Win64 / CoinMiner

#1

Mi ESET me lanza el siguiente mensaje : Win64 / CoinMiner.DN archivo: memoria operativa =systeminfo.exe(2264)

le doy a desinfectar y me dice que reinicie la pc para terminar el proceso pero aunque lo haga, vuelve a salir de forma repetitiva.

Sugerencias? Gracias

0 me gusta

#2

Hola Carol:

Para eliminar el maleware correctamente, sigue los pasos indicados en este Tema:

Analizar PC en busca de Malewares

1 me gusta

#3

Gracias, me pondré a ello y os cuento!!! :wink:

0 me gusta

#4
[B]~~~~~~~~~~~| Inicio: [/B]

*IFS (InfoSpyware First Steps) v 1.3
*www.InfoSpyware.com | www.ForoSpyware.com
*Iniciado: 05/04/2019 a las 18h.25m.20s

[B]~~~~~~~~~~~|  Información del Sistema:[/B]

OS: Microsoft Windows 7 Professional  x64 Service Pack 1
Idioma: Spanish (Spain, International Sort) (España|es-ES)
Permisos de Administrador / ON
Windows se Inició en   Modo Normal
Drive: C:\Windows (Install: \Device\HarddiskVolume2)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: ASUSTeK Computer Inc.
CPU Modelo: K53SD
Procesador: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (x64-BasedPC)
Memoria RAM: 8 Gb. En Uso: 51 %
Video: Intel(R) HD Graphics 3000
Chip: Intel(R) HD Graphics Family Capacidad video:-1860 MB (Internal)

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|] - [304.3 Gb][43.8 Gb][260.5 Gb]
D: [FIXED|NTFS|Nuevo vol] - [394.2 Gb][209.1 Gb][185.0 Gb]
I: [REMOVABLE|FAT32|] - [31.10 Gb][15.1 Gb][16.8 Gb]
E: [CDROM]
[COLOR=#FF0000][B]C:\ Fragmentación total 10.45% - Desfragmentar unidad [/B][/COLOR]
D:\ Fragmentación total 0.00% - Correcto

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto
Security Center: Correcto (Servicio Activo)
Windows Update: [COLOR=#FF0000][B]El servicio no está activo[/B][/COLOR] [LST: 2019-04-05 07:26:34][LD: 2019-03-13 09:43:05][LI: 2019-02-22 10:01:31][NDT: 2019-04-06 01:08:18][LRP: 2019-02-22 10:01:31]
AV: ESET Security *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualizado*
SP: Spybot - Search and Destroy *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / [COLOR=#FF0000][B]Actualizar[/B][/COLOR]*
SP: ESET Security *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualizado*
SP: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualizado*
FW: Windows Firewall * [COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR]*

[B]~~~~~~~~~~~|  Update Check[/B]

Internet Explorer Versión Instalada 11
Mozilla FireFox Versión Instalada 64.0.2
Google Chrome Versión Instalada 73.0.3683.86
Adobe Flash Player Versión Instalada 27.0

[B]~~~~~~~~~~~| Process List[/B] 

egui.exe (Productos Eset)
ekrn.exe (Productos Eset)

[B]~~~~~~~~~~~| Install Check[/B] 


CCleaner [5.47]
ESET Security [11.1.54.0]

[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run(x64): [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\Run(x64): [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe" /launch /hide /proxy
HKLM\Run(x64): [IgfxTray] "C:\Windows\system32\igfxtray.exe"
HKLM\Run(x64): [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
HKLM\Run(x64): [Persistence] "C:\Windows\system32\igfxpers.exe"
HKLM\Run(x64): [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\Run(x64): [AdobeGCInvoker-1.0] "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
HKLM\Run(x64): [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
HKLM\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
HKLM\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\Run: [Opera Browser Assistant] C:\Program Files\Opera\assistant\browser_assistant.exe
HKLM\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-322 323 325 Series" /EF "HKCU"
HKLM\Run: [dc85d83f] C:\ProgramData\dc85d83f\dc85d83f.exe C:\ProgramData\dc85d83f\dc85d83ftest.au3
Winlogon(x64): Shell = explorer.exe
Winlogon: Shell = explorer.exe
Userinit(x64): Userinit = userinit.exe,
Userinit: Userinit = userinit.exe,

[HKCR\.\.open\command] -> Navegador Preferido es Google Chrome

[B]~~~~~~~~~~~| PUPs Check[/B]


[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[04/04/2019 20:31] - C:\Windows\wininit.ini

[B]~~~~~~~~~~~| C:\Windows\Tasks:[/B]

[28/02/2017 00:59] - C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
[28/02/2017 00:59] - C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
[11/02/2018 17:28] - C:\Windows\Tasks\EPSON XP-322 323 325 Series Update {5E3B475A-48ED-42F3-830E-C05BC17EA35B}.job

