Win32 / CoinMiner.DV en svchost.exe


#1

Mi ESET me lanza el siguiente mensaje : Win32 / CoinMiner.DV en svchost.exe

le doy a desinfectar y me dice que no puede.

Sugerencias? Gracias

Enhorabuena por el cambio :slight_smile:


#2

Hola carol, bievenida al nuevo foro de Infospyware :tada::confetti_ball::balloon:

Sigue los pasos que te indico:

:one: Malewarebytes Anti-Maleware

Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware , revisa en detalle el manual, para que sepas usarlo y configurarlo. Te doy las instrucciones de esta versión 3

• Haces clic en Analizar :arrow_forward: Selecciona Análisis de amenazas

• Haces clic en Iniciar análisis y esperas pacientemente a que lo termine

• Nota: Si activaste la versión de Prueba o tienes la versión PREMIUM. Malwarebytes debe enviar las amenazas automáticamente a cuarentena; si has desactivado la cuarentena automática o estas usando la versión FREE. Deberas Seleccionar todo lo que encuentre y presionar el boton Quarentena Seleccionada para enviar las amenazas a cuarentena manualmente.

• Reinicia el equipo para completar el procedimiento de desinfección

El reporte del último análisis que has realizado lo encontraras:

• Haces clic en Informes

• Marcas la casilla que corresponda al análisis que realizaste ( fíjate por la fecha y hora ) y debe decir Informe de análisis;

• Clic al botón Ver informe

• Clic al botón Exportar :arrow_forward: selecciona Archivo de texto (*.txt)

• Ponle el nombre que quieras y lo pegas en este Tema.

:two: Realiza un escaneo en línea ESET Online Scanner

Manual de ESET Online Scanner.

:three: AdwCleaner

Descarga AdwCleaner | InfoSpyware en el escritorio.

• Cierra también todos los programas que tengas abiertos.

• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.)

• Pulsar en el botón Escanear , y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar .

• Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas .

• Guardas el reporte que te aparecerá y lo anexas en un mensaje.

• El informe también se puede encontrar en C:\Archivos de programa o C: Archivos de programa(x86), si el sistema es de 64 bits –Adwcleaner- AdwCleaner[CX].txt

:four: ZHPCleaner

Ejecutar ZHPCleaner siguiendo su manual. Anexas el reporte en un nuevo mensaje del foro.

:five: CCleaner

Descarga, instala y/o actualiza Ccleaner

  • Abres Ccleaner en la pestaña limpiador dejas como está configurada predeterminadamente :arrow_forward: haces clic en analizar y esperas que termine :arrow_forward: clic en ejecutar limpiador
  • clic en la pestaña Registro :arrow_forward: clic en buscar problemas y esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad

:warning: :arrow_forward: Muy Importante: :arrow_forward: envuelve cada uno de los informes con una etiqueta CODE_Inicial escrita al inicio del informe y otra como este CODE_Final al final del mismo. El texto a incluir debe encontrarse en líneas diferentes a las etiquetas.


#3
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 18/10/18
Hora del análisis: 20:11
Archivo de registro: 2b2b627e-d301-11e8-9b58-c86000173e04.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7419
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Mavi-PC\Mavi

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 274269
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 3 min, 4 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
ESET
D:\Instaladores\ccsetup318.exe	Win32/Bundled.Toolbar.Google.E aplicación potencialmente no segura	desinfectado por eliminación
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-19-2018
# Duration: 00:00:16
# OS:       Windows 7 Professional
# Scanned:  31969
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic            C:\ProgramData\DC85D83F

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
~ ZHPCleaner v2018.10.14.184 by Nicolas Coolman (2018/10/14)
~ Run by Mavi (Administrator)  (20/10/2018 09:56:37)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Mavi\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mavi\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (42)

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Users\Mavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk  [Bad : C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO archivo: C:\ProgramData\KMSAutoS  =>HackTool.WinActivator
MOVIDO archivo: C:\Users\Mavi\AppData\Local\MSfree Inc  =>HackTool.WinActivator

---\  Registro ( Claves, Valores, Datos) (5)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06ECA6F2C5509064B9330FEB9AEA519E [C:\Program Files (x86)\Solvusoft\DriverDoc\Notification.dll (Not File)]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\072A0AE032C063BDD36BCF46BDC35F0C [C:\Program Files (x86)\Solvusoft\DriverDoc\HTML\gfx\account\ (Not File)]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B51C13962E8BF49BAFEA042FB2D4A6 [C?\Program Files (x86)\Solvusoft\Tray\SuiteClient.dll]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{650580EA-978C-4C04-81B9-BA53BB34BCBE} [Solvusoft Corporation]  =>.SUP.Solvusoft

---\  Resumen de elementos en su estación de trabajo (3)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Solvusoft

---\ Limpieza adicional. (2)
~ Clave de registro Tracing borrados (2)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito

---\ STATISTIQUES
~ Items escaneado : 1289
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 0/7
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h08mn55s

---\  Reporte (2)
ZHPCleaner-[S]-20102018-00_11_23.txt
ZHPCleaner-[R]-20102018-10_05_32.txt

Mientras analizaba, me ha saltado varias veces >>

Memoria operativa=\windows\SysWOW64\systeminfo.exe


#4

Gracias por los informes enviados.

El informe de Adware Cleaner es de sólo escaneo. Necesito que vuelvas a ejecutarlo pero que esta vez le des a eliminar. Quizá me lo enviaste antes de eliminarlo. Es otra posibilidad. Pero confírmalo por favor.

Vamos a ejecutar el programa Dr Web Cureit:

DrWebCureit

  1. Descarga y ejecuta DrWebCureIt >> https://www.infospyware.com/antivirus-gratis/drweb/ (en Windows 7 u 8 ejecutar como "Administrador")
  2. Marca la casilla “Estoy de acuerdo en participar en las pruebas de mejora…” y pulsa el botón “Continuar” .
  3. Marque en “Seleccione objetos a escanear” . En la siguiente ventana, marque todos los objetos.
  4. Pulsar el botón “Comenzando Escaneo”

Si lo desea, dedica unos segundos a leer el manual de DrCureIt

  • Esta herramienta puede tardar muchísimo (horas) en realizar su escaner, pero ármate de paciencia y déjala que termine su trabajo.
  • Su reporte es bastante largo. si te encuentra algo déjame solo la parte del reporte donde se expone las infecciones, en el log (recuerda poner el log en la config en mínimo, en el manual dice cómo hacerlo) dirá lo siguiente
-----------------------------------------------------------------------------
Startcuring
-----------------------------------------------------------------------------

