32\...\Dead Space_is1) (Version: 1.0 - EA Games)
Discord (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Discord) (Version: 0.0.301 - Discord Inc.)
Doom 3 (HKLM-x32\...\{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Nombre de su organización) Hidden
Driver Easy 5.6.2 (HKLM\...\DriverEasy_is1) (Version: 5.6.2 - Easeware)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
EVEREST Ultimate Edition v4.60 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.60 - Lavalys, Inc.)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Game Fire (HKLM\...\{6C64CABD-079D-4F32-A182-DDAE45311394}) (Version: 6.1.3025 - Smart PC Utilities)
God of War II (HKLM-x32\...\God of War IIRepack by morsilla) (Version: Repack by morsilla - Taringa.net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Chrome (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\Google Chrome) (Version: 29.0.1530.2 - Google Inc.)
Google Chrome (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\Google Chrome) (Version: 29.0.1530.2 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Importación de SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 8 Update 161 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180161}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
Loquendo TTS: Carmen (Spanish) (HKLM-x32\...\LoqTTS-Carmen_is1) (Version:  - )
Loquendo TTS: Diego (Spanish) (HKLM-x32\...\LoqTTS-Diego_is1) (Version:  - )
Loquendo TTS: Juan (Spanish) (HKLM-x32\...\LoqTTS-Juan_is1) (Version:  - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.6 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MorphVOX Pro (HKLM-x32\...\{0BBDAD55-68E5-4ABD-91CD-C2A8E11B3743}) (Version: 4.3.13 - Screaming Bee)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 58.0.1 (x64 es-ES)) (Version: 58.0.1 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}) (Version: 7.02.0936 - Nero AG)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.5.2 - Duodian Technology Co. Ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PHDGD Virtual VRAM Tool version 1.0 (HKLM-x32\...\{FB97A218-8B43-43BE-A721-C199C6589D08}_is1) (Version: 1.0 - PHDGD/IntelliModder32)
Photoshop CS5 Extended 12.0 (HKLM-x32\...\Photoshop CS5 Extended 12.0) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2211.0 - CyberLink Corporation)
ProtonVPN (HKLM-x32\...\{7860327A-6EEB-4B82-B414-99A5D0A72BA0}) (Version: 1.3.1 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.3.1) (Version: 1.3.1 - ProtonVPN AG)
PSeInt (HKLM-x32\...\PSeInt) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Return to Castle Wolfenstein (HKLM-x32\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Screen Recorder Launcher (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\ScreenRecorderLauncher) (Version: 2.0 - )
Screen Recorder Launcher (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\ScreenRecorderLauncher) (Version: 2.0 - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.25.9656 - SoftEther VPN Project)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1242 - SUPERAntiSpyware.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Traductor versión 3.0 (HKLM-x32\...\{E6394084-49EF-4122-A8DF-229CD370F2CC}_is1) (Version: 3.0 - Traducciones MCX)
Twitch (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unity Web Player (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0-3) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: 0.0.0.0 - Blizzard Entertainment)
Webcam (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.6 - ETRON)
WhatsApp (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinRAR 5.00 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.1 - win.rar GmbH)
WO Mic Client (HKLM-x32\...\WOMic) (Version:  - )
Wondershare Data Recovery(Build 3.0.0.27) (HKLM-x32\...\Wondershare Data Recovery_is1) (Version: 3.0.0.27 - Wondershare Software Co.,Ltd.)
xDark™ VLC Player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - C18™)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> D:\AUTOCAD\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> D:\AUTOCAD\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\AUTOCAD\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> D:\AUTOCAD\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> D:\AUTOCAD\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\AUTOCAD\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2082071340-3476837701-2702432445-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085920822_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-06] (Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers1-x32: [TextAloud] -> {BF31B0FB-AE0E-488F-BFD6-416FA2F9915F} => D:\CUPHEAD\TextAloud\TAContextMenu.dll [2010-05-17] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-04-30] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-04-30] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-19] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DreamScene] -> {BE800AEB-A440-4B63-94CD-AA6B43647DF9} => C:\Windows\System32\DreamScene.dll [2017-12-19] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-04-23] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-04-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-04-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-04-30] (Alexander Roshal)