[B]~~~~~~~~~~~| End Report[/B]
*Finalizado 18:28:58
*Se limpiaron los archivos temporales
*[1599815] C:\Users\Mavi\Desktop\IFS.exe
*Herramienta de Análisis e investigación

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 5/4/19
Hora del análisis: 18:32
Archivo de registro: 6c72cae5-57c0-11e9-b041-c86000173e04.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10016
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Mavi-PC\Mavi

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 272284
Amenazas detectadas: 3
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 54 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3


PUP.Optional.InstallCore.Generic, C:\USERS\MAVI\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\aTube Catcher.lnk, Sin acciones por parte del usuario, [547], [621110],1.0.10016
PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\ATUBE CATCHER 2.0\YCT.EXE, Sin acciones por parte del usuario, [547], [621110],1.0.10016

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Informe de ZHPCleaner
~ ZHPCleaner v2019.4.5.43 by Nicolas Coolman (2019/04/05)
~ Run by Mavi (Administrator)  (06/04/2019 12:25:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Mavi\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Mavi\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (8)
MOVIDO carpeta: C:\Windows\Installer\887eca.msp    =>.SUP.Obsolete.Adobe
MOVIDO archivo: C:\Users\Mavi\AppData\Local\MSfree Inc  =>HackTool.WinActivator
MOVIDO archivo: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
MOVIDO archivo: C:\Users\Mavi\AppData\LocalLow\Brother  =>.SUP.Empty

---\  Registro ( Claves, Valores, Datos) (5)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06ECA6F2C5509064B9330FEB9AEA519E [C:\Program Files (x86)\Solvusoft\DriverDoc\Notification.dll (Not File)]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\072A0AE032C063BDD36BCF46BDC35F0C [C:\Program Files (x86)\Solvusoft\DriverDoc\HTML\gfx\account\ (Not File)]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B51C13962E8BF49BAFEA042FB2D4A6 [C?\Program Files (x86)\Solvusoft\Tray\SuiteClient.dll]  =>.SUP.Solvusoft
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{650580EA-978C-4C04-81B9-BA53BB34BCBE} [Solvusoft Corporation]  =>.SUP.Solvusoft

---\  Resumen de elementos en su estación de trabajo (6)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Solvusoft

---\ Limpieza adicional. (10)
~ Clave de registro Tracing borrados (10)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito

---\ STATISTIQUES
~ Items escaneado : 1226
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h00mn26s

---\  Reporte (2)
ZHPCleaner-[S]-06042019-12_22_20.txt
ZHPCleaner-[R]-06042019-12_26_22.txt
0 me gusta

#5

Me falta los informes del ESET y Adware Cleaner. Por favor cuando puedas los ejecutar y me los pasas. Ah y sigue correctamente las instrucciones para enviar los informes porque se hace muy dificil de leer si no las sigues. En una linea debes escribir SOLAMENTE imagen . Pulsas Enter y luego pegas tu informe. Luego pulsas Enter y en la última linea debes escribir SOLAMENTE imagen

1 me gusta

#6
06/04/2019 11:59:26
Archivos analizados: 298662
Archivos infectados: 6
Amenazas desinfectadas: 6
Tiempo total de análisis 02:02:28
Estado del análisis: Finalizado
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-06-2019
# Duration: 00:00:12
# OS:       Windows 7 Professional
# Scanned:  27253
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
0 me gusta

Conectar el pendrive
#7

¡Ahora sí ha llegado correctamente formateado los informes! :wink:

Ahora vamos a realizar una limpieza de basura:

Para limpiar la basura de su equipo, realiza los pasos de este mensaje del foro :

1 me gusta

#8

realizados todos los pasos, sigue saltandome la ventana de nod32 >> aplicacion potencialmente no deseada. (win64/CoinMiner.DN) archivo memoria operativa systeminfo.exe(4596). Da la opción de desinfectar y al hacerlo me pide reiniciar. Lo hago pero vuelve a salir la ventana comentada sin más opciones (ni siquiera la de cerrarla.