#5

Gracias. realizo lo que me indicas y te cuento


#6
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-21-2018
# Duration: 00:00:01
# OS:       Windows 7 Professional
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\DC85D83F

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1285 octets] - [19/10/2018 18:29:13]
AdwCleaner[C00].txt - [1451 octets] - [19/10/2018 18:30:22]
AdwCleaner[S01].txt - [1407 octets] - [20/10/2018 23:09:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Start curing
-----------------------------------------------------------------------------

C:\Windows\system32\drivers\etc\hosts - cured
C:\Users\Mavi\Documents\JDownloader2_Clean_Installer.exe - quarantined
C:\Users\Mavi\Documents\Instaladores Y Programas\Corel.Pinnacle.Studio.Ultimate.v18.1.Multilingual\PinnacleStudio18_ULT_32bit_Setup.exe - quarantined

Total 30739688397 bytes in 34173 files scanned (81599 objects)
Total 34199 files (80661 objects) are clean
Total 3 files are infected
Total 3 files are neutralized
Total 35 files (933 objects) are raised error condition
Scan time is 00:13:54.312

#7

Gracias por los informes. Ya tienes 4 malewares menos en tu PC.

SI ejecutas de nuevo tu antivirus ESET, vuelve a mostrarte el mensaje de virus sobre el archivo svchost.exe?

En caso de que sea así, entonces te sugiero que analices ese archivo usando :slight_smile:

  1. la web de Virustotal. Que analiza el archivo subido en base a decenas de antivirus diferentes. Me subes un pantallazo con el resultado de VirusTotal.

  2. la web de Kaspersky que analiza el archivo con su motor de búsqueda de malewares.


#8

No, ahora me salta con:

memoria operativa=\windows\sysWOW64\systeminfo.exe


#9

Hola @carol y con permiso

1- Ejecuta según el manual:

___________________________________________________________________________

2- Luego:

  • Descarga Hitman Pro >> HitmanPro 3.7.9 | InfoSpyware

  • Ejecuta HitmanPRO, (en Windows 7 u 8 ejecutar como "Administrador")

  • Presiona el botón: "Siguiente".

Dejamos marcada la opción recomendada >> Instalar una copia en el equipo<< y desmarcamos las casillas adicionales

  • En "Configuración", desmarcamos análisis de Cookies y “aceptar”

  • Pulsamos Siguiente

Una vez finalizado el escaneo HitmanPRO incluye 30 días gratuitos para la eliminación de los posibles malwares detectados.

  • Cuando la búsqueda haya finalizado, se mostrará la ventana Resultados del análisis.

  • Recuerde OMITIR los marcados como Sospechosos

  • Pulsamos en Siguiente, para que Hitman realice lo necesario con las amenazas encontradas

El informe también lo puede encontrar en Configuración>> Historial >> Registros

__________________________________________________________________________

3 - Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#10

Malwarebytes anti-rootkit Beta: No malware found

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Mavi (administrator) on MAVI-PC (22-10-2018 15:08:11)
Running from C:\Users\Mavi\Desktop
Loaded Profiles: Mavi & DefaultAppPool (Available Profiles: Mavi & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18368512 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [177928 2018-09-21] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [0 ] (AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f2] => C:\ProgramData\WlNAgat\dc85d83f.exe [937776 2018-10-22] (AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdc85d83f2db73c8e70c270b7fa8a3fb.lnk [2018-10-21]
ShortcutTarget: bdc85d83f2db73c8e70c270b7fa8a3fb.lnk -> C:\MAVI-PC\iiwtvmhgfq.exe (AutoIt Team)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Firefox <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0A623B7B-40EC-4CED-A5EF-D572E22320C8}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0F7DEDFE-3D72-4082-94FA-E40E628BBCE4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{140542A6-736D-470E-9844-81C7DFD47FDF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{140542A6-736D-470E-9844-81C7DFD47FDF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F94776C7-D1F3-49BD-9988-CF03FD2A7A8E}: [NameServer] 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-09-26] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-26] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: nup6skaj.default
FF ProfilePath: C:\Users\Mavi\AppData\Roaming\TomTom\HOME\Profiles\qkyt918m.default [2018-04-22]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default [2018-10-22]
FF Homepage: Mozilla\Firefox\Profiles\nup6skaj.default -> www.google.es/
FF Extension: (uBlock Origin) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\Extensions\[email protected] [2018-09-25]
FF Extension: (DownThemAll!) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-05-10] [Legacy]
FF Extension: (Firefox Monitor) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\features\{d65c3caa-a4af-4795-8ecb-6d32a2c29043}\[email protected] [2018-09-29]
FF Extension: (Telemetry coverage) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\features\{d65c3caa-a4af-4795-8ecb-6d32a2c29043}\[email protected] [2018-09-29] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-19] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-19] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]

Chrome: 
=======
CHR Profile: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default [2018-10-22]
CHR Extension: (Presentaciones) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Documentos) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-11]
CHR Extension: (YouTube) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-11]
CHR Extension: (uBlock Origin) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-10-08]
CHR Extension: (Angels Heaven) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebggokncjhegpmpkjcjanmcmbegobpao [2018-05-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-20]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-10-10]
CHR Extension: (Hojas de cálculo) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-11-11]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
CHR Extension: (Gmail) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-23]
CHR Profile: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-20]
CHR HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

Opera: 
=======
OPR Extension: (Fast search) - C:\Users\Mavi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-09] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260144 2018-09-21] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260144 2018-09-21] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [141512 2018-09-21] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188824 2018-09-21] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-09-21] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-10] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8244312 2013-06-19] (Realtek Semiconductor Corp.)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