#18
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {022C059F-53AA-4861-9B3F-46CDD9C68F67} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-10-19] (Advanced Micro Devices, Inc.)
Task: {0E1058DA-90AF-4BD5-A17A-490D45F31567} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-27] (AVAST Software)
Task: {1D9CCD76-92F9-4FA6-A83F-0F148F5C9285} - System32\Tasks\{7FBD0E2F-A226-4928-8552-0C121886BA46} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {352B0BCC-CFAC-47BD-AC13-62D586AD0F5D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3E6084B1-B554-484C-A537-F623EBD6E0D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)
Task: {45583B31-7DA0-41BB-B859-C0B32EFE7E0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {498636DA-71C9-47C3-A09F-586480AC59CE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-16] (AVAST Software)
Task: {56529DF1-ABDE-477E-88A9-1F37AD0281DA} - System32\Tasks\GameFire => D:\My pony descargas\GFTray.exe [2017-06-01] (Smart PC Utilities, Ltd.)
Task: {5797A340-887B-4B28-9C3B-DA8A24969EC4} - System32\Tasks\{9CF9B835-5349-4EBC-8DEB-EB21F035A0BA} => C:\Windows\system32\pcalua.exe -a E:\TL-WN951N\Setup.exe -d E:\TL-WN951N
Task: {5D87D811-DFDF-4BCD-8C44-8633A916075F} - System32\Tasks\Driver Easy Scheduled Scan => D:\MUS\DriverEasy\DriverEasy.exe [2018-04-12] (Easeware)
Task: {693BB226-778F-4DC5-A2A6-FEAE23E42D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for user-PC-user user-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {6F9E32F1-9C83-47C2-B986-2201C6191E05} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7270011E-7DC4-4438-8840-B682901E12DB} - System32\Tasks\{C236FC9A-BEC4-498A-975D-251B6EEE6949} => C:\Windows\system32\pcalua.exe -a D:\maplestory\appdata\Setup.exe -d D:\maplestory\appdata
Task: {73E64187-C1EE-478B-81A8-277E2FFFA4F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {7AC1F32A-0973-4604-980B-1FD5DF099207} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {7B9C3287-83B5-4F93-A541-4FD1275637A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {7E2E5DC8-3643-4F8F-94CF-D4FA198A16C4} - System32\Tasks\{EFF8CBDC-EBA6-42B5-B86A-9DAD403631AB} => C:\Windows\system32\pcalua.exe -a F:\instmsia.exe -d F:\
Task: {88EF1F64-18B4-499B-B4CA-001A6BF716E8} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
Task: {9435FA9E-586D-43BD-A19E-6C1D13AFBA41} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-10-19] (Advanced Micro Devices, Inc.)
Task: {9E4A1A36-3870-4EDB-ADC8-778DBC2ABC69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)
Task: {A3B5DBBF-D01A-4242-9F7B-1E8624ADBF89} - System32\Tasks\BlueStacksHelper => D:\Bluestacks\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-06-08] (BlueStack Systems, Inc.)
Task: {B9129505-66D2-421D-9DF8-1C2ED994DAB4} - System32\Tasks\GameFireSkipUAC => D:\My pony descargas\GameFire.exe [2017-06-01] (Smart PC Utilities, Ltd.)
Task: {BF5F64F6-9238-4B89-8344-5549DD06AFC9} - System32\Tasks\{2CD6C93C-36B7-484D-83FC-B93AEE2427D5} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\Wolf-by-.CompucaliTV\setup.exe -d C:\Users\user\Downloads\Wolf-by-.CompucaliTV
Task: {C02C53A2-1F10-450E-B052-1A455764A44E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {C7362AF2-CAAE-49C0-908C-CA8B466D5E7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => D:\MUS\DriverEasy\DriverEasy.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\980b6e4d5257aa74\mobile browser emulator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lbofcampnkjmiomohpbaihdcbjhbfepf