0 me gusta

#9

Hola chicos y permiso:

@carol

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

1 me gusta

#10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Mavi (administrator) on MAVI-PC (07-04-2019 21:01:20)
Running from C:\Users\Mavi\Desktop
Loaded Profiles: Mavi (Available Profiles: Mavi & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(AutoIt Team) [File not signed] C:\Users\Mavi\AppData\Local\Temp\systeminfo.exe
(Raúl Argente) [File not signed] C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18368512 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [177928 2019-04-03] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2480728 2019-03-22] (Opera Software AS -> Opera Software)
HKLM-x32\...\Run: [ArgenteRC] => C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe [2842112 2016-03-13] (Raúl Argente) [File not signed]
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2019-03-25] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [937776 2019-04-07] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\RunOnce: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [937776 2019-04-07] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-26] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0A623B7B-40EC-4CED-A5EF-D572E22320C8}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0A623B7B-40EC-4CED-A5EF-D572E22320C8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0F7DEDFE-3D72-4082-94FA-E40E628BBCE4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{140542A6-736D-470E-9844-81C7DFD47FDF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{140542A6-736D-470E-9844-81C7DFD47FDF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F94776C7-D1F3-49BD-9988-CF03FD2A7A8E}: [NameServer] 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2590789392-3709184063-2437184007-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: nup6skaj.default
FF ProfilePath: C:\Users\Mavi\AppData\Roaming\TomTom\HOME\Profiles\qkyt918m.default [2018-04-22]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default [2019-04-07]
FF Homepage: Mozilla\Firefox\Profiles\nup6skaj.default -> www.google.es/
FF Extension: (uBlock Origin) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\Extensions\[email protected] [2019-02-05]
FF Extension: (DownThemAll!) - C:\Users\Mavi\AppData\Roaming\Mozilla\Firefox\Profiles\nup6skaj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-05-10] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-19] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-19] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-2590789392-3709184063-2437184007-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]

Chrome: 
=======
CHR Profile: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default [2019-04-07]
CHR Extension: (Google Drive) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-11]
CHR Extension: (YouTube) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-11]
CHR Extension: (uBlock Origin) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-04-03]
CHR Extension: (Angels Heaven) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebggokncjhegpmpkjcjanmcmbegobpao [2018-05-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-03-12]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2018-11-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-20]
CHR Extension: (Gmail) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-03]
CHR Profile: C:\Users\Mavi\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