#11

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-22 15:16 - 2018-10-22 15:16 - 000000000 ____D C:\ProgramData\nWjkROdAr
2018-10-22 15:08 - 2018-10-22 15:09 - 000021664 _____ C:\Users\Mavi\Desktop\FRST.txt
2018-10-22 15:07 - 2018-10-22 15:08 - 000000000 ____D C:\FRST
2018-10-22 15:06 - 2018-10-22 15:06 - 002414592 _____ (Farbar) C:\Users\Mavi\Desktop\FRST64.exe
2018-10-22 13:34 - 2018-10-22 13:34 - 000000000 ____D C:\Program Files\HitmanPro
2018-10-22 13:33 - 2018-10-22 13:49 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-22 13:33 - 2018-10-22 13:33 - 011576808 _____ (SurfRight B.V.) C:\Users\Mavi\Desktop\hitmanpro_x64.exe
2018-10-22 12:40 - 2018-10-22 13:31 - 000000000 ____D C:\Users\Mavi\Desktop\mbar
2018-10-22 12:40 - 2018-10-22 13:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-22 12:40 - 2018-10-22 12:40 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5116D726.sys
2018-10-22 12:40 - 2018-10-22 12:40 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-10-22 12:37 - 2018-10-22 12:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Mavi\Desktop\mbar-1.10.3.1001.exe
2018-10-21 00:40 - 2018-10-21 09:04 - 000000000 ____D C:\Users\Mavi\Doctor Web
2018-10-21 00:40 - 2018-10-21 00:40 - 000000000 ____D C:\ProgramData\Doctor Web
2018-10-21 00:37 - 2018-10-21 00:38 - 180110800 _____ C:\Users\Mavi\Desktop\cureit.exe
2018-10-21 00:36 - 2018-10-21 00:36 - 000001573 _____ C:\Users\Mavi\Desktop\AdwCleaner[C01].txt
2018-10-20 13:37 - 2018-10-20 13:37 - 007592144 _____ (Malwarebytes) C:\Users\Mavi\Desktop\adwcleaner_7.2.4.0.exe
2018-10-20 13:35 - 2018-10-20 13:35 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2018-10-20 11:08 - 2018-10-20 13:29 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2018-10-20 11:08 - 2018-10-20 13:29 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2018-10-20 11:08 - 2018-10-20 13:29 - 000002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2018-10-20 11:08 - 2018-10-20 11:08 - 000002100 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2018-10-20 11:08 - 2018-10-20 11:08 - 000001986 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2018-10-19 18:27 - 2018-10-19 18:30 - 000000000 ____D C:\AdwCleaner
2018-10-19 12:53 - 2018-10-19 12:54 - 000000000 ____D C:\Users\Mavi\Desktop\101MSDCF
2018-10-18 09:44 - 2018-10-18 09:44 - 000156529 _____ C:\Users\Mavi\Desktop\IVA 3T Pago.pdf
2018-10-17 12:04 - 2018-10-17 12:04 - 000115330 _____ C:\Users\Mavi\Desktop\IVA 3T 2018.pdf
2018-10-14 12:39 - 2018-10-22 15:07 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\1b56771ce39dab34de1448b88e12b38f
2018-10-14 12:39 - 2018-10-21 09:01 - 000000000 ___HD C:\MAVI-PC
2018-10-13 08:31 - 2018-10-13 08:31 - 000000000 ____D C:\Users\Mavi\AppData\Local\mbamtray
2018-10-13 08:30 - 2018-10-13 08:30 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-13 08:30 - 2018-10-13 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-13 08:30 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-10 12:54 - 2018-10-10 12:54 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-10 11:16 - 2018-10-10 11:16 - 000002043 _____ C:\Users\Mavi\Desktop\JDownloader 2.lnk
2018-10-10 11:16 - 2018-10-10 11:16 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2018-10-10 11:15 - 2018-10-11 12:40 - 000000000 ____D C:\Users\Mavi\AppData\Local\JDownloader v2.0
2018-10-10 10:34 - 2018-10-10 10:35 - 000001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-10-10 10:34 - 2018-10-10 10:35 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-10 10:34 - 2018-10-10 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-10-10 10:18 - 2018-10-10 10:18 - 000000801 _____ C:\Users\Mavi\Desktop\INSTRUCCIONES.ByINFORMACIONLIBRE.txt
2018-10-10 09:53 - 2018-10-10 09:59 - 000000000 ____D C:\Users\Mavi\Downloads\Telegram Desktop
2018-10-10 09:42 - 2018-10-15 22:08 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Telegram Desktop
2018-10-10 09:42 - 2018-10-10 09:42 - 000000946 _____ C:\Users\Mavi\Desktop\Telegram.lnk
2018-10-10 09:42 - 2018-10-10 09:42 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-10-10 09:23 - 2018-10-10 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-10 09:14 - 2018-09-19 10:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 09:14 - 2018-09-18 21:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-10 09:14 - 2018-09-18 20:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 09:14 - 2018-09-18 07:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-10 09:14 - 2018-09-18 07:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-10 09:14 - 2018-09-18 07:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 09:14 - 2018-09-18 07:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-10 09:14 - 2018-09-18 07:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-10 09:14 - 2018-09-18 07:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-10 09:14 - 2018-09-18 07:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-10 09:14 - 2018-09-18 07:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-10 09:14 - 2018-09-18 07:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-10 09:14 - 2018-09-18 07:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-10 09:14 - 2018-09-18 07:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-10 09:14 - 2018-09-18 07:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-10 09:14 - 2018-09-18 07:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-10 09:14 - 2018-09-18 07:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-10 09:14 - 2018-09-18 07:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-10 09:14 - 2018-09-18 07:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-10 09:14 - 2018-09-18 07:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-10 09:14 - 2018-09-18 07:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 09:14 - 2018-09-18 07:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-10 09:14 - 2018-09-18 07:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 09:14 - 2018-09-18 07:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-10 09:14 - 2018-09-18 07:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-10 09:14 - 2018-09-18 06:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-10 09:14 - 2018-09-18 06:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-10 09:14 - 2018-09-18 06:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-10 09:14 - 2018-09-18 06:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-10 09:14 - 2018-09-18 06:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-10 09:14 - 2018-09-18 06:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-10 09:14 - 2018-09-18 06:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-10 09:14 - 2018-09-18 06:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-10 09:14 - 2018-09-18 06:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-10 09:14 - 2018-09-18 06:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-10 09:14 - 2018-09-18 06:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-10 09:14 - 2018-09-18 06:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 09:14 - 2018-09-18 06:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-10 09:14 - 2018-09-18 06:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-10 09:14 - 2018-09-18 06:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-10 09:14 - 2018-09-18 06:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-10 09:14 - 2018-09-18 06:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-10 09:14 - 2018-09-18 06:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-10 09:14 - 2018-09-18 06:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-10 09:14 - 2018-09-18 06:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 09:14 - 2018-09-18 06:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-10 09:14 - 2018-09-18 06:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-10 09:14 - 2018-09-18 06:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-10 09:14 - 2018-09-18 06:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-10 09:14 - 2018-09-18 06:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-10 09:14 - 2018-09-18 06:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 09:14 - 2018-09-18 06:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-10 09:14 - 2018-09-18 06:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-10 09:14 - 2018-09-18 06:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-10 09:14 - 2018-09-18 06:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-10 09:14 - 2018-09-18 06:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-10 09:14 - 2018-09-18 06:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-10 09:14 - 2018-09-18 05:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-10 09:14 - 2018-09-18 05:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-10 09:14 - 2018-09-18 05:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 09:14 - 2018-09-18 05:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-10 09:14 - 2018-09-18 05:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-10 09:14 - 2018-09-18 05:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-10 09:14 - 2018-09-18 05:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-10 09:14 - 2018-09-18 05:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-10 09:14 - 2018-09-18 05:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-10 09:14 - 2018-09-18 05:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 09:14 - 2018-09-18 05:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 09:14 - 2018-09-18 05:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-10 09:14 - 2018-09-11 20:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-10 09:14 - 2018-09-11 20:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-10 09:14 - 2018-09-11 20:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-10 09:14 - 2018-09-09 03:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-10 09:14 - 2018-09-09 03:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-10 09:14 - 2018-09-09 03:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-10 09:14 - 2018-09-09 03:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-10 09:14 - 2018-09-09 03:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-10 09:14 - 2018-09-09 03:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-10 09:14 - 2018-09-09 03:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-10 09:14 - 2018-09-09 03:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-10 09:14 - 2018-09-09 03:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-10 09:14 - 2018-09-09 03:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-10 09:14 - 2018-09-09 02:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-10 09:14 - 2018-09-09 02:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-10 09:14 - 2018-09-09 02:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-10 09:14 - 2018-09-09 02:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-10 09:14 - 2018-09-09 02:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-10 09:14 - 2018-09-09 02:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 09:14 - 2018-09-09 02:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-10 09:14 - 2018-09-09 02:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-10 09:14 - 2018-09-09 02:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 09:14 - 2018-09-09 02:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-10 09:14 - 2018-09-09 02:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-10 09:14 - 2018-09-09 02:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-10 09:14 - 2018-09-09 02:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-10 09:14 - 2018-09-09 02:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-10 09:14 - 2018-09-09 02:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-10 09:14 - 2018-09-09 02:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-10 09:14 - 2018-09-09 02:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-10 09:14 - 2018-09-09 02:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-10 09:14 - 2018-09-09 02:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-10 09:14 - 2018-09-09 02:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-10 09:14 - 2018-09-09 02:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-10 09:14 - 2018-09-09 02:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-10 09:14 - 2018-09-09 02:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-10 09:14 - 2018-09-09 02:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-10 09:14 - 2018-09-09 02:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-10 09:14 - 2018-09-09 02:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 09:14 - 2018-09-09 02:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 09:14 - 2018-08-28 08:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-10 09:14 - 2018-08-28 08:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-10 09:14 - 2018-08-28 08:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-10 09:14 - 2018-08-28 08:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-10 09:14 - 2018-08-28 08:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-10 09:14 - 2018-08-28 08:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-10 09:14 - 2018-08-28 08:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 09:14 - 2018-08-28 07:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-10 09:14 - 2018-08-28 07:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-10 09:14 - 2018-08-28 07:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-10 09:14 - 2018-08-16 04:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-10 09:14 - 2018-08-13 23:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-10 09:14 - 2018-08-13 17:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-10 09:14 - 2018-08-12 22:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-10 09:14 - 2018-08-12 22:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-10 09:14 - 2018-08-08 17:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-10 09:14 - 2018-08-08 17:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-10 09:14 - 2018-08-08 17:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-10 09:14 - 2018-08-08 17:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-10-09 13:53 - 2018-10-09 13:53 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-10-09 13:53 - 2018-10-09 13:53 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-10-09 13:53 - 2018-10-09 13:53 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-10-09 13:53 - 2018-10-09 13:53 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-10-09 09:57 - 2018-10-09 09:57 - 000000040 ____H C:\331FF0D3E3DD
2018-10-09 09:56 - 2018-10-20 13:35 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Adobe
2018-10-09 09:56 - 2018-10-20 13:00 - 000000000 ____D C:\ProgramData\Adobe
2018-10-09 09:56 - 2018-10-18 11:50 - 000000000 ____D C:\Users\Mavi\AppData\Local\Adobe
2018-10-06 19:50 - 2018-10-06 19:52 - 000000000 ____D C:\Users\Mavi\Documents\Mediña Mama
2018-10-06 19:27 - 2018-10-06 19:27 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Tracker Software