==================== Loaded Modules (Whitelisted) ==============

2016-03-21 20:04 - 2013-05-07 06:45 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-07-28 02:42 - 2016-07-28 02:40 - 000017376 _____ () C:\Users\user\AppData\Local\Kingosoft\Kingo Root\update_37510\bin\KingoSoftService.exe
2016-12-04 14:43 - 2016-12-04 15:01 - 000075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-12-08 10:24 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-08 10:24 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-16 12:10 - 2018-11-16 12:10 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-27 22:15 - 2018-06-27 22:15 - 002552832 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-03-11 15:31 - 2018-09-10 13:33 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-11-27 20:53 - 2018-11-16 00:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-11-27 20:53 - 2018-11-16 00:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-11-16 12:10 - 2018-11-16 12:10 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-16 12:10 - 2018-11-16 12:10 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-16 12:10 - 2018-11-16 12:10 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-16 12:09 - 2018-11-16 12:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-16 12:10 - 2018-11-16 12:10 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-12-12 09:00 - 2018-12-12 09:00 - 005786256 _____ () C:\Program Files\AVAST Software\Avast\defs\18121202\algo.dll
2016-03-21 20:04 - 2018-12-12 08:56 - 000027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-03-21 20:04 - 2013-05-07 06:45 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2018-09-04 21:45 - 2018-09-04 21:45 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-04 04:03 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-03 15:34 - 2018-11-16 12:06 - 000000091 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.mirillis.com
127.0.0.1 s0ft4pc.com
127.0.0.1 serwer2.paka-service.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2082071340-3476837701-2702432445-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2082071340-3476837701-2702432445-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085918244\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2082071340-3476837701-2702432445-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12122018085920822\Control Panel\Desktop\\Wallpaper -> C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Twitch.lnk => C:\Windows\pss\Twitch.lnk.Startup
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "D:\Games\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\user\AppData\Local\Discord\app-0.0.297\Discord.exe
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: ManyCam => "D:\adsfad\ManyCam.exe" --silent
MSCONFIG\startupreg: NetLimiter => D:\adsfad\NLClientApp.exe /tray
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: Steam => "D:\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: USB Security => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: Windscribe => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6E07BCC1-0862-4C31-AB38-5460331C9F36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13.exe
FirewallRules: [{DD2CB090-C266-4C00-BA33-3F702FDEABDE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
FirewallRules: [{9FF4791B-7F09-49D7-8524-4566072B46F6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
FirewallRules: [{3DAEF23C-2E23-41E4-ADA0-06473BC0CA31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13ML.exe
FirewallRules: [{777821D1-E50C-4563-B213-526BAEA52BE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD.exe
FirewallRules: [{D1D6DE34-35D8-4398-A820-2BA94A235D91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe
FirewallRules: [{B1A336F9-4161-4A85-946F-EDB315EE2BCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{206B98BA-B0D1-478E-9542-8D5B3152F714}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{76FC2E63-5080-4C4E-9983-1E560603654A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{970BFB4A-4B9E-4548-A049-B1B0A9763190}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{3E7622B3-BDDB-433D-9B84-ACF049CA50ED}F:\lol\warcraft iii\war3.exe] => (Allow) F:\lol\warcraft iii\war3.exe
FirewallRules: [UDP Query User{1090D7E6-9B54-4450-AD35-5082ED8339AF}F:\lol\warcraft iii\war3.exe] => (Allow) F:\lol\warcraft iii\war3.exe
FirewallRules: [{953934EB-50D5-4D05-9F6F-A3BCCE36C692}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED80A89A-BDA9-48BF-BA69-4F9F36E343DA}] => (Allow) LPort=8317
FirewallRules: [{148F277A-1B1F-4345-A8F9-334A521B239A}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C5894CF2-D177-44DF-A481-07A24BB8A4C5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{08D27178-0867-45A7-B7CA-1E1D1226A6B8}] => (Allow) LPort=2869
FirewallRules: [{83AD2631-6B9B-4F08-93EB-686C5EA50E9E}] => (Allow) LPort=1900