Opera: 
=======
OPR Extension: (Fast search) - C:\Users\Mavi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-28] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2359312 2019-04-03] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2359312 2019-04-03] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [128488 2011-06-02] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [401896 2011-06-02] (MCCI Internal Testing Software -> ASMedia Technology Inc)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [145600 2019-04-03] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188240 2019-04-03] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [110000 2019-04-03] (ESET, spol. s r.o. -> ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2019-04-07] (Glarysoft LTD -> Glarysoft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-10] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-07] (Malwarebytes Corporation -> Malwarebytes)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8244312 2013-06-19] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 21:01 - 2019-04-07 21:02 - 000024017 _____ C:\Users\Mavi\Desktop\FRST.txt
2019-04-07 21:01 - 2019-04-07 21:01 - 000000000 ____D C:\FRST
2019-04-07 20:07 - 2019-04-07 20:07 - 002434048 _____ (Farbar) C:\Users\Mavi\Desktop\FRST64 (1).exe
2019-04-07 14:53 - 2019-04-07 14:53 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-07 14:41 - 2019-04-07 14:41 - 000028936 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2019-04-07 14:41 - 2019-04-07 14:41 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2019-04-07 14:41 - 2019-04-07 14:41 - 000001044 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2019-04-07 14:41 - 2019-04-07 14:41 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\GlarySoft
2019-04-07 14:41 - 2019-04-07 14:41 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\DiskDefrag
2019-04-07 14:41 - 2019-04-07 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2019-04-07 14:40 - 2019-04-07 14:41 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-04-07 14:39 - 2019-04-07 14:39 - 017563064 _____ (Glarysoft Ltd) C:\Users\Mavi\Desktop\gu5setup.exe
2019-04-07 13:53 - 2019-04-07 14:38 - 000000000 ____D C:\Program Files\Argente - Registry Cleaner
2019-04-07 13:53 - 2019-04-07 13:53 - 000000943 _____ C:\Users\Public\Desktop\Argente - Registry Cleaner.lnk
2019-04-07 13:53 - 2019-04-07 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente - Registry Cleaner
2019-04-07 13:48 - 2019-04-07 13:48 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-06 19:42 - 2019-04-06 19:42 - 000000000 ____D C:\ProgramData\dc85d83f
2019-04-06 19:37 - 2019-04-06 19:37 - 000000000 ____D C:\ProgramData\bpsreS
2019-04-06 12:29 - 2019-04-06 12:29 - 000004035 _____ C:\Users\Mavi\Desktop\Informe de ZHPCleaner.txt
2019-04-06 12:26 - 2019-04-06 12:26 - 000004012 _____ C:\Users\Mavi\Desktop\ZHPCleaner (R).txt
2019-04-06 12:22 - 2019-04-06 12:22 - 000003997 _____ C:\Users\Mavi\Desktop\ZHPCleaner (S).txt
2019-04-06 12:14 - 2019-04-06 12:26 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\ZHP
2019-04-06 12:14 - 2019-04-06 12:14 - 000000791 _____ C:\Users\Mavi\Desktop\ZHPCleaner.lnk
2019-04-06 12:14 - 2019-04-06 12:14 - 000000000 ____D C:\Users\Mavi\AppData\Local\ZHP
2019-04-06 12:13 - 2019-04-06 12:13 - 003126144 _____ C:\Users\Mavi\Desktop\ZHPCleaner.exe
2019-04-06 12:11 - 2019-04-06 12:11 - 000001257 _____ C:\Users\Mavi\Desktop\AdwCleaner[S00].txt
2019-04-06 12:08 - 2019-04-06 12:09 - 000000000 ____D C:\AdwCleaner
2019-04-06 12:07 - 2019-04-06 12:07 - 007025360 _____ (Malwarebytes) C:\Users\Mavi\Desktop\adwcleaner_7.3.exe
2019-04-06 11:59 - 2019-04-06 11:59 - 000000338 _____ C:\Users\Mavi\Desktop\eset online.txt
2019-04-06 05:57 - 2019-04-06 05:57 - 007665272 _____ (ESET spol. s r.o.) C:\Users\Mavi\Desktop\esetonlinescanner_esn.exe
2019-04-05 22:30 - 2019-04-05 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-05 18:38 - 2019-04-05 18:41 - 000001865 _____ C:\Users\Mavi\Desktop\Malwarebytes.txt
2019-04-05 18:21 - 2019-04-05 18:22 - 001599815 _____ C:\Users\Mavi\Desktop\IFS.exe
2019-04-04 20:31 - 2019-04-04 20:31 - 000000085 _____ C:\Windows\wininit.ini
2019-04-03 22:59 - 2019-04-03 22:59 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-04-03 11:35 - 2017-08-09 11:26 - 000004435 _____ C:\Users\Mavi\Desktop\license.lf
2019-03-28 19:42 - 2019-04-07 13:11 - 000003132 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask-CAAA1EF5E2B54BB10C8A531B38787585
2019-03-27 11:21 - 2019-03-27 11:21 - 000004024 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1553678500
2019-03-24 20:43 - 2019-03-24 20:44 - 000000000 ____D C:\tjwifroqnt__
2019-03-21 14:56 - 2019-03-21 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-03-16 20:27 - 2019-03-16 20:33 - 1779040256 _____ C:\Users\Mavi\Desktop\La Hora Señalada [BluRay Rip][AC3 2.0 Español Castellano][2018].avi
2019-03-16 11:31 - 2019-03-16 11:54 - 1769078784 _____ C:\Users\Mavi\Desktop\M4zeHDR.DIVXTOTAL.avi