2018-10-03 13:05 - 2018-09-19 23:32 - 000675112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-10-03 13:05 - 2018-09-19 23:32 - 000367416 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-10-03 13:05 - 2018-09-19 23:32 - 000334640 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-10-03 13:05 - 2018-09-19 23:32 - 000195888 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_2.dll
2018-10-03 13:05 - 2018-09-19 23:32 - 000087864 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-10-03 13:05 - 2018-09-19 23:32 - 000032048 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-10-03 12:39 - 2018-10-03 12:39 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Mavi-PC-Mavi
2018-10-03 12:25 - 2018-10-03 13:05 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-10-03 12:23 - 2018-10-20 11:09 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-10-03 12:22 - 2018-10-03 12:22 - 000001974 _____ C:\Users\Mavi\Documents\Adobe Acrobat DC.lnk
2018-09-30 08:23 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2018-09-28 08:50 - 2018-09-28 08:50 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Google
2018-09-26 09:13 - 2018-10-20 11:12 - 000000000 ____D C:\Users\Mavi\.afirma
2018-09-26 09:13 - 2018-09-26 09:13 - 000000962 _____ C:\Users\Mavi\Documents\AutoFirma.lnk
2018-09-26 09:13 - 2018-09-26 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoFirma
2018-09-26 09:13 - 2018-09-26 09:13 - 000000000 ____D C:\Program Files\AutoFirma
2018-09-26 09:05 - 2018-09-26 09:05 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Sun
2018-09-26 09:05 - 2018-09-26 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-09-26 09:05 - 2018-09-26 09:04 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-09-26 09:04 - 2018-09-26 09:04 - 000000000 ____D C:\Program Files\Java
2018-09-24 22:07 - 2018-09-24 22:07 - 000000976 _____ C:\Users\Mavi\Documents\TomTom MyDrive Connect.lnk
2018-09-24 19:47 - 2018-09-24 19:47 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2018-09-23 10:56 - 2018-09-23 10:56 - 000001080 _____ C:\Users\Mavi\Desktop\Vídeos - Acceso directo.lnk
2018-09-23 10:37 - 2018-10-09 09:56 - 000010334 _____ C:\Users\Mavi\Desktop\Photoshop.exe - Acceso directo.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-22 14:28 - 2018-02-11 17:28 - 000000911 _____ C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {5E3B475A-48ED-42F3-830E-C05BC17EA35B}.job
2018-10-22 14:21 - 2017-02-28 00:59 - 000000988 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-22 13:48 - 2017-10-31 23:17 - 000000000 ____D C:\Users\Mavi\AppData\Local\CrashDumps
2018-10-22 13:48 - 2017-02-01 17:32 - 000000000 ___RD C:\Users\Mavi\Desktop\Descargas
2018-10-22 13:48 - 2017-01-11 15:39 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\uTorrent
2018-10-22 13:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-10-22 12:41 - 2017-11-14 15:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-22 09:21 - 2017-02-28 00:59 - 000000984 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-22 05:02 - 2009-07-14 06:45 - 000035360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-22 05:02 - 2009-07-14 06:45 - 000035360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-21 12:15 - 2009-07-14 11:31 - 000816658 _____ C:\Windows\system32\perfh00A.dat
2018-10-21 12:15 - 2009-07-14 11:31 - 000186528 _____ C:\Windows\system32\perfc00A.dat
2018-10-21 12:15 - 2009-07-14 07:13 - 001854082 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-21 09:01 - 2016-12-01 11:48 - 000000000 ____D C:\Users\Mavi
2018-10-21 09:01 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-21 00:33 - 2009-07-14 06:45 - 000377784 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-20 13:33 - 2017-01-14 15:23 - 000000000 ____D C:\Users\Mavi\AppData\LocalLow\Adobe
2018-10-20 11:10 - 2016-12-01 12:17 - 000099088 _____ C:\Users\Mavi\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-20 11:07 - 2017-01-29 03:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-20 11:04 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-10-20 00:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-10-19 18:37 - 2017-04-08 14:57 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491656257
2018-10-19 18:37 - 2017-04-08 14:56 - 000000000 ____D C:\Program Files\Opera
2018-10-19 08:49 - 2017-01-11 15:55 - 000000000 ____D C:\Users\Mavi\Documents\Instaladores Y Programas
2018-10-18 19:52 - 2017-01-02 22:07 - 000000000 ____D C:\Users\Mavi\AppData\LocalLow\Mozilla
2018-10-18 18:04 - 2017-01-11 16:18 - 000000000 ____D C:\Users\Mavi\Documents\Abogada
2018-10-18 14:01 - 2017-10-24 22:38 - 001828668 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-18 13:49 - 2017-10-24 13:35 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\vlc
2018-10-18 11:50 - 2017-04-12 23:53 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-18 11:50 - 2017-01-14 15:46 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-18 11:50 - 2017-01-14 15:46 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-18 11:50 - 2017-01-10 20:06 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-18 11:49 - 2017-01-10 20:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-18 09:42 - 2018-08-01 18:32 - 000003132 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask-CAAA1EF5E2B54BB10C8A531B38787585
2018-10-14 03:27 - 2018-09-15 23:42 - 000000000 ____D C:\Windows\System32\Tasks\Games
2018-10-10 12:54 - 2017-11-02 13:00 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-10 12:53 - 2017-01-11 16:05 - 000000000 ____D C:\Program Files\CCleaner
2018-10-10 10:38 - 2017-11-17 12:51 - 000000000 ____D C:\Program Files\WinRAR
2018-10-10 10:35 - 2016-12-01 12:00 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-10-10 09:24 - 2017-02-28 00:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-08 11:00 - 2017-01-10 20:06 - 000000000 ____D C:\Users\Mavi\AppData\Local\Adobe.BackupByPhotoshopPortable
2018-10-08 10:35 - 2017-11-17 12:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-08 10:35 - 2017-01-02 22:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-07 12:04 - 2017-12-21 19:41 - 000000000 ____D C:\Users\Mavi\Desktop\TODO
2018-10-06 19:51 - 2017-01-11 16:17 - 000000000 ____D C:\Users\Mavi\Documents\Mavi
2018-10-06 19:45 - 2017-10-24 18:57 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-06 19:16 - 2017-03-02 23:07 - 000000000 ____D C:\Users\Mavi\Documents\VENTA
2018-10-03 13:25 - 2017-01-14 15:23 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Adobe.BackupByPhotoshopPortable
2018-10-03 12:23 - 2016-12-01 11:58 - 000000000 ____D C:\ProgramData\Adobe.BackupByPhotoshopPortable
2018-09-30 08:23 - 2017-01-08 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2018-09-26 09:04 - 2017-01-10 20:10 - 000000000 ____D C:\ProgramData\Oracle
2018-09-24 22:06 - 2018-04-22 22:32 - 000000000 ____D C:\Program Files (x86)\MyDrive Connect
2018-09-22 09:16 - 2017-02-28 00:59 - 000003984 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 09:16 - 2017-02-28 00:59 - 000003732 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-09-27 22:45 - 2017-09-27 22:45 - 000145382 _____ () C:\Users\Mavi\AppData\Roaming\throne_1200x437-1-534x437.ico
2017-11-04 21:49 - 2017-11-04 21:49 - 000140800 _____ () C:\Users\Mavi\AppData\Local\installer.dat
2018-10-07 11:25 - 2018-10-09 09:57 - 000001025 _____ () C:\Users\Mavi\AppData\Local\oobelibMkey.log
2017-11-04 21:52 - 2017-11-04 21:52 - 001900178 _____ () C:\Users\Mavi\AppData\Local\Reis.tst
2018-08-13 21:19 - 2018-08-13 22:05 - 000007607 _____ () C:\Users\Mavi\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-20 00:25

==================== End of FRST.txt ============================

#12
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Mavi (22-10-2018 15:17:00)
Running from C:\Users\Mavi\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-12-01 09:48:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2590789392-3709184063-2437184007-500 - Administrator - Disabled)
Invitado (S-1-5-21-2590789392-3709184063-2437184007-501 - Limited - Disabled)
Mavi (S-1-5-21-2590789392-3709184063-2437184007-1000 - Administrator - Enabled) => C:\Users\Mavi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Archivo Picture It! 10 de Microsoft (HKLM-x32\...\{3F262ADC-5AD2-48E5-A586-44315E04A9E2}) (Version: 10.0.0815 - Microsoft Corporation) Hidden
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.3 - Gobierno de España)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Corel PaintShop Pro X9 (HKLM-x32\...\_{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.0.1.8 - Corel Corporation)
Corel Update Manager (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.9.389 - Corel corporation) Hidden
DriverDoc (HKLM-x32\...\{650580EA-978C-4C04-81B9-BA53BB34BCBE}) (Version: 1.8.0 - Solvusoft Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Duplicate Cleaner Pro 4.1.0 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.1.0 - DigitalVolcano Software Ltd)
EPSON XP-322 323 325 Series Printer Uninstall (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
ICA (HKLM-x32\...\{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IPM_PSP_COM64 (HKLM\...\{966E78A9-AB34-4FC6-BEDA-7D3F1F42121D}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 13.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{B036CF90-EFDF-4B70-B3DE-ABAE2B8FE50F}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0815 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Mozilla Firefox 62.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 62.0.2 (x64 es-ES)) (Version: 62.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Opera Stable 56.0.3051.52 (HKLM-x32\...\Opera 56.0.3051.52) (Version: 56.0.3051.52 - Opera Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinnacle Studio 18 - Install Manager (HKLM-x32\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.10147 - Corel Corporation)
Pinnale Systems 32bit Software Keys (HKLM-x32\...\{C7FBAF9B-1E3C-4E1A-8C22-4A4FAEB641CC}_is1) (Version:  - VPP TEAM)
PSPPContent (HKLM-x32\...\{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.0.1.8 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.0.1.8 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{9722764A-D7C1-483A-931C-9C0A95D5F4EB}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.0.1.8 - Nombre de su organización) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Telegram Desktop versión 1.4.2 (HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.4.2 - Telegram Messenger LLP)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
USB2.0 UVC VGA WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10236 - Realtek Semiconductor Corp.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2590789392-3709184063-2437184007-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-21] (ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-21] (ESET)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-09-21] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028EEE8F-D508-4830-A870-AA58BA00EC7F} - \{047F0447-0C08-0D7E-7911-050C0B7F117E} -> No File <==== ATTENTION
Task: {0AD7BFBC-F8D2-4410-ACCB-052EB36B8855} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2590789392-3709184063-2437184007-1000UA => C:\Users\Mavi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0DE7F791-D6A5-4A1D-BEB2-4B64CDD43605} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-10-18] (Adobe Systems Incorporated)
Task: {125DD637-08E5-4D5A-94E9-D1F21CE524D3} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-06-21] (Corel Corporation)
Task: {14F16399-599F-4E92-A96A-420CD3742929} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {173DA8DB-053E-4238-A072-5FAE71168333} - System32\Tasks\Artendon Inc- FTP Management => C:\Windows\system32\rundll32.exe "C:\Program Files\Artendon Inc. FTP Management\Artendon Inc. FTP Management.dll",PxDLjtmqzWNE
Task: {1D708540-7132-498F-9BD8-C24C303FAC08} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe [2018-09-23] (AVAST Software)
Task: {2D7DB9F2-B7E9-4DC1-B06F-459F3C4235B6} - \Jaserpyhawuph -> No File <==== ATTENTION
Task: {320389D2-4DCE-4190-ACDF-7453CC660AEF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-28] (Dropbox, Inc.)
Task: {4656AE70-9ACB-47CD-8B1E-7902C7DDC206} - System32\Tasks\{24EDF3FD-BF4C-BC2C-7C3A-B266F17EDD0F} => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Task: {52CB4C8C-C1D5-45AF-A1F4-5903D861B9F1} - System32\Tasks\AdobeGCInvoker-1.0-Mavi-PC-Mavi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {59F73174-CB64-4D5E-B074-82280A71BCDC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-28] (Dropbox, Inc.)
Task: {6D8FE5B9-4527-452A-9CCB-9DE566E7FF3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {7B0CE9A6-FA00-4A6D-8B1B-36F27704D4A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7BCCC218-5AC9-4354-AB4D-3F4E41D08B47} - System32\Tasks\{2999CB74-5CF9-424A-85C0-E68826E53E4B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WinRAR\uninstall.exe" -d "C:\Program Files (x86)\WinRAR" -c /setup
Task: {87F389D9-C0FE-4E62-8262-4789FD12148E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {952C805E-8C25-4728-BAED-934F9862A25A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-28] (Google Inc.)
Task: {9E24A229-D036-4E47-BF72-9D36A4017242} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {AB345F47-283C-44DF-90A9-BAF17C15F499} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-28] (Google Inc.)
Task: {AC716547-B3C1-4F61-A99C-18507F7869BF} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {AD1247C4-FDC1-4F20-8303-756210026558} - System32\Tasks\CorelUpdateHelperTask-CAAA1EF5E2B54BB10C8A531B38787585 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2018-06-21] (Corel Corporation)
Task: {B1EA6256-869C-4396-818E-7355E85C0026} - System32\Tasks\{42785226-03BB-4E3A-824C-C3DD3E30ADEC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WeatherInspect\uninstaller.exe"
Task: {B241C23B-780F-4686-9CD9-A4EE2571DADC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {BF01D680-FB46-4B8E-9582-68E28AB93783} - \AM2q18BNiX -> No File <==== ATTENTION
Task: {D8089505-CBE0-4768-B058-2EA061669571} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2590789392-3709184063-2437184007-1000Core => C:\Users\Mavi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DA2FB684-1068-477E-9970-02DB05D0534C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DBD10E25-05B2-41FC-B7C9-67BFEAA64DED} - \{0E7E0F47-087A-0A04-0411-0A0F7878117D} -> No File <==== ATTENTION
Task: {EC285936-C751-4FB4-8F09-99DF3DCB5441} - System32\Tasks\Opera scheduled Autoupdate 1491656257 => C:\Program Files\Opera\launcher.exe [2018-10-17] (Opera Software)
Task: {EE7E5355-0B21-4671-A073-93465FF6F26D} - \Kaushkermse -> No File <==== ATTENTION
Task: {EFF856A6-5B51-498B-993A-973FB09046AE} - System32\Tasks\{BAD79768-8071-4C8B-A780-FD08FF226D2B} => C:\Users\Mavi\Desktop\TomTomHOME2winlatest.exe
Task: {FBA8E36B-D219-41B6-AA02-6EC41A9CFF80} - System32\Tasks\EPSON XP-322 323 325 Series Update {5E3B475A-48ED-42F3-830E-C05BC17EA35B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {5E3B475A-48ED-42F3-830E-C05BC17EA35B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNEE.EXE:/EXE:{5E3B475A-48ED-42F3-830E-C05BC17EA35B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-12-01 12:04 - 2015-06-01 22:00 - 000102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-09-20 08:46 - 2018-09-15 10:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 08:46 - 2018-09-15 10:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2017-11-12 13:11 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-11-12 13:11 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-11-12 13:11 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2017-11-12 13:11 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-11-12 13:11 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\pc2music:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-10-21 08:54 - 000000847 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{61394AD8-3428-44DB-BF18-EE62C28F0B8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D33013F1-9282-4F4F-9A1C-0D9ACEEA8042}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA007029-A42B-4051-9B80-C5B7EA14AF28}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8DBD4948-EBF5-462E-B9E6-7F2B164B68AA}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10BE1E50-4E35-4C3E-8DB6-CDB662165F4A}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAF0498D-25A8-4FE3-AD01-A931DA583A0C}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3810897-5A35-49FE-BD0D-DF3118B263B9}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93499C7D-F15D-4404-84A4-B49A4CB1136B}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAA1BA46-8D02-4746-A856-0BF67C1E6073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CC9FC952-CEDF-43D0-BBC2-61590C94F247}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7DDA74D7-2199-48DF-ADF9-4765B9E9632C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0A48F744-1434-4668-BB5A-2E5210E37FDD}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{AA24AC30-4EC9-45CB-AB80-0FC282A4BCA9}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{5F6DD36D-FBB5-47A1-AA28-B07D044903C8}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{70F9D281-642C-4655-8A48-46637C445862}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{E2CFC1B6-3C66-474E-A14F-B332CBCC6C53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C66735D2-5748-4A68-AAB0-AAC537E70163}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1B5B63F8-560E-4F56-A6AD-01270F404EC9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0BDF114D-247A-40C9-AFEF-D6A13B9EE008}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1610C5E7-7022-4A7E-B489-3B3D7ABB3BB4}] => (Allow) C:\Program Files\Opera\56.0.3051.43\opera.exe
FirewallRules: [{F85E3733-9755-40F4-81B9-0D5B2D25C6D2}] => (Allow) C:\Program Files\Opera\56.0.3051.52\opera.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

20-10-2018 10:53:35 Removed Adobe Acrobat DC.
20-10-2018 11:05:57 Installed Adobe Acrobat XI Pro.

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2018 01:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x6cc4
Hora de inicio de la aplicación con errores: 0x01d46931e50d50e7
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: 0a563d4f-d526-11e8-9f88-c86000173e04

Error: (10/21/2018 01:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x6dec
Hora de inicio de la aplicación con errores: 0x01d46932caff20d7
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: 0a535714-d526-11e8-9f88-c86000173e04

Error: (10/21/2018 01:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x6a38
Hora de inicio de la aplicación con errores: 0x01d46931e2f9362c
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: 21c72372-d525-11e8-9f88-c86000173e04

Error: (10/21/2018 01:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x6b84
Hora de inicio de la aplicación con errores: 0x01d46931e2c294ff
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: 21c6fc61-d525-11e8-9f88-c86000173e04

Error: (10/21/2018 01:30:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x4904
Hora de inicio de la aplicación con errores: 0x01d469318140dab8
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: c0178195-d524-11e8-9f88-c86000173e04

Error: (10/21/2018 01:30:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x4ac4
Hora de inicio de la aplicación con errores: 0x01d46931810792a1
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: c0072da7-d524-11e8-9f88-c86000173e04

Error: (10/21/2018 01:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x653c
Hora de inicio de la aplicación con errores: 0x01d4692e864843f0
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: c521d0b1-d521-11e8-9f88-c86000173e04

Error: (10/21/2018 01:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x6710
Hora de inicio de la aplicación con errores: 0x01d4692e745cdacd
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: c51cee9f-d521-11e8-9f88-c86000173e04


System errors:
=============
Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Spybot-S&D 2 Security Center Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Genuine Software Integrity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio DbxSvc se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Corel License Validation Service V2, Powered by arvato se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Spybot-S&D 2 Updating Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Corel License Validation Service V2 x64, Powered by arvato se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (10/21/2018 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Epson Scanner Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2017-03-15 14:24:49.746
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{A2B7964C-0570-4283-8B59-20A16A2E54AE}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Mavi-PC\Mavi

CodeIntegrity:
===================================

Date: 2018-10-22 12:46:57.057
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:56.464
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:56.026
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:55.402
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:54.823
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:54.372
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-05-10 21:34:00.497
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-05-10 21:34:00.497
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 25%
Total physical RAM: 7968.06 MB
Available physical RAM: 5896.95 MB
Total Virtual: 15934.26 MB
Available Virtual: 13943.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:304.36 GB) (Free:86.55 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:394.18 GB) (Free:209.14 GB) NTFS
Drive g: () (Removable) (Total:14.81 GB) (Free:12.06 GB) FAT32

\\?\Volume{467a7cfa-b7a8-11e6-b73d-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: E3102A4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=304.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 8EB87865)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

#13

Te falta el log de Hitman y pega también el de Mbar aunque no detectase nada, por favor


#14
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.10.22.03
  rootkit: v2018.10.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19155
Mavi :: MAVI-PC [administrator]

22/10/2018 12:41:07
mbar-log-2018-10-22 (12-41-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 230083
Time elapsed: 41 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.19155

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8355115008, free: 4871426048

Downloaded database version: v2018.10.22.03
Downloaded database version: v2018.10.22.03
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     10/22/2018 12:40:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em006_64\1196\em006_64.dll
\??\C:\Program Files\ESET\ESET NOD32 Antivirus\Modules\em018k_64\1540\em018k_64.dll
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\5116D726.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.10.22.03
  rootkit: v2018.10.22.03

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008372790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083722c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008372790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80082829d0, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8007c45100, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007c459c0, DeviceName: \Device\0000006c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E3102A4B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 638281728
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 638488576  Numsec = 826654720
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800c387790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800c3c3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800c387790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a97d040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800bccd060, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8EB87865

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 31088608
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 15917383680 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-638488576-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
HitmanPro 3.8.0.295
www.hitmanpro.com

   Computer name . . . . : MAVI-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Mavi-PC\Mavi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-10-22 13:50:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.745.364
   Files scanned . . . . : 42.069
   Remnants scanned  . . : 367.638 files / 1.335.657 keys

Suspicious files ____________________________________________________________

   C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\Acrobat.dll
      Size . . . . . . . : 31.534.728 bytes
      Age  . . . . . . . : 2.0 days (2018-10-20 13:27:21)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : A0FBE3A7289D6FB032551F32E83E63484227F2D014A73E21EE9B83141BD05514
      Product  . . . . . : Adobe Acrobat
      Publisher  . . . . : Adobe Systems Incorporated
      Description  . . . : Adobe Acrobat 
      Version  . . . . . : 11.0.0.379
      Copyright  . . . . : Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 24.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\amtlib.dll
      Size . . . . . . . : 1.823.368 bytes
      Age  . . . . . . . : 2.0 days (2018-10-20 13:27:37)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 7FFE5D59CD7932745C49FF4F02187682C5F4D7F8F81E51BCDDEE7A54DED56E78
      Product  . . . . . : AMTLib
      Publisher  . . . . : Adobe Systems, Incorporated
      Description  . . . : AMT Licensing
      Version  . . . . . : 6.2.0.42
      Copyright  . . . . : Copyright 2006-2012 Adobe Systems Incorporated. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.



#15

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [0 ] (AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f2] => C:\ProgramData\WlNAgat\dc85d83f.exe [937776 2018-10-22] (AutoIt Team)
C:\ProgramData\WlNAgat
C:\ProgramData\dc85d83f
Startup: C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdc85d83f2db73c8e70c270b7fa8a3fb.lnk [2018-10-21]
ShortcutTarget: bdc85d83f2db73c8e70c270b7fa8a3fb.lnk -> C:\MAVI-PC\iiwtvmhgfq.exe (AutoIt Team)
GroupPolicy: Restriction - Firefox <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
2018-10-22 15:16 - 2018-10-22 15:16 - 000000000 ____D C:\ProgramData\nWjkROdAr
2018-10-09 09:57 - 2018-10-09 09:57 - 000000040 ____H C:\331FF0D3E3DD
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
Task: {028EEE8F-D508-4830-A870-AA58BA00EC7F} - \{047F0447-0C08-0D7E-7911-050C0B7F117E} -> No File <==== ATTENTION
Task: {2D7DB9F2-B7E9-4DC1-B06F-459F3C4235B6} - \Jaserpyhawuph -> No File <==== ATTENTION
Task: {4656AE70-9ACB-47CD-8B1E-7902C7DDC206} - System32\Tasks\{24EDF3FD-BF4C-BC2C-7C3A-B266F17EDD0F} => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Task: {BF01D680-FB46-4B8E-9582-68E28AB93783} - \AM2q18BNiX -> No File <==== ATTENTION
Task: {DBD10E25-05B2-41FC-B7C9-67BFEAA64DED} - \{0E7E0F47-087A-0A04-0411-0A0F7878117D} -> No File <==== ATTENTION
Task: {EE7E5355-0B21-4671-A073-93465FF6F26D} - \Kaushkermse -> No File <==== ATTENTIO
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\pc2music:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#16

El problema es muy aleatorio por lo que no te puedo asegurar todavía que se haya solucionado. Te paso el Log

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Mavi (25-10-2018 12:26:38) Run:1
Running from C:\Users\Mavi\Desktop
Loaded Profiles: Mavi (Available Profiles: Mavi)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [0 ] (AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f2] => C:\ProgramData\WlNAgat\dc85d83f.exe [937776 2018-10-22] (AutoIt Team)
C:\ProgramData\WlNAgat
C:\ProgramData\dc85d83f
Startup: C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdc85d83f2db73c8e70c270b7fa8a3fb.lnk [2018-10-21]
ShortcutTarget: bdc85d83f2db73c8e70c270b7fa8a3fb.lnk -> C:\MAVI-PC\iiwtvmhgfq.exe (AutoIt Team)
GroupPolicy: Restriction - Firefox <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
2018-10-22 15:16 - 2018-10-22 15:16 - 000000000 ____D C:\ProgramData\nWjkROdAr
2018-10-09 09:57 - 2018-10-09 09:57 - 000000040 ____H C:\331FF0D3E3DD
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
Task: {028EEE8F-D508-4830-A870-AA58BA00EC7F} - \{047F0447-0C08-0D7E-7911-050C0B7F117E} -> No File <==== ATTENTION
Task: {2D7DB9F2-B7E9-4DC1-B06F-459F3C4235B6} - \Jaserpyhawuph -> No File <==== ATTENTION
Task: {4656AE70-9ACB-47CD-8B1E-7902C7DDC206} - System32\Tasks\{24EDF3FD-BF4C-BC2C-7C3A-B266F17EDD0F} => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Task: {BF01D680-FB46-4B8E-9582-68E28AB93783} - \AM2q18BNiX -> No File <==== ATTENTION
Task: {DBD10E25-05B2-41FC-B7C9-67BFEAA64DED} - \{0E7E0F47-087A-0A04-0411-0A0F7878117D} -> No File <==== ATTENTION
Task: {EE7E5355-0B21-4671-A073-93465FF6F26D} - \Kaushkermse -> No File <==== ATTENTIO
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\pc2music:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dc85d83f" => removed successfully
"HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dc85d83f2" => removed successfully
"C:\ProgramData\WlNAgat" => not found
C:\ProgramData\dc85d83f => moved successfully
C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdc85d83f2db73c8e70c270b7fa8a3fb.lnk => moved successfully
C:\MAVI-PC\iiwtvmhgfq.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => removed successfully
dbx => service removed successfully
"C:\ProgramData\nWjkROdAr" => not found
C:\331FF0D3E3DD => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{028EEE8F-D508-4830-A870-AA58BA00EC7F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{028EEE8F-D508-4830-A870-AA58BA00EC7F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{047F0447-0C08-0D7E-7911-050C0B7F117E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D7DB9F2-B7E9-4DC1-B06F-459F3C4235B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D7DB9F2-B7E9-4DC1-B06F-459F3C4235B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jaserpyhawuph" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4656AE70-9ACB-47CD-8B1E-7902C7DDC206}" => not found
"C:\Windows\System32\Tasks\{24EDF3FD-BF4C-BC2C-7C3A-B266F17EDD0F}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24EDF3FD-BF4C-BC2C-7C3A-B266F17EDD0F}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF01D680-FB46-4B8E-9582-68E28AB93783}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF01D680-FB46-4B8E-9582-68E28AB93783}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AM2q18BNiX" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD10E25-05B2-41FC-B7C9-67BFEAA64DED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD10E25-05B2-41FC-B7C9-67BFEAA64DED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E7E0F47-087A-0A04-0411-0A0F7878117D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE7E5355-0B21-4671-A073-93465FF6F26D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE7E5355-0B21-4671-A073-93465FF6F26D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kaushkermse" => removed successfully
C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg => ":SummaryInformation" ADS could not remove.
C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg => ":Updt_SummaryInformation" ADS could not remove.
C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Mavi\Desktop\pc2music => ":com.dropbox.attributes" ADS could not remove.
"C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg" => ":Updt_SummaryInformation" ADS not found.
"C:\Users\Mavi\Desktop\R20180811_151115_1534021609490R.jpg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de red inal mbrica 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : home
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.96
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Reusable ISATAP Interface {8CD0F1AB-A862-479C-B71B-724B4DA048C6}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12974683 B
Java, Flash, Steam htmlcache => 1389 B
Windows/system/drivers => 742499 B
Edge => 0 B
Chrome => 173081719 B
Firefox => 28696466 B
Opera => 191412 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 54175 B
LocalService => 99141 B
NetworkService => 33125 B
Mavi => 3373906 B
DefaultAppPool => 0 B

RecycleBin => 3030210 B
EmptyTemp: => 212 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:27:36 ====

#17

Prueba bien el pc y comentas como va


#18

De acuerdo, en unos dias te cuento.

Que puedo borrar de todo esto en mi PC ??


#19

No te preocupes, cuando finalicemos el tema, te diré que hacer con ellas


#20

Hola, en todos estos días desde la ultima pauta, ESET no me ha vuelto a lanzar ningún mensaje de tipo que nos ocupa.