FirewallRules: [{A33F1EB1-22E2-474A-A8A4-55CFB039D96D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{721A78DE-9CE0-4105-8F35-0D07CD5E664A}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{813903E4-552D-44EF-89DF-663AAABC007E}F:\liteserver\setup\data\wolf2mplite.exe] => (Allow) F:\liteserver\setup\data\wolf2mplite.exe
FirewallRules: [UDP Query User{42A76B9B-2DE6-44CA-8CFF-72AE5ABE3CD8}F:\liteserver\setup\data\wolf2mplite.exe] => (Allow) F:\liteserver\setup\data\wolf2mplite.exe
FirewallRules: [{A335C6AA-39BD-4FE6-9529-16E2C8984542}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA2F2779-4016-48DB-BD8D-E26E0AB817D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9DF98C4F-DA8A-4D1D-9EE7-CCE45BFD6DA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{84BA0CA2-E81D-4D35-A682-F3FA1FED3FBC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B1AF7A9F-FD48-4C48-9C36-750412CC93FD}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{F9BCD853-10BE-47FD-8FD3-6C85DAF2B627}] => (Allow) C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe
FirewallRules: [{4B824620-6AC5-4D05-BD43-690D93287C38}] => (Allow) C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe
FirewallRules: [{299418F7-C515-4FCC-94DB-30D3A1E1D9BB}] => (Allow) C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe
FirewallRules: [{CB11BF53-5486-40C6-9931-19C5FCD604C0}] => (Allow) C:\Program Files (x86)\Blizzard App\Battle.net Launcher.exe
FirewallRules: [TCP Query User{6D860247-3B32-4564-B3C4-4D2775C915F2}C:\users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [UDP Query User{0845A244-0030-4821-9C99-1EC7D23706BD}C:\users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe] => (Allow) C:\users\user\downloads\downloader_warcraft3_the_frozen_throne_enus.exe
FirewallRules: [TCP Query User{2892092D-7180-465A-8E32-944BD9778791}C:\users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [UDP Query User{44CFD743-C7F5-479B-A483-D74A527FBE71}C:\users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe] => (Allow) C:\users\user\downloads\downloader_warcraft3_reign_of_chaos_enus.exe
FirewallRules: [{71F46EE0-2761-4AC5-8D19-F9E35B2A82BA}] => (Allow) LPort=3724
FirewallRules: [{E89C2174-FA91-4B6D-817E-AD4E70DFB87E}] => (Allow) LPort=3724
FirewallRules: [{944E37FC-A989-45AD-A7A9-687094F96CF8}] => (Allow) C:\Windows\SysWOW64\firefox.exe
FirewallRules: [{6E884176-7642-4EE1-8362-5F7DA2C98282}] => (Allow) C:\Windows\SysWOW64\firefox.exe
FirewallRules: [{19B10537-56AF-4C52-AAE8-4F89E232ED22}] => (Allow) D:\Bluestacks\WOMic\womicclient.exe
FirewallRules: [{1349F67E-C7CD-4536-A32C-F51C42C2EFD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABDCF8D9-0655-4FD0-AB5D-131899EE3904}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1011CF59-31FC-4503-92F9-530C5040781F}D:\warcraft\warcraft 3 + frozen throne\war3.exe] => (Allow) D:\warcraft\warcraft 3 + frozen throne\war3.exe
FirewallRules: [UDP Query User{36394593-EE70-44B6-995B-26C358EAA9C1}D:\warcraft\warcraft 3 + frozen throne\war3.exe] => (Allow) D:\warcraft\warcraft 3 + frozen throne\war3.exe
FirewallRules: [TCP Query User{AFEFF4A0-BC98-40CD-936D-9E689AA86211}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{F7E8F81B-F6C2-4E43-9991-BF85139348F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [TCP Query User{BC9DCB7B-397D-4359-AF72-39E88FEC7193}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{7EA86A71-E1C4-4961-B1DA-133E4679C63D}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{4787950D-88F0-4E29-9AC6-7F824DC6DECE}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{C24F4C61-7A17-47B0-ADDB-5B31302D548D}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [TCP Query User{9BBADBDF-40EE-4EAE-A4DF-BD8E2F5C8D24}C:\program files (x86)\blizzard app\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.exe
FirewallRules: [UDP Query User{5C9BF369-FFD1-4BEF-80AC-A964A96690BF}C:\program files (x86)\blizzard app\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.exe
FirewallRules: [{5C632CA4-6394-4892-A85B-CCDC81BF0063}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{161089F4-EA24-482D-8A97-0C897A5AE309}C:\program files (x86)\blizzard app\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.exe
FirewallRules: [UDP Query User{C35E46E0-E2EB-47F6-9BDE-DECCA8ADDB7A}C:\program files (x86)\blizzard app\battle.net.exe] => (Allow) C:\program files (x86)\blizzard app\battle.net.exe
FirewallRules: [TCP Query User{BE149088-7B15-40C1-9BFF-2C713D3C3664}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{D6471DC8-297F-4DD4-887F-1443618304AF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [TCP Query User{EEBFA060-182A-4991-9EF3-386F4B4DC104}D:\warcraft\warcraft 3 + frozen throne\war3.exe] => (Block) D:\warcraft\warcraft 3 + frozen throne\war3.exe