2019-03-16 11:29 - 2019-03-16 11:53 - 1658259456 _____ C:\Users\Mavi\Desktop\10x10 [BluRay Rip][AC3 5.1 Castellano][2018][www.descargas2020.com].avi
2019-03-16 11:27 - 2019-03-16 11:47 - 2742261406 _____ C:\Users\Mavi\Desktop\Operacion Final [BluRay Rip][AC3 5.1 Castellano][2018][www.descargas2020.com].avi
2019-03-16 11:22 - 2019-03-16 11:55 - 1817987072 _____ C:\Users\Mavi\Desktop\The Keeping Hours [BluRay Rip][AC3 5.1 Castellano][2018][www.descargas2020.com].avi
2019-03-16 11:20 - 2019-03-16 11:28 - 1992132608 _____ C:\Users\Mavi\Desktop\Siberia [BluRayRIP][AC3 5.1 Castellano][2018][www.torrentrapid.com].avi
2019-03-13 13:20 - 2019-03-13 13:20 - 000096683 _____ C:\Users\Mavi\Desktop\Impuesto circulacion Francecs 2019.pdf
2019-03-12 13:13 - 2019-03-12 13:13 - 000095175 _____ C:\Users\Mavi\Desktop\Impuesto circulacion Mavi 2019.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 20:29 - 2017-01-02 22:07 - 000000000 ____D C:\Users\Mavi\AppData\LocalLow\Mozilla
2019-04-07 20:27 - 2017-02-28 00:59 - 000000988 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-04-07 17:46 - 2017-02-28 10:00 - 000000000 ___RD C:\Users\Mavi\Dropbox
2019-04-07 17:29 - 2017-01-11 15:39 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\uTorrent
2019-04-07 17:28 - 2017-10-31 23:17 - 000000000 ____D C:\Users\Mavi\AppData\Local\CrashDumps
2019-04-07 17:26 - 2017-02-01 17:32 - 000000000 ___RD C:\Users\Mavi\Desktop\Descargas
2019-04-07 17:10 - 2017-02-28 00:59 - 000000984 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-04-07 15:28 - 2009-07-14 06:45 - 000035360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-07 15:28 - 2009-07-14 06:45 - 000035360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-07 14:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-07 14:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-04-07 14:45 - 2017-08-23 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2019-04-07 14:45 - 2017-01-08 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2019-04-07 13:48 - 2017-11-02 13:00 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-04-07 13:48 - 2017-01-11 16:05 - 000000000 ____D C:\Program Files\CCleaner
2019-04-07 13:28 - 2018-10-14 12:39 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\1b56771ce39dab34de1448b88e12b38f
2019-04-06 19:44 - 2018-10-09 09:56 - 000000000 ____D C:\Users\Mavi\AppData\Local\Adobe
2019-04-06 19:44 - 2017-04-12 23:53 - 000004496 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-04-06 19:44 - 2017-01-14 15:46 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-06 19:44 - 2017-01-14 15:46 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-06 19:44 - 2017-01-10 20:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-06 19:44 - 2017-01-10 20:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-06 19:39 - 2017-11-12 13:11 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-04-05 22:30 - 2017-02-28 00:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-05 18:29 - 2017-03-10 14:05 - 000000000 ____D C:\FSTool
2019-04-05 11:51 - 2017-07-07 13:06 - 000000310 _____ C:\Users\Mavi\Documents\Ctas.txt
2019-04-05 10:46 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-04-05 10:23 - 2009-07-14 11:31 - 000816658 _____ C:\Windows\system32\perfh00A.dat
2019-04-05 10:23 - 2009-07-14 11:31 - 000186528 _____ C:\Windows\system32\perfc00A.dat
2019-04-05 10:23 - 2009-07-14 07:13 - 001854082 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-04 20:31 - 2017-11-12 13:11 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-04-03 11:59 - 2018-04-12 16:26 - 000110000 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2019-04-03 11:59 - 2013-09-17 15:17 - 000188240 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2019-04-03 11:59 - 2013-09-17 15:17 - 000145600 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2019-04-03 11:13 - 2019-02-11 00:04 - 000000000 ____D C:\Program Files (x86)\Origin
2019-04-02 20:07 - 2017-10-24 13:35 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\vlc
2019-03-31 10:22 - 2017-04-08 14:57 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491656257
2019-03-31 10:22 - 2017-04-08 14:56 - 000000000 ____D C:\Program Files\Opera
2019-03-28 00:04 - 2017-02-28 00:51 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 00:04 - 2017-02-28 00:51 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 18:09 - 2017-10-31 16:59 - 000000000 ____D C:\Program Files (x86)\Corel
2019-03-26 11:15 - 2017-11-11 14:54 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-22 20:19 - 2019-02-23 12:06 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-21 14:56 - 2017-01-20 14:52 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2019-03-21 13:43 - 2017-09-13 21:21 - 000000000 ____D C:\Users\Mavi\AppData\Local\ElevatedDiagnostics
2019-03-12 13:11 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-03-09 19:14 - 2018-10-10 09:42 - 000000000 ____D C:\Users\Mavi\AppData\Roaming\Telegram Desktop

==================== Files in the root of some directories =======

2017-09-27 22:45 - 2017-09-27 22:45 - 000145382 _____ () C:\Users\Mavi\AppData\Roaming\throne_1200x437-1-534x437.ico
2017-11-04 21:49 - 2017-11-04 21:49 - 000140800 _____ () C:\Users\Mavi\AppData\Local\installer.dat
2018-10-07 11:25 - 2018-10-09 09:57 - 000001025 _____ () C:\Users\Mavi\AppData\Local\oobelibMkey.log
2017-11-04 21:52 - 2017-11-04 21:52 - 001900178 _____ () C:\Users\Mavi\AppData\Local\Reis.tst
2018-08-13 21:19 - 2018-08-13 22:05 - 000007607 _____ () C:\Users\Mavi\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-04-03 11:06 - 2019-04-07 17:10 - 001060864 _____ (AutoIt Team) C:\Users\Mavi\AppData\Local\Temp\systeminfo.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-03 15:47

==================== End of FRST.txt ============================
0 me gusta

#11
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Mavi (07-04-2019 21:03:17)
Running from C:\Users\Mavi\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-12-01 09:48:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2590789392-3709184063-2437184007-500 - Administrator - Disabled)
Invitado (S-1-5-21-2590789392-3709184063-2437184007-501 - Limited - Disabled)
Mavi (S-1-5-21-2590789392-3709184063-2437184007-1000 - Administrator - Enabled) => C:\Users\Mavi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Archivo Picture It! 10 de Microsoft (HKLM-x32\...\{3F262ADC-5AD2-48E5-A586-44315E04A9E2}) (Version: 10.0.0815 - Microsoft Corporation) Hidden
Argente - Registry Cleaner 3.1.2.0 (HKLM\...\Argente - Registry Cleaner_is1) (Version: 3.1.2.0 - Raúl Argente)
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.3 - Gobierno de España)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Corel PaintShop Pro X9 (HKLM-x32\...\_{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.0.1.8 - Corel Corporation)
Corel Update Manager (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.10.442 - Corel corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Duplicate Cleaner Pro 4.1.0 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.1.0 - DigitalVolcano Software Ltd)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON XP-322 323 325 Series Printer Uninstall (HKLM\...\EPSON XP-322 323 325 Series) (Version:  - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Glary Utilities 5.116 (HKLM-x32\...\Glary Utilities 5) (Version: 5.116.0.141 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
ICA (HKLM-x32\...\{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IPM_PSP_COM64 (HKLM\...\{966E78A9-AB34-4FC6-BEDA-7D3F1F42121D}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 13.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.0 - KLCP)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{B036CF90-EFDF-4B70-B3DE-ABAE2B8FE50F}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Mozilla Firefox 64.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 64.0.2 (x64 es-ES)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Opera Stable 58.0.3135.127 (HKLM-x32\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinnacle Studio 18 - Install Manager (HKLM-x32\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.10147 - Corel Corporation)
Pinnale Systems 32bit Software Keys (HKLM-x32\...\{C7FBAF9B-1E3C-4E1A-8C22-4A4FAEB641CC}_is1) (Version:  - VPP TEAM)
PSPPContent (HKLM-x32\...\{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.0.1.8 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.0.1.8 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{9722764A-D7C1-483A-931C-9C0A95D5F4EB}) (Version: 19.0.1.8 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Setup (HKLM-x32\...\{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.0.1.8 - Nombre de su organización) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Telegram Desktop version 1.5.8 (HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.8 - Telegram Messenger LLP)
TomTom MyDrive Connect 4.2.3.3625 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.3.3625 - TomTom)
USB2.0 UVC VGA WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10236 - Realtek Semiconductor Corp.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2590789392-3709184063-2437184007-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-11] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-11] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2019-04-03] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-11] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AD7BFBC-F8D2-4410-ACCB-052EB36B8855} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2590789392-3709184063-2437184007-1000UA => C:\Users\Mavi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0DE7F791-D6A5-4A1D-BEB2-4B64CDD43605} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {125DD637-08E5-4D5A-94E9-D1F21CE524D3} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe (Corel Corporation -> Corel Corporation)
Task: {173DA8DB-053E-4238-A072-5FAE71168333} - System32\Tasks\Artendon Inc- FTP Management => C:\Windows\system32\rundll32.exe "C:\Program Files\Artendon Inc. FTP Management\Artendon Inc. FTP Management.dll",PxDLjtmqzWNE
Task: {1D708540-7132-498F-9BD8-C24C303FAC08} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {320389D2-4DCE-4190-ACDF-7453CC660AEF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {52CB4C8C-C1D5-45AF-A1F4-5903D861B9F1} - System32\Tasks\AdobeGCInvoker-1.0-Mavi-PC-Mavi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {59F73174-CB64-4D5E-B074-82280A71BCDC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {6D8FE5B9-4527-452A-9CCB-9DE566E7FF3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711AC38F-1BBE-48A6-99A5-9C61D6CEBB1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BCCC218-5AC9-4354-AB4D-3F4E41D08B47} - System32\Tasks\{2999CB74-5CF9-424A-85C0-E68826E53E4B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WinRAR\uninstall.exe" -d "C:\Program Files (x86)\WinRAR" -c /setup
Task: {87F389D9-C0FE-4E62-8262-4789FD12148E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {8FDDA8FB-21F0-487C-ABEC-10C677488E65} - System32\Tasks\Opera scheduled assistant Autoupdate 1553678500 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {952C805E-8C25-4728-BAED-934F9862A25A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9E24A229-D036-4E47-BF72-9D36A4017242} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {AB345F47-283C-44DF-90A9-BAF17C15F499} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AC716547-B3C1-4F61-A99C-18507F7869BF} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B1EA6256-869C-4396-818E-7355E85C0026} - System32\Tasks\{42785226-03BB-4E3A-824C-C3DD3E30ADEC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WeatherInspect\uninstaller.exe"
Task: {C774136B-A672-42E6-9B2A-9CA5F1C0ADA9} - System32\Tasks\CorelUpdateHelperTask-CAAA1EF5E2B54BB10C8A531B38787585 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe (Corel Corporation -> Corel Corporation)
Task: {D6BB8E15-0046-430F-9DA4-79A2EEECBB79} - System32\Tasks\Opera scheduled Autoupdate 1491656257 => C:\Program Files\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {D8089505-CBE0-4768-B058-2EA061669571} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2590789392-3709184063-2437184007-1000Core => C:\Users\Mavi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {EFF856A6-5B51-498B-993A-973FB09046AE} - System32\Tasks\{BAD79768-8071-4C8B-A780-FD08FF226D2B} => C:\Users\Mavi\Desktop\TomTomHOME2winlatest.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2019-04-03 11:06 - 2019-04-07 17:10 - 001060864 _____ (AutoIt Team) [File not signed] C:\Users\Mavi\AppData\Local\Temp\systeminfo.exe
2019-04-07 13:53 - 2016-03-13 15:46 - 002842112 _____ (Raúl Argente) [File not signed] C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe
2019-02-23 12:04 - 2019-03-22 20:19 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2017-11-14 15:08 - 2019-03-22 20:19 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2017-11-14 15:08 - 2019-03-22 20:19 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-23 12:05 - 2019-03-22 20:19 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-02-23 12:04 - 2019-03-22 20:19 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 20:19 - 2019-03-22 20:19 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2019-04-07 13:53 - 2010-06-01 22:22 - 000074240 _____ (www.amsplugins.com) [File not signed] C:\Program Files\Argente - Registry Cleaner\Extras\Plugins\Argente09\Argente09.lmd
2019-04-07 13:53 - 2010-07-05 20:46 - 000319488 _____ (TODO: <Company name>) [File not signed] C:\Program Files\Argente - Registry Cleaner\Extras\Plugins\Argente03\Argente03.lmd
2019-04-07 13:53 - 2010-05-18 17:39 - 000176128 _____ (Indigo Rose Corporation) [File not signed] C:\Program Files\Argente - Registry Cleaner\Extras\Plugins\Argente00\Argente00.apo
2019-04-07 13:53 - 2010-06-06 20:43 - 000178688 _____ (hxxp://www.amsplugins.com) [File not signed] C:\Program Files\Argente - Registry Cleaner\Extras\Plugins\Argente08\Argente08.apo
2017-11-01 16:27 - 2018-10-20 13:32 - 034338840 _____ (Adobe Systems, Incorporated -> Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.dll
2017-11-01 16:27 - 2017-11-01 16:27 - 013125731 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\AcroForm.api
2017-11-01 16:27 - 2017-11-01 16:27 - 001484387 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\DigSig.api
2017-11-01 16:27 - 2017-11-01 16:27 - 007368291 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\PPKLite.api
2017-11-01 16:27 - 2017-11-01 16:27 - 000826979 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Checkers.api
2017-11-01 16:27 - 2017-11-01 16:27 - 000495203 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Accessibility.api
2017-11-01 16:27 - 2017-11-01 16:27 - 001758819 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\EScript.api
2017-11-01 16:27 - 2017-11-01 16:27 - 008278627 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Annots.api
2012-09-23 20:43 - 2012-09-23 20:43 - 000291328 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\cryptocme.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_base.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000208384 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_base_non_fips.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000227328 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_asym.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000564736 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_ecc.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000471552 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_ecdrbg.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000834560 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\ccme_ecc_accel_fips.dll
2017-11-01 16:27 - 2017-11-01 16:27 - 000110179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\IA32.api
2017-11-01 16:27 - 2018-10-20 13:32 - 001828064 _____ (Adobe Systems, Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\amtlib.dll
2017-11-01 16:27 - 2017-11-01 16:27 - 000174179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\plug_ins\Updater.api

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\pc2music:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-10-25 12:27 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\AutoFirma\AutoFirma
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mavi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{61394AD8-3428-44DB-BF18-EE62C28F0B8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D33013F1-9282-4F4F-9A1C-0D9ACEEA8042}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FA007029-A42B-4051-9B80-C5B7EA14AF28}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8DBD4948-EBF5-462E-B9E6-7F2B164B68AA}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{10BE1E50-4E35-4C3E-8DB6-CDB662165F4A}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{EAF0498D-25A8-4FE3-AD01-A931DA583A0C}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F3810897-5A35-49FE-BD0D-DF3118B263B9}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{93499C7D-F15D-4404-84A4-B49A4CB1136B}] => (Allow) C:\Users\Mavi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FAA1BA46-8D02-4746-A856-0BF67C1E6073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{CC9FC952-CEDF-43D0-BBC2-61590C94F247}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{7DDA74D7-2199-48DF-ADF9-4765B9E9632C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A48F744-1434-4668-BB5A-2E5210E37FDD}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AA24AC30-4EC9-45CB-AB80-0FC282A4BCA9}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5F6DD36D-FBB5-47A1-AA28-B07D044903C8}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{70F9D281-642C-4655-8A48-46637C445862}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{1B5B63F8-560E-4F56-A6AD-01270F404EC9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0BDF114D-247A-40C9-AFEF-D6A13B9EE008}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{25001569-190E-4040-BD8C-BE23E63B6740}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{94E0C4B1-339D-4FE3-89F2-15E68BE8C6CE}] => (Allow) C:\Program Files\Opera\58.0.3135.118\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{3B98194F-6A9C-49AE-A153-7A3F9CAE7492}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E3DE4144-A697-48D3-AF5B-51A979A70BEF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

04-04-2019 00:00:00 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2019 05:45:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Audacity\audacity.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/07/2019 05:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x2484
Hora de inicio de la aplicación con errores: 0x01d4ed569b2d4882
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: daa24d82-5949-11e9-9260-c86000173e04

Error: (04/07/2019 05:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: utorrentie.exe, versión: 1.0.0.44632, marca de tiempo: 0x5b999bcf
Nombre del módulo con errores: Flash.ocx, versión: 6.0.29.0, marca de tiempo: 0x3cc47d54
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00054564
Id. del proceso con errores: 0x1e14
Hora de inicio de la aplicación con errores: 0x01d4ed569b761262
Ruta de acceso de la aplicación con errores: C:\Users\Mavi\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
Ruta de acceso del módulo con errores: C:\Windows\SysWow64\macromed\flash\Flash.ocx
Id. del informe: da806d23-5949-11e9-9260-c86000173e04

Error: (04/07/2019 02:55:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2019 02:55:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2019 02:55:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/07/2019 02:55:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/07/2019 02:55:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/07/2019 05:29:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (04/07/2019 02:55:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (04/07/2019 02:55:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (04/06/2019 07:41:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (04/06/2019 07:41:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (04/06/2019 06:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (04/06/2019 06:04:51 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\Mavi\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (04/06/2019 06:04:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


Windows Defender:
===================================
Date: 2017-03-15 14:24:49.746
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{A2B7964C-0570-4283-8B59-20A16A2E54AE}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Mavi-PC\Mavi

CodeIntegrity:
===================================

Date: 2018-10-22 12:46:57.057
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:56.464
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:56.026
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:55.402
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:54.823
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-10-22 12:46:54.372
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ProgramData\ESET\ESET NOD32 Antivirus\updfiles\base_nonnups\nod06AF.dll.nup.raw porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-05-10 21:34:00.497
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2017-05-10 21:34:00.497
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 7968.06 MB
Available physical RAM: 2171.39 MB
Total Virtual: 15934.26 MB
Available Virtual: 10050.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:304.36 GB) (Free:44.77 GB) NTFS
Drive d: (Nuevo vol) (Fixed) (Total:394.18 GB) (Free:209.16 GB) NTFS
Drive i: () (Removable) (Total:31.99 GB) (Free:4.89 GB) FAT32

\\?\Volume{467a7cfa-b7a8-11e6-b73d-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: E3102A4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=304.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 57.8 GB) (Disk ID: E655F693)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)

==================== End of Addition.txt ============================
0 me gusta

#12

Hola @carol

Tu Eset no puede con tu infección por que es pirata. No es aconsejable tenerlos de esa manera ya que te infectaras igual.

Luego te doy sugerencias para cambiar de Av.

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION
(AutoIt Team) [File not signed] C:\Users\Mavi\AppData\Local\Temp\systeminfo.exe
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\Run: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [937776 2019-04-07] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\dc85d83f
HKU\S-1-5-21-2590789392-3709184063-2437184007-1000\...\RunOnce: [dc85d83f] => C:\ProgramData\dc85d83f\dc85d83f.exe [937776 2019-04-07] (AutoIt Consulting Ltd -> AutoIt Team)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2590789392-3709184063-2437184007-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
2019-03-24 20:43 - 2019-03-24 20:44 - 000000000 ____D C:\tjwifroqnt__
2019-04-03 11:06 - 2019-04-07 17:10 - 001060864 _____ (AutoIt Team) C:\Users\Mavi\AppData\Local\Temp\systeminfo.exe
Task: {1D708540-7132-498F-9BD8-C24C303FAC08} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\Overseer.exe (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\Avast Software
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\carteraR20180811_151115_1534021609490R.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\DSC03747R.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\pc2music:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Mavi\Desktop\RFile00811.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

1 me gusta

#13

Hola, he hecho lo que me indicas y esperaré hasta mañana a ver si ha funcionado y así, comentaroslo.

Todo esto ha venido por el nod?

quedo a la espera

gracias

0 me gusta

#14

Hola:

Debes pegar el reporte del fixlog.

Salu2.

0 me gusta