FirewallRules: [UDP Query User{5F922755-5A73-455D-8184-B365B9A36D54}D:\warcraft\warcraft 3 + frozen throne\war3.exe] => (Block) D:\warcraft\warcraft 3 + frozen throne\war3.exe
FirewallRules: [TCP Query User{48028065-34AD-4F7E-8CC8-6C9EA09B2859}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsettings.exe
FirewallRules: [UDP Query User{AE1AE471-7FE6-419E-8B0C-986779161D39}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsettings.exe
FirewallRules: [TCP Query User{F909E756-2C7A-4529-B244-8D0EBFEC4927}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsettings.exe
FirewallRules: [UDP Query User{C98D07F5-6489-46A3-B78D-503AFC71520C}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsettings.exe
FirewallRules: [TCP Query User{26CA6441-1E8F-4016-9E15-A991400C70AB}D:\my pony descargas\flltshltr112-pgme\fallout 4\fallout4.exe] => (Allow) D:\my pony descargas\flltshltr112-pgme\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{796C2938-F899-42E9-937C-428582435CC3}D:\my pony descargas\flltshltr112-pgme\fallout 4\fallout4.exe] => (Allow) D:\my pony descargas\flltshltr112-pgme\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{737673CB-7E9C-450C-96C6-88CF5614C32F}D:\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{A10FF309-B23F-4164-86F1-D17EDD329EC4}D:\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [TCP Query User{949421F9-9528-46EE-BE47-5B92944304D8}D:\starcraft ii\versions\base67188\sc2.exe] => (Allow) D:\starcraft ii\versions\base67188\sc2.exe
FirewallRules: [UDP Query User{434D95B1-AE68-423A-908B-62326B5BF388}D:\starcraft ii\versions\base67188\sc2.exe] => (Allow) D:\starcraft ii\versions\base67188\sc2.exe
FirewallRules: [TCP Query User{FF2CB679-D85B-4F81-8E48-AD336D6CF011}D:\starcraft ii\versions\base67926\sc2.exe] => (Allow) D:\starcraft ii\versions\base67926\sc2.exe
FirewallRules: [UDP Query User{BEAFF19B-3F33-4C0F-A73B-967866C1240E}D:\starcraft ii\versions\base67926\sc2.exe] => (Allow) D:\starcraft ii\versions\base67926\sc2.exe
FirewallRules: [{5DC231D9-AAAF-439C-A1A9-F2DCF95503AD}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{30575252-8CD0-418A-9F60-6220D76B2B34}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{6EFE4314-A0BE-41FF-9C1E-155649246B1B}] => (Allow) D:\Steam\steamapps\common\Dead Frontier 2\DeadFrontier2.exe
FirewallRules: [{FF00C9B2-D1C2-4F0D-86FF-CED0CED76FF9}] => (Allow) D:\Steam\steamapps\common\Dead Frontier 2\DeadFrontier2.exe
FirewallRules: [{12DAE9E7-5A29-4CFF-8B39-3EB3B5D4D04C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{9BB652F4-AF53-493A-9FF0-E8E43E4C12F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{EE3FDFA5-2850-40D4-8A09-4BDA245AB9C6}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{FFC54B42-A6DB-4074-B15E-4B2C71304B36}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{133BEC77-C2C5-4CCB-932E-296FDD17D038}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BA0F057C-F4CA-43B3-BE92-16EC69D1C0EF}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{6F811AFD-7966-4948-9FA1-55A55707DF2C}D:\dawn iii\warhammer 40000 dawn of war iii\relicdow3.exe] => (Allow) D:\dawn iii\warhammer 40000 dawn of war iii\relicdow3.exe
FirewallRules: [UDP Query User{F4A99602-F2A9-47C7-8C8C-FC467920EA72}D:\dawn iii\warhammer 40000 dawn of war iii\relicdow3.exe] => (Allow) D:\dawn iii\warhammer 40000 dawn of war iii\relicdow3.exe
FirewallRules: [TCP Query User{57643A92-20B1-4C14-9BC9-49C722D17555}D:\starcraft ii\versions\base69232\sc2.exe] => (Allow) D:\starcraft ii\versions\base69232\sc2.exe
FirewallRules: [UDP Query User{C2E6B9F4-62D6-436C-BDDD-4BDD832DDF18}D:\starcraft ii\versions\base69232\sc2.exe] => (Allow) D:\starcraft ii\versions\base69232\sc2.exe
FirewallRules: [{CDEB7B90-9EA2-4F97-8296-346B814774A5}] => (Allow) D:\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{0928DA47-3FC2-4E1C-8D9C-C69F74B2FB58}] => (Allow) D:\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{4A80683D-22CA-4000-B75B-5A0DE7421375}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [{F3ED7C9B-81EE-4B29-BAA0-E084719A5FB0}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [{920EA2D1-0EAC-4071-8803-0DA7DA9EDF9F}] => (Allow) D:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{893AB865-F856-4A20-B22E-117A77B3ABDD}] => (Allow) D:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{B2C7D020-20B1-48C3-8075-B98EAEC2FB1F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{119E80ED-E151-4742-B433-0E865897DC06}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5E5487D6-0DB2-4027-BCB5-9AC33BDED6FE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{51A52DE9-461E-49B0-B75B-15ED90F38AA5}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [{1077A498-9AC8-4FC7-AB55-02E28B39F57D}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
StandardProfile\GloballyOpenPorts: [6112:UDP] => Enabled:war udp
StandardProfile\GloballyOpenPorts: [6112:TCP] => Enabled:war tcp

==================== Restore Points =========================

03-12-2018 04:11:11 Punto de control programado
04-12-2018 21:43:49 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Management Engine Interface 
Description: Intel(R) Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR938x Wireless Network Adapter #2
Description: Qualcomm Atheros AR938x Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Windscribe VPN
Description: Windscribe VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Windscribe.com
Service: tapwindscribe0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2018 08:57:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (12/12/2018 08:57:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: igfxCUIService.exe, versión: 6.15.10.3574, marca de tiempo: 0x53582143
Nombre del módulo con errores: igfxCUIService.exe, versión: 6.15.10.3574, marca de tiempo: 0x53582143
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000eba8
Id. del proceso con errores: 0x458
Hora de inicio de la aplicación con errores: 0x01d49222836d76fc
Ruta de acceso de la aplicación con errores: C:\Windows\system32\igfxCUIService.exe
Ruta de acceso del módulo con errores: C:\Windows\system32\igfxCUIService.exe
Id. del informe: e2c68e7f-fe15-11e8-998a-e03f49a5aca6

Error: (12/12/2018 08:57:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/11/2018 02:20:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (12/11/2018 02:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: igfxCUIService.exe, versión: 6.15.10.3574, marca de tiempo: 0x53582143
Nombre del módulo con errores: igfxCUIService.exe, versión: 6.15.10.3574, marca de tiempo: 0x53582143
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000000110cc
Id. del proceso con errores: 0x460
Hora de inicio de la aplicación con errores: 0x01d49183948d0e4f
Ruta de acceso de la aplicación con errores: C:\Windows\system32\igfxCUIService.exe
Ruta de acceso del módulo con errores: C:\Windows\system32\igfxCUIService.exe
Id. del informe: 7648ac9f-fd77-11e8-abea-e03f49a5aca6

Error: (12/11/2018 02:01:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (12/11/2018 02:01:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/11/2018 08:57:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/12/2018 09:02:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.

Error: (12/12/2018 08:59:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.

Error: (12/12/2018 08:58:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.

Error: (12/12/2018 08:57:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 y APPID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (12/12/2018 08:57:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cgnetfilter1521

Error: (12/12/2018 08:57:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Intel(R) HD Graphics Control Panel Service se cerró con el siguiente error: 
Error no especificado

Error: (12/11/2018 09:07:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.

Error: (12/11/2018 05:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.


CodeIntegrity:
===================================

Date: 2018-12-12 08:56:39.282
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-12 08:56:39.282
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-12 08:56:34.087
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\cgnetfilter1521.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-12 08:56:34.087
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\cgnetfilter1521.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-11 18:55:53.635
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-11 18:55:53.634
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-11 13:58:56.550
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-12-11 13:58:56.550
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 40%
Total physical RAM: 12226.2 MB
Available physical RAM: 7308.26 MB
Total Virtual: 42690.61 MB
Available Virtual: 36881.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:39.24 GB) NTFS
Drive d: (Disco local ) (Fixed) (Total:270.45 GB) (Free:105.7 GB) NTFS

\\?\Volume{31cf6644-ef86-11e5-8214-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3B7E4153)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#19

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\D:\My pony descargas\GameFire.sys [X]
S3 X6va063; \??\C:\Windows\SysWOW64\Drivers\X6va063 [X]
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\980b6e4d5257aa74\mobile browser emulator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lbofcampnkjmiomohpbaihdcbjhbfepf
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:$DATA​ [16]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema