ZAPISANE error pantalla emergente

adm77 · 15 Julio, 2019 17:37

Por lo q veo es un texto en polaco, arranco pc y sale eso y no se como sacarlo,pensé q estaba relacionado con ccleaner asi q lo desinstale pero sigue apareciendo, el texto q figura alli no me deja copiarlo ni editar, tiene una cruz para cerrarlo al medio pero no funciona y en las esquinas no hay cruz para cerrarlo,si alguien pudiera ayudar le agradezco Saludos

Miguelgrado · 15 Julio, 2019 18:20

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

Desactiva tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
Si no encuentra nada, pulsamos “Omitir Reparación”
El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

adm77 · 16 Julio, 2019 16:20

gracias, aun se esta ejecutando, lleva 6 horas…

lleva 9 hs y ahora me apareció el cartel mencionado q en el usuario actual no estaba antes…

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 15/7/19
Hora del análisis: 16:20
Archivo de registro: 901442ce-a735-11e9-8c0c-e0cb4ee62916.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11564
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Diego-PC\Diego

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 277514
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 14 hr, 29 min, 45 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)
(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-16-2019
# Duration: 00:00:39
# OS:       Windows 7 Ultimate
# Scanned:  27411
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1245 octets] - [12/06/2018 01:35:40]
AdwCleaner[C00].txt - [1431 octets] - [12/06/2018 01:36:56]
AdwCleaner[S01].txt - [1375 octets] - [28/10/2018 14:43:32]
AdwCleaner[S02].txt - [1436 octets] - [29/10/2018 02:14:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

ya hago lo d ccleaner y la pruebo un tiempo y les comento, gracias

Bueno…me sigue saliendo el cartel en otro usuario …

Miguelgrado · 16 Julio, 2019 19:37

Esto si lo ejecutas cuando el cartel esta visible, mejor

Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

adm77 · 17 Julio, 2019 04:56

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2019 01
Ran by I2 (17-07-2019 01:47:09)
Running from C:\Users\I2\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-02-14 16:54:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4176836711-1023169650-3318900086-500 - Administrator - Disabled)
Diego (S-1-5-21-4176836711-1023169650-3318900086-1000 - Administrator - Enabled) => C:\Users\Diego
HomeGroupUser$ (S-1-5-21-4176836711-1023169650-3318900086-1010 - Limited - Enabled)
I2 (S-1-5-21-4176836711-1023169650-3318900086-1012 - Limited - Enabled) => C:\Users\I2
Invitado (S-1-5-21-4176836711-1023169650-3318900086-501 - Limited - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Argente - Registry Cleaner 3.1.2.0 (HKLM\...\Argente - Registry Cleaner_is1) (Version: 3.1.2.0 - Raúl Argente)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Backup and Sync from Google (HKLM\...\{2220EB12-4C3F-4203-996A-2D55BD1FF3A6}) (Version: 3.45.5545.5747 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
DriversCloud.com (HKLM\...\{80D96881-C431-4441-8A61-0D8C825B970D}) (Version: 8.0.3.1 - Cybelsoft)
Eye 312 (HKLM\...\{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java SE Development Kit 8 Update 211 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180211}) (Version: 8.0.2110.12 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 67.0.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 67.0.1 (x86 es-ES)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
Opera Stable 62.0.3331.72 (HKLM\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Skype versión 8.46 (HKLM\...\Skype_is1) (Version: 8.46 - Skype Technologies S.A.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TL-WN721N/TL-WN722N Driver (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Vivaldi (HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Vivaldi) (Version: 2.6.1566.44 - Vivaldi Technologies AS.)
WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4176836711-1023169650-3318900086-1012_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-02-14 14:19 - 2011-03-31 15:36 - 000167424 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-02-14 14:19 - 2011-08-25 14:02 - 001425920 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-02-14 14:19 - 2011-11-18 17:14 - 000788992 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2016-02-14 14:19 - 2011-03-31 15:36 - 000128000 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2016-02-14 14:19 - 2011-03-31 15:36 - 000111616 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2009-07-13 20:35 - 2011-08-03 11:34 - 000036352 _____ () [File not signed] C:\Windows\system32\slc.dll
2018-01-14 16:04 - 2019-02-21 13:00 - 000050688 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-07-13 20:24 - 2009-07-13 22:14 - 000092672 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\Dwm.exe
2009-07-13 20:40 - 2009-07-13 22:16 - 000249856 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\uxtheme.dll
2019-07-04 02:19 - 2019-06-24 13:48 - 000341824 _____ (Vivaldi testbuild -> ) [File not signed] C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\swiftshader\libegl.dll
2019-07-04 02:19 - 2019-06-24 13:48 - 003018048 _____ (Vivaldi testbuild -> ) [File not signed] C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\swiftshader\libglesv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2019-03-01 00:58 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Skype\Phone
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 200.49.130.51 - 200.42.4.204
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: ArgenteRC => "C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe" /AutoClean
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9E9D54F3-FB60-4508-9543-E0A4DA8CA89B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B6CAF656-C306-4578-AC06-9BAC7136E508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F75AB6ED-19EB-4325-BEB6-B373833ACA8C}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0E418A4-2617-4858-A32B-7E853A829248}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{24BDF3B1-CDE8-4042-8F7D-DF5762A46F88}] => (Allow) C:\Program Files\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{85C19B30-C349-4718-A62F-7C9200D46576}] => (Allow) C:\Program Files\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5A638D1A-F5D0-4833-81B4-287AF6E3758D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:147.99 GB) (Free:104.27 GB) (70%)
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2019 12:10:43 AM) (Source: Windows Activation Technologies) (EventID: 3) (User: )
Description: Error de comprobación de mantenimiento: 
 hr = 0x8004FE21, estado de mantenimiento: 0x0000000000000100

Error: (07/17/2019 12:05:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/16/2019 06:13:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: browser_assistant.exe, versión: 62.0.3331.72, marca de tiempo: 0x5d26c250
Nombre del módulo con errores: browser_assistant.exe, versión: 62.0.3331.72, marca de tiempo: 0x5d26c250
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000474e
Id. del proceso con errores: 0xf24
Hora de inicio de la aplicación con errores: 0x01d53c1b3b143c94
Ruta de acceso de la aplicación con errores: C:\Program Files\Opera\assistant\browser_assistant.exe
Ruta de acceso del módulo con errores: C:\Program Files\Opera\assistant\browser_assistant.exe
Id. del informe: 80f44526-a80e-11e9-927a-e0cb4ee62916

Error: (07/16/2019 06:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/16/2019 01:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (07/16/2019 01:40:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1172) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\I2\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (07/16/2019 01:40:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1172) WebCacheLocal: Al intentar abrir el archivo "C:\Users\I2\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (07/16/2019 01:40:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "file:///A:\Documentos\">.


System errors:
=============
Error: (07/17/2019 01:39:04 AM) (Source: DCOM) (EventID: 10016) (User: Diego-PC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 y APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 al usuario Diego-PC\I2 con SID (S-1-5-21-4176836711-1023169650-3318900086-1012) en la dirección LocalHost (con LRPC). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/17/2019 12:11:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (07/16/2019 06:18:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (07/16/2019 01:36:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (07/16/2019 01:36:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (07/16/2019 01:36:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio SysMain.

Error: (07/16/2019 12:35:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.

Error: (07/15/2019 10:14:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {3EB3C877-1F16-487C-9050-104DBCD66683} no se registró con DCOM dentro del tiempo de espera requerido.


CodeIntegrity:
===================================

Date: 2018-11-20 18:16:43.166
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-20 18:16:43.043
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-17 11:48:42.039
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-17 11:48:41.758
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-16 11:41:42.547
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-16 11:41:42.434
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-16 11:41:42.264
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-16 11:41:38.126
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0602 09/11/2009
Motherboard: ASUSTeK Computer INC. P5KPL-AM SE
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 86%
Total physical RAM: 2038.18 MB
Available physical RAM: 275.62 MB
Total Virtual: 4092.36 MB
Available Virtual: 1096.52 MB

==================== Drives ================================

Drive a: (Datos) (Fixed) (Total:150 GB) (Free:112.22 GB) NTFS
Drive c: () (Fixed) (Total:147.99 GB) (Free:104.26 GB) NTFS

\\?\Volume{a9572656-d319-11e5-b7dc-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================`Texto preformateado`

adm77 · 17 Julio, 2019 04:59

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2019 01
Ran by I2 (ATTENTION: The user is not administrator) on DIEGO-PC (17-07-2019 01:46:01)
Running from C:\Users\I2\Desktop
Loaded Profiles: I2 (Available Profiles: Diego & I2 & Invitado)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(IBM -> IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\dwm.exe
(Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\assistant\browser_assistant.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\update_notifier.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\I2\AppData\Local\Vivaldi\Application\vivaldi.exe
Failed to access process -> AGMService.exe
Failed to access process -> AGSService.exe
Failed to access process -> armsvc.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> MBAMService.exe
Failed to access process -> RapportMgmtService.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> services.exe
Failed to access process -> smss.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sppsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WUDFHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2299928 2019-07-11] (Opera Software AS -> Opera Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [Vivaldi Update Notifier] => C:\Users\I2\AppData\Local\Vivaldi\Application\update_notifier.exe [1653320 2019-06-24] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [GoogleChromeAutoLaunch_5087D641C4828CBA2993A17D7FE5D66B] => C:\Program Files\Google\Chrome\Application\chrome.exe [1448432 2019-07-12] (Google LLC -> Google LLC)
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\system32\tsccvid.dll [602624 2014-11-11] (TechSmith Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.tsc2] => C:\Windows\system32\tsc2_codec32.dll [234496 2014-08-27] (TechSmith Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-14]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16ABBBC0-2682-42AD-A7F7-408AC1DA4CA3} - Access Denied. 
Task: {18E6D428-D26C-4169-BEDF-3B5BDDC952F6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Task: {2DA716CA-F390-430A-B987-C370FE6B0BB2} - Access Denied. 
Task: {37F17089-1D79-44D4-89E0-27E90ED96E6B} - Access Denied. 
Task: {4040E761-8758-4007-B2FE-142B24BF4B16} - System32\Tasks\Microsoft\Windows\Ras\MobilityManager
"C:\Windows\System32\Tasks" could not be unlocked Error: 5. <==== ATTENTION
Task: {4172B620-83CD-42C9-A4F3-6BC73BCBA7F3} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {46CE8324-7A3D-469B-B1A0-E95E31884FDB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {50FB5A03-0E1E-48DE-B8A1-BEE9D7D2CD0F} - System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
Task: {5488D5A4-02BA-42EE-B3B6-1AB16E07C69D} - Access Denied. 
Task: {5AD9A312-B7BF-4C03-B435-96ACEE71023D} - Access Denied. 
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
Task: {676713BD-75BC-4B2A-8157-9CA061DFC8C2} - Access Denied. 
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
"C:\Windows\System32\Tasks\WPD" could not be unlocked Error: 5. <==== ATTENTION
Task: {853D8377-AB76-4128-8E49-945B48329140} - \WPD\SqmUpload_S-1-5-21-4176836711-1023169650-3318900086-1000 -> No File <==== ATTENTION
Task: {8D47F360-B2F3-4649-BE67-CF6EAF344326} - Access Denied. 
Task: {91403318-5A73-41A7-8218-DCEEAF4B280A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {9B75C702-EA13-406A-BADB-6C588EE4375B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
Task: {A31FC690-DA70-48C8-8B39-2B8BA50AC0AB} - Access Denied. 
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe
Task: {B200C582-8144-4854-BD8C-F17C8412818C} - Access Denied. 
Task: {C87533A4-2F95-4178-8443-306E0D212C1B} - Access Denied. 
Task: {C90440A0-6D8F-423F-8F42-83EEF05CE708} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Task: {CF160B97-5F71-480C-99B4-E08975863C89} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
Task: {CF9AE76A-ED85-48BA-A484-52ED6A31640A} - Access Denied. 
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
Task: {E1FE6947-4E0B-42F4-816C-DB99D857EBAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {E8BCA7A7-0714-4CE5-9D4B-7E95D3F28B16} - Access Denied. 
Task: {EE005747-52A6-430E-9B01-B87F2CF126FA} - Access Denied. 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.51 200.42.4.204
Tcpip\..\Interfaces\{A38C42F4-2C47-484E-976E-4962A945F520}: [DhcpNameServer] 200.49.130.51 200.42.4.204
Tcpip\..\Interfaces\{AF6D671A-777B-4CBF-BE5B-5187FDE44BFE}: [DhcpNameServer] 200.49.130.47 200.42.4.210

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default [2019-07-17]
CHR Extension: (Presentaciones) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-14]
CHR Extension: (Documentos) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-14]
CHR Extension: (Google Drive) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-14]
CHR Extension: (IBM Security Rapport) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-14]
CHR Extension: (YouTube) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-14]
CHR Extension: (Jaxx Liberty) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjelfplplebdjjenllpjcblmjkfcffne [2019-06-22]
CHR Extension: (Adobe Acrobat) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-15]
CHR Extension: (Hojas de cálculo) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-14]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-14]
CHR Extension: (Gmail) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\I2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5551168 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [365048 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM -> IBM Corp.)
S3 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34696 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174472 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225816 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [171216 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [56504 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [214944 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40904 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [140080 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101192 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73008 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783232 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [403952 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [167576 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2017-03-02] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [312968 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [44752 2016-04-03] (NCH Software -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2019-06-08] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-07-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-07-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-07-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-07-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM -> IBM Corp.)
R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-10-02] (IBM -> IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM -> IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [103616 2017-09-28] (IBM -> IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [265304 2017-09-28] (IBM -> IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM -> IBM Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-17 01:39 - 2019-07-17 01:46 - 000023295 _____ C:\Users\I2\Desktop\FRST.txt
2019-07-17 01:38 - 2019-07-17 01:38 - 001446912 _____ (Farbar) C:\Users\I2\Desktop\FRST.exe
2019-07-17 00:11 - 2019-07-17 00:11 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-17 00:09 - 2019-07-17 00:09 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-17 00:09 - 2019-07-17 00:09 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-17 00:06 - 2019-07-17 00:06 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-16 13:35 - 2019-07-17 00:13 - 000073350 _____ C:\Windows\ntbtlog.txt
2019-07-16 13:23 - 2019-07-16 13:23 - 000000844 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-16 13:23 - 2019-07-16 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-16 13:23 - 2019-07-16 13:23 - 000000000 ____D C:\Program Files\CCleaner
2019-07-15 10:29 - 2019-07-15 10:29 - 000000916 _____ C:\Users\Public\Desktop\Navegador Opera.lnk
2019-07-15 00:06 - 2019-07-15 00:06 - 000000000 ____D C:\Users\I2\AppData\Local\Adobe
2019-07-13 15:34 - 2019-07-13 16:43 - 000011450 _____ C:\Users\I2\Desktop\EXPENN.xlsx
2019-07-12 11:41 - 2019-07-12 11:41 - 000012178 _____ C:\Users\I2\Desktop\Cedulon.pdf
2019-07-11 12:06 - 2019-07-04 02:06 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-11 12:06 - 2019-07-04 02:06 - 000167576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-11 12:06 - 2019-07-04 02:06 - 000140080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-09 09:56 - 2019-07-09 09:56 - 000027919 _____ C:\Users\I2\Desktop\[email protected]
2019-07-09 09:51 - 2019-07-09 09:51 - 004863032 _____ (Adobe) C:\Windows\system32\FlashPlayerInstaller.exe
2019-07-08 12:36 - 2019-07-15 10:11 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-08 12:31 - 2019-07-08 12:31 - 000001810 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-08 12:31 - 2019-07-08 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-08 12:30 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-07-07 20:59 - 2019-07-01 11:04 - 000178594 _____ C:\Users\I2\Documents\Advanced_user's_trx_download_version_2019_07_01.xlsx
2019-07-07 20:59 - 2019-07-01 11:04 - 000035669 _____ C:\Users\I2\Documents\User's_trx_download_version_2019_07_01.xlsx
2019-07-07 20:56 - 2019-06-07 01:21 - 000065956 _____ C:\Users\I2\Documents\airtm mayo 19.xlsx
2019-07-07 20:53 - 2019-07-07 21:02 - 000000000 ____D C:\Users\I2\Desktop\zec
2019-07-07 20:51 - 2019-06-08 23:09 - 000001044 _____ C:\Users\I2\Documents\Revo Uninstaller.lnk
2019-07-05 23:52 - 2019-07-05 23:52 - 000015203 _____ C:\Users\I2\Documents\money.xlsx
2019-07-04 01:50 - 2019-07-03 00:17 - 000071688 _____ C:\Users\I2\Documents\airtm jun 19.xlsx
2019-07-04 01:49 - 2019-06-24 15:46 - 000033591 _____ C:\Users\I2\Documents\airtm abr19 (3).xlsx
2019-07-04 01:48 - 2019-07-04 01:51 - 000000000 ____D C:\Users\I2\Desktop\renta
2019-07-03 22:23 - 2019-07-03 22:23 - 000019536 ____N C:\bootsqm.dat
2019-06-26 14:58 - 2019-06-26 15:23 - 000000000 ____D C:\Users\I2\Desktop\ESTATUTO

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-17 01:46 - 2017-11-29 16:47 - 000000000 ____D C:\FRST
2019-07-17 01:23 - 2009-07-14 01:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-17 01:23 - 2009-07-14 01:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-17 00:08 - 2019-02-14 14:44 - 000002189 _____ C:\Users\I2\Desktop\Vivaldi.lnk
2019-07-17 00:05 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-16 18:22 - 2017-05-12 23:19 - 000000000 ____D C:\Program Files\Opera
2019-07-16 18:13 - 2019-03-31 21:11 - 000000000 ____D C:\Users\I2\AppData\Local\CrashDumps
2019-07-16 13:34 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-07-16 13:28 - 2017-03-20 11:08 - 000000000 ____D C:\Windows\Minidump
2019-07-16 06:53 - 2017-12-18 21:30 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 00:07 - 2019-04-16 20:38 - 000000000 ____D C:\Users\I2\AppData\LocalLow\Adobe
2019-07-15 00:06 - 2019-02-14 11:16 - 000000000 ____D C:\Users\I2\AppData\Roaming\Adobe
2019-07-11 12:07 - 2019-04-06 13:51 - 000001867 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-07-09 23:43 - 2018-10-02 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-07-09 09:51 - 2016-02-14 14:45 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-07-09 09:51 - 2016-02-14 14:45 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-07-09 09:51 - 2016-02-14 14:45 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-08 15:14 - 2019-03-05 23:16 - 000011972 _____ C:\Users\I2\Desktop\alquiler imp arce.xlsx
2019-07-04 02:20 - 2019-02-14 14:44 - 000000000 ____D C:\Users\I2\AppData\Local\Vivaldi
2019-07-04 02:19 - 2019-02-14 14:44 - 000002137 _____ C:\Users\I2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-07-04 02:06 - 2019-02-24 14:00 - 000783232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000403952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000312968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000214944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000174472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000171216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000101192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000073008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000056504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000040904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000034696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-07-04 01:48 - 2019-04-16 21:25 - 000000000 ____D C:\Users\I2\AppData\Roaming\Apple Computer
2019-07-04 01:18 - 2016-02-14 15:00 - 000000000 ____D C:\Windows\pss
2019-07-03 01:04 - 2019-02-19 20:14 - 000010489 _____ C:\Users\I2\Desktop\impuesto.xlsx
2019-06-25 01:40 - 2017-05-21 17:21 - 000000000 _____ C:\Windows\system32\last.dump

==================== Files in the root of some directories ================

2019-02-15 22:56 - 2019-02-15 22:56 - 000000000 _____ () C:\Users\I2\AppData\Local\oobelibMkey.log

==================== FLock ================

2019-07-17 00:06 C:\Config.Msi
2016-02-14 14:50 C:\MSOCache
2009-07-13 23:37 C:\PerfLogs
2009-07-13 23:03 C:\Windows\LiveKernelReports
2019-07-16 13:28 C:\Windows\Minidump
2009-07-13 23:04 C:\Windows\ModemLogs
2019-07-04 02:07 C:\Windows\Prefetch
2019-07-17 01:38 C:\Windows\Temp
2019-07-17 00:22 C:\Windows\system32\config
2009-07-13 23:37 C:\Windows\system32\ias
2009-07-13 23:37 C:\Windows\system32\NetworkList
2019-07-16 13:23 C:\Windows\system32\Tasks
2018-11-26 11:11 C:\Windows\system32\wdi
2009-07-14 01:54 C:\Windows\system32\wfp
2018-12-13 00:10 C:\Users\Diego
2018-08-10 16:41 C:\Users\Invitado
2019-02-14 08:59 C:\Users\TEMP

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. The user is not administrator -> No se pudo abrir el almac�n de datos de configuraci�n de arranque (BCD).
Acceso denegado.

==================== End of FRST.txt ============================

adm77 · 17 Julio, 2019 14:52

Te comento q al avast lo había desactivado por una hora luego cuando se activo se corrió y me sale esto q aun no puedo eliminar el avast no lo elimina no s si tendrá q ver con el FRST q baje?

Miguelgrado · 17 Julio, 2019 16:09

El problema ya veo , creo de donde viene.

Te estan detectando el navegador Vilvaldi que tienes instalado, y ademas creo que es el causante de esos avisos y notas, pues es de origen noruego o semejante.

Por otra parte los logs que me pones no sirven, pues usaste para hacerlos un usuario con permisos limitados , I2.

Tienes que usar la cuenta del Administrador, Diego, para todos los pasos que estamos realizando.

Para desinfectar un pc, se debe usar cuenta de Administrador

Pero antes vas a desinstalar Vivaldi con Revo:

Descarga e instalas >> Revo Uninstaller | InfoSpyware

Luego, segun manual de Revo >> http://www.forospyware.com/t243205.html, desinstalas el / los programas indicados, seleccionando cuando lo indique Revo, el Modo Avanzado

Marcas NOMBRE PROGRAMA y pulsas desinstalar en el menu de Revo, en Modo Avanzado

Cuando lo hagas, se iniciara el desinstalador de NOMBRE DE PROGRAMA y al finalizar (si alguno te pide reiniciar, pulsas en NO o Cancelar y continuas con Revo), realizas:

Pulsas Analizar en Revo, para que analice los restos del programa
Pulsas seleccionar todo, para eliminar restos del registro
Pulsas borrar todo
Pulsas siguiente
Pulsas seleccionar todo, para eliminar, si hay, carpetas
Pulsas borrar todo
Pulsas finalizar

Una vez desinstalado, reinicia el pc, compruebas como funciona y si vuelve a salir el aviso, realizas lo indicado de nuevo con Fabar.

Si no vuelve a salir, me lo comentas

adm77 · 17 Julio, 2019 17:26

OK respecto a los logs los hice desde el usuario en donde me aparecía la pantalla emergente y lo abrí como administrador, entonces tendría q hacerlo desde el usuario administrador otra vez ok pero antes hacer lo de revo ok, me pongo en eso gracias

Ese cartel ocupa un espacio q si mal no recuerdo allí me llegaban las notif de ccleaner

Miguelgrado · 17 Julio, 2019 19:46

Si realiza lo de Revo y me comentas cómo va el PC.

si se hacen esos análisis desde una usuario tan limitado, los resultados salen mal porque ese programa no puede acceder a ciertas partes del PC y no podemos ver parámetros importantes de este

adm77 · 18 Julio, 2019 15:46

ok , te comento lo iba a hacer pero desde anoche q desapareció el famoso cartel no se porque, la pruebo un poco mas así o recomiendas hacer algo igualmente ¿? Si aparece lo hago de una

Miguelgrado · 18 Julio, 2019 16:36

Ok comprueba el PC el tiempo que necesites al menos 24 o 48 horas

adm77 · 19 Julio, 2019 17:42

Gracias, por ahora tranquilo, te consulto, ademas la noto lenta a la pc, abro otro tema ¿? Saludos

Miguelgrado · 19 Julio, 2019 19:15

Ponme los informes de Fabar, como te indique anteriormente

adm77 · 21 Julio, 2019 21:01

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2299928 2019-07-11] (Opera Software AS -> Opera Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [Vivaldi Update Notifier] => C:\Users\I2\AppData\Local\Vivaldi\Application\update_notifier.exe [1653320 2019-06-24] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [GoogleChromeAutoLaunch_5087D641C4828CBA2993A17D7FE5D66B] => C:\Program Files\Google\Chrome\Application\chrome.exe [1448432 2019-07-12] (Google LLC -> Google LLC)
HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\system32\tsccvid.dll [602624 2014-11-11] (TechSmith Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.tsc2] => C:\Windows\system32\tsc2_codec32.dll [234496 2014-08-27] (TechSmith Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-14]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16ABBBC0-2682-42AD-A7F7-408AC1DA4CA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-18] (Google Inc -> Google Inc.)
Task: {2DA716CA-F390-430A-B987-C370FE6B0BB2} - System32\Tasks\Opera scheduled assistant Autoupdate 1553607295 => C:\Program Files\Opera\launcher.exe [1348120 2019-07-11] (Opera Software AS -> Opera Software)
Task: {37F17089-1D79-44D4-89E0-27E90ED96E6B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4172B620-83CD-42C9-A4F3-6BC73BCBA7F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {5488D5A4-02BA-42EE-B3B6-1AB16E07C69D} - System32\Tasks\AdobeGCInvoker-1.0-Diego-PC-Diego => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5AD9A312-B7BF-4C03-B435-96ACEE71023D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3228552 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {676713BD-75BC-4B2A-8157-9CA061DFC8C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-18] (Google Inc -> Google Inc.)
Task: {8D47F360-B2F3-4649-BE67-CF6EAF344326} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {91403318-5A73-41A7-8218-DCEEAF4B280A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {A31FC690-DA70-48C8-8B39-2B8BA50AC0AB} - System32\Tasks\Opera scheduled Autoupdate 1514437664 => C:\Program Files\Opera\launcher.exe [1348120 2019-07-11] (Opera Software AS -> Opera Software)
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe
Task: {B200C582-8144-4854-BD8C-F17C8412818C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1913648 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {C87533A4-2F95-4178-8443-306E0D212C1B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)
Task: {CF9AE76A-ED85-48BA-A484-52ED6A31640A} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
Task: {E1FE6947-4E0B-42F4-816C-DB99D857EBAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {E8BCA7A7-0714-4CE5-9D4B-7E95D3F28B16} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EE005747-52A6-430E-9B01-B87F2CF126FA} - System32\Tasks\AdobeGCInvoker-1.0-Diego-PC-I2 => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.51 200.42.4.204
Tcpip\..\Interfaces\{A38C42F4-2C47-484E-976E-4962A945F520}: [DhcpNameServer] 200.49.130.51 200.42.4.204
Tcpip\..\Interfaces\{AF6D671A-777B-4CBF-BE5B-5187FDE44BFE}: [DhcpNameServer] 200.49.130.47 200.42.4.210

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: bu56p6dm.default-1477268946708-1552448337271
FF ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\bu56p6dm.default-1477268946708-1552448337271 [2019-07-21]
FF Extension: (IBM Security Rapport) - C:\Users\Diego\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2017-11-06]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\bu56p6dm.default-1477268946708-1552448337271\Extensions\[email protected] [2019-02-24]
FF Extension: (Avast Online Security) - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\bu56p6dm.default-1477268946708-1552448337271\Extensions\[email protected] [2019-02-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4176836711-1023169650-3318900086-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Diego\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-23] (Citrix Online -> Citrix Online)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default [2019-07-16]
CHR Extension: (Presentaciones) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-18]
CHR Extension: (Anti Miner - No 1 Coin Minerblock) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\abgnbkcdbiafipllamhhmikhgjolhdaf [2017-12-28]
CHR Extension: (Documentos) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-18]
CHR Extension: (Google Drive) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-18]
CHR Extension: (IBM Security Rapport) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-04-12]
CHR Extension: (YouTube) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-18]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-06-08]
CHR Extension: (Hojas de cálculo) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-18]
CHR Extension: (Authy Chrome Extension) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2018-05-21]
CHR Extension: (Authy) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2018-05-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Super Auto Refresh) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2018-02-06]
OPR Extension: (Google Translate) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2019-06-08]
OPR Extension: (Mining Blocker) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\nbpfigdgbjgoejmnffbpgmbcnppjjokp [2018-09-21]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Diego\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-05-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5551168 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [365048 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM -> IBM Corp.)
S3 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34696 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174472 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225816 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [171216 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [56504 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [214944 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40904 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [140080 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101192 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73008 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783232 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [403952 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [167576 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2017-03-02] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [312968 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [44752 2016-04-03] (NCH Software -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2019-06-08] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-07-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-07-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-07-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-07-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-07-21] (Malwarebytes Corporation -> Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [204632 2017-09-28] (IBM -> IBM Corp.)
R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804077.sys [848024 2017-10-02] (IBM -> IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [336504 2017-09-28] (IBM -> IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [103616 2017-09-28] (IBM -> IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [265304 2017-09-28] (IBM -> IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [415992 2017-09-28] (IBM -> IBM Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-21 17:32 - 2019-07-21 17:32 - 001446912 _____ (Farbar) C:\Users\Diego\Escritorio\FRST (1).exe
2019-07-21 16:38 - 2019-07-21 16:39 - 000000000 ____D C:\Users\Diego\Escritorio\recupero moto
2019-07-21 11:57 - 2019-07-21 11:57 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-21 11:55 - 2019-07-21 11:55 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-21 11:54 - 2019-07-21 11:54 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-21 11:49 - 2019-07-21 11:49 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-19 13:52 - 2019-07-19 13:52 - 000003288 ____N C:\bootsqm.dat
2019-07-18 00:57 - 2019-07-18 00:57 - 000000000 ____D C:\Program Files\Common Files\Oracle
2019-07-18 00:56 - 2019-07-18 00:56 - 000000000 ____D C:\Program Files\Common Files\Java
2019-07-17 12:54 - 2019-07-17 12:54 - 000082197 _____ C:\Users\Diego\Escritorio\9204-19831173 (1).pdf
2019-07-17 12:44 - 2019-07-17 12:45 - 000082197 _____ C:\Users\Diego\Downloads\9204-19831173 (1).pdf
2019-07-17 12:43 - 2019-07-17 12:44 - 000082197 _____ C:\Users\Diego\Downloads\9204-19831173.pdf
2019-07-16 13:35 - 2019-07-21 15:01 - 000300602 _____ C:\Windows\ntbtlog.txt
2019-07-16 13:23 - 2019-07-16 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-16 13:23 - 2019-07-16 13:23 - 000000000 ____D C:\Program Files\CCleaner
2019-07-16 13:22 - 2019-07-16 13:22 - 020891464 _____ (Piriform Software Ltd) C:\Users\Diego\Downloads\ccsetup560.exe
2019-07-16 13:10 - 2019-07-16 13:10 - 007025360 _____ (Malwarebytes) C:\Users\Diego\Escritorio\adwcleaner_7.3.exe
2019-07-15 00:06 - 2019-07-15 00:06 - 000000000 ____D C:\Users\I2\AppData\Local\Adobe
2019-07-11 12:06 - 2019-07-04 02:06 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-11 12:06 - 2019-07-04 02:06 - 000167576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-11 12:06 - 2019-07-04 02:06 - 000140080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-09 09:51 - 2019-07-09 09:51 - 004863032 _____ (Adobe) C:\Windows\system32\FlashPlayerInstaller.exe
2019-07-08 12:36 - 2019-07-19 13:45 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-08 12:31 - 2019-07-08 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-08 12:30 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-07-08 01:27 - 2019-07-08 01:27 - 000156227 _____ C:\Users\Diego\Downloads\VISA JULIO.pdf
2019-07-07 20:59 - 2019-07-01 11:04 - 000178594 _____ C:\Users\I2\Documents\Advanced_user's_trx_download_version_2019_07_01.xlsx
2019-07-07 20:59 - 2019-07-01 11:04 - 000035669 _____ C:\Users\I2\Documents\User's_trx_download_version_2019_07_01.xlsx
2019-07-07 20:56 - 2019-06-07 01:21 - 000065956 _____ C:\Users\I2\Documents\airtm mayo 19.xlsx
2019-07-07 20:51 - 2019-06-08 23:09 - 000001044 _____ C:\Users\I2\Documents\Revo Uninstaller.lnk
2019-07-05 23:52 - 2019-07-05 23:52 - 000015203 _____ C:\Users\I2\Documents\money.xlsx
2019-07-05 11:40 - 2019-07-05 11:40 - 000019265 _____ C:\Users\Diego\Escritorio\Documento sin título.pdf
2019-07-04 01:50 - 2019-07-03 00:17 - 000071688 _____ C:\Users\I2\Documents\airtm jun 19.xlsx
2019-07-04 01:49 - 2019-06-24 15:46 - 000033591 _____ C:\Users\I2\Documents\airtm abr19 (3).xlsx

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-21 17:35 - 2017-11-29 16:47 - 000000000 ____D C:\FRST
2019-07-21 17:32 - 2016-02-14 13:54 - 000000000 ___RD C:\Users\Diego\Escritorio
2019-07-21 16:39 - 2019-03-01 01:04 - 000000000 ____D C:\Users\Diego\AppData\Local\AVAST Software
2019-07-21 16:38 - 2016-07-11 22:35 - 000000000 ____D C:\Users\Diego\AppData\Local\CrashDumps
2019-07-21 16:21 - 2009-07-14 01:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-21 16:21 - 2009-07-14 01:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-21 11:47 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-18 00:57 - 2016-02-14 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-07-18 00:57 - 2016-02-14 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-07-18 00:57 - 2016-02-14 15:53 - 000000000 ____D C:\Program Files\Java
2019-07-18 00:54 - 2016-02-14 15:55 - 000096240 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2019-07-17 12:07 - 2019-01-29 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-17 02:08 - 2019-06-08 22:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-16 18:22 - 2017-05-12 23:19 - 000000000 ____D C:\Program Files\Opera
2019-07-16 18:13 - 2019-03-31 21:11 - 000000000 ____D C:\Users\I2\AppData\Local\CrashDumps
2019-07-16 13:34 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-07-16 13:28 - 2017-03-20 11:08 - 000000000 ____D C:\Windows\Minidump
2019-07-16 12:58 - 2017-12-08 00:31 - 000000000 ___RD C:\Users\Diego\Escritorio\pc
2019-07-16 06:53 - 2017-12-18 21:30 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 00:07 - 2019-04-16 20:38 - 000000000 ____D C:\Users\I2\AppData\LocalLow\Adobe
2019-07-15 00:06 - 2019-02-14 11:16 - 000000000 ____D C:\Users\I2\AppData\Roaming\Adobe
2019-07-12 01:29 - 2016-11-30 14:54 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\Mozilla
2019-07-09 23:43 - 2018-10-02 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-07-09 09:51 - 2016-02-14 14:45 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-07-09 09:51 - 2016-02-14 14:45 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-07-09 09:51 - 2016-02-14 14:45 - 000000000 ____D C:\Windows\system32\Macromed
2019-07-04 14:14 - 2018-07-18 02:20 - 000000000 ____D C:\Users\Diego\Escritorio\pdf
2019-07-04 02:20 - 2019-02-14 14:44 - 000000000 ____D C:\Users\I2\AppData\Local\Vivaldi
2019-07-04 02:19 - 2019-02-14 14:44 - 000002137 _____ C:\Users\I2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-07-04 02:06 - 2019-02-24 14:00 - 000783232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000403952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000312968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000214944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000174472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000171216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000101192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000073008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000056504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000040904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-07-04 02:06 - 2019-02-24 14:00 - 000034696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-07-04 01:48 - 2019-04-16 21:25 - 000000000 ____D C:\Users\I2\AppData\Roaming\Apple Computer
2019-07-04 01:18 - 2016-02-14 15:00 - 000000000 ____D C:\Windows\pss
2019-06-25 01:40 - 2017-05-21 17:21 - 000000000 _____ C:\Windows\system32\last.dump
2019-06-24 03:37 - 2019-04-19 15:40 - 000023096 _____ C:\Users\Diego\Escritorio\rio invers.xlsx

==================== Files in the root of some directories ================

2017-10-25 23:14 - 2017-10-25 23:14 - 000021368 _____ (Schneider Electric) C:\Users\Diego\en_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000021368 _____ (Schneider Electric) C:\Users\Diego\es_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000021880 _____ (Schneider Electric) C:\Users\Diego\fr_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000021880 _____ (Schneider Electric) C:\Users\Diego\grm_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000021368 _____ (Schneider Electric) C:\Users\Diego\it_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000020344 _____ (Schneider Electric) C:\Users\Diego\jp_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 001079808 _____ (Microsoft Corporation) C:\Users\Diego\mfc80u.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000626688 _____ (Microsoft Corporation) C:\Users\Diego\msvcr80.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 013923704 _____ (Schneider Electric) C:\Users\Diego\PCPE Setup.exe
2017-10-25 23:14 - 2017-10-25 23:14 - 000021368 _____ (Schneider Electric) C:\Users\Diego\pt_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000020856 _____ (Schneider Electric) C:\Users\Diego\ru_res.dll
2017-10-25 23:14 - 2017-10-25 23:14 - 000019832 _____ (Schneider Electric) C:\Users\Diego\zh_res.dll
2018-11-01 17:27 - 2018-11-01 17:27 - 000000000 _____ () C:\Users\Diego\AppData\Local\oobelibMkey.log
2017-11-29 02:26 - 2017-11-29 02:26 - 000000017 _____ () C:\Users\Diego\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-18 10:33
==================== End of FRST.txt ============================

adm77 · 21 Julio, 2019 21:11

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2019 01
    > > Ran by Diego (21-07-2019 17:38:22)
    > > Running from C:\Users\Diego\AppData\Local\Temp\scoped_dir5868_26917
    > > Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-02-14 16:54:57)
    > > Boot Mode: Normal
    > > ==========================================================
    > > 
    > > 
    > > ==================== Accounts: =============================
    > > 
    > > Administrador (S-1-5-21-4176836711-1023169650-3318900086-500 - Administrator - Disabled)
    > > Diego (S-1-5-21-4176836711-1023169650-3318900086-1000 - Administrator - Enabled) => C:\Users\Diego
    > > HomeGroupUser$ (S-1-5-21-4176836711-1023169650-3318900086-1010 - Limited - Enabled)
    > > I2 (S-1-5-21-4176836711-1023169650-3318900086-1012 - Limited - Enabled) => C:\Users\I2
    > > Invitado (S-1-5-21-4176836711-1023169650-3318900086-501 - Limited - Enabled) => C:\Users\TEMP
    > > 
    > > ==================== Security Center ========================
    > > 
    > > (If an entry is included in the fixlist, it will be removed.)
    > > 
    > > AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    > > 
    > > ==================== Installed Programs ======================
    > > 
    > > (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    > > 
    > > 7-Zip 19.00 (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
    > > Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    > > Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
    > > Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
    > > Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
    > > Apowersoft Online Launcher versión 1.3.6 (HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.3.6 - APOWERSOFT LIMITED)
    > > Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    > > Argente - Registry Cleaner 3.1.2.0 (HKLM\...\Argente - Registry Cleaner_is1) (Version: 3.1.2.0 - Raúl Argente)
    > > Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
    > > Backup and Sync from Google (HKLM\...\{2220EB12-4C3F-4203-996A-2D55BD1FF3A6}) (Version: 3.45.5545.5747 - Google, Inc.)
    > > CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
    > > Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    > > Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
    > > DriversCloud.com (HKLM\...\{80D96881-C431-4441-8A61-0D8C825B970D}) (Version: 8.0.3.1 - Cybelsoft)
    > > Eye 312 (HKLM\...\{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
    > > Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
    > > Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    > > Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    > > Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
    > > Java 8 Update 221 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
    > > Java SE Development Kit 8 Update 211 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180211}) (Version: 8.0.2110.12 - Oracle Corporation)
    > > Java SE Development Kit 8 Update 73 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
    > > Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
    > > Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    > > Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    > > Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
    > > Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
    > > Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
    > > Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    > > Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
    > > Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    > > Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    > > Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    > > Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    > > Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    > > Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    > > Mozilla Firefox 68.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 68.0 (x86 es-ES)) (Version: 68.0 - Mozilla)
    > > Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
    > > Opera Stable 62.0.3331.72 (HKLM\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
    > > QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    > > Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
    > > Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
    > > Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
    > > Skype versión 8.49 (HKLM\...\Skype_is1) (Version: 8.49 - Skype Technologies S.A.)
    > > SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
    > > swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    > > TL-WN721N/TL-WN722N Driver (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
    > > TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
    > > Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    > > USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
    > > Vivaldi (HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\...\Vivaldi) (Version: 2.6.1566.44 - Vivaldi Technologies AS.)
    > > WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
    > > 
    > > ==================== Custom CLSID (Whitelisted): ==========================
    > > 
    > > (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    > > 
    > > CustomCLSID: HKU\S-1-5-21-4176836711-1023169650-3318900086-1012_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
    > > ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
    > > ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
    > > ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2019-06-27] (Google LLC -> Google)
    > > ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
    > > ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    > > ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
    > > ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
    > > ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2019-06-27] (Google LLC -> Google)
    > > ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
    > > ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    > > ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
    > > ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
    > > ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    > > ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    > > ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2019-06-27] (Google LLC -> Google)
    > > ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    > > ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    > > ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
    > > ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
    > > ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
    > > ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    > > ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
    > > 
    > > ==================== Shortcuts & WMI ========================
    > > 
    > > (The entries could be listed to be restored or removed.)
    > > 
    > > WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
    > > WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    > > WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
    > > 
    > > Shortcut: C:\Users\Diego\Links\Chrome.lnk -> C:\Users\Diego\Escritorio\pc\Chrome.search-ms ()
    > > 
    > > ==================== Loaded Modules (Whitelisted) ==============
    > > 
    > > 2016-02-14 14:19 - 2011-03-31 15:36 - 000167424 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
    > > 2016-02-14 14:19 - 2011-08-25 14:02 - 001425920 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
    > > 2016-02-14 14:19 - 2011-11-18 17:14 - 000788992 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
    > > 2016-02-14 14:19 - 2011-03-31 15:36 - 000128000 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
    > > 2016-02-14 14:19 - 2011-03-31 15:36 - 000111616 _____ () [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
    > > 2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files\Trusteer\Rapport\bin\js32.dll
    > > 2009-07-13 20:35 - 2011-08-03 11:34 - 000036352 _____ () [File not signed] C:\Windows\system32\slc.dll
    > > 2018-01-14 16:04 - 2019-02-21 13:00 - 000050688 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
    > > 2009-07-13 20:24 - 2009-07-13 22:14 - 000092672 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\Dwm.exe
    > > 2009-07-13 20:40 - 2009-07-13 22:16 - 000249856 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\UxTheme.dll
    > > 2019-07-04 02:19 - 2019-06-24 13:48 - 000341824 _____ (Vivaldi testbuild -> ) [File not signed] C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\swiftshader\libegl.dll
    > > 2019-07-04 02:19 - 2019-06-24 13:48 - 003018048 _____ (Vivaldi testbuild -> ) [File not signed] C:\Users\I2\AppData\Local\Vivaldi\Application\2.6.1566.44\swiftshader\libglesv2.dll
    > > 
    > > ==================== Alternate Data Streams (Whitelisted) =========
    > > 
    > > (If an entry is included in the fixlist, only the ADS will be removed.)
    > > 
    > > 
    > > ==================== Safe Mode (Whitelisted) ===================
    > > 
    > > (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    > > 
    > > HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
    > > HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    > > HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
    > > HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    > > 
    > > ==================== Association (Whitelisted) ===============
    > > 
    > > (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    > > 
    > > 
    > > ==================== Internet Explorer trusted/restricted ===============
    > > 
    > > (If an entry is included in the fixlist, it will be removed from the registry.)
    > > 
    > > 
    > > ==================== Hosts content: ===============================
    > > 
    > > (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    > > 
    > > 2009-07-13 23:04 - 2019-03-01 00:58 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
    > > 
    > > 
    > > ==================== Other Areas ============================
    > > 
    > > (Currently there is no automatic fix for this section.)
    > > 
    > > HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Skype\Phone
    > > HKU\S-1-5-21-4176836711-1023169650-3318900086-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    > > HKU\S-1-5-21-4176836711-1023169650-3318900086-1012\Control Panel\Desktop\\Wallpaper -> 
    > > DNS Servers: Media is not connected to internet.
    > > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    > > Windows Firewall is enabled.
    > > 
    > > ==================== MSCONFIG/TASK MANAGER disabled items ==
    > > 
    > > If an entry is included in the fixlist, it will be removed.
    > > 
    > > MSCONFIG\startupreg: ArgenteRC => "C:\Program Files\Argente - Registry Cleaner\ArgenteRC.exe" /AutoClean
    > > MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
    > > 
    > > ==================== FirewallRules (Whitelisted) ===============
    > > 
    > > (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    > > 
    > > FirewallRules: [{9E9D54F3-FB60-4508-9543-E0A4DA8CA89B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    > > FirewallRules: [{B6CAF656-C306-4578-AC06-9BAC7136E508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    > > FirewallRules: [{24BDF3B1-CDE8-4042-8F7D-DF5762A46F88}] => (Allow) C:\Program Files\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
    > > FirewallRules: [{85C19B30-C349-4718-A62F-7C9200D46576}] => (Allow) C:\Program Files\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software)
    > > FirewallRules: [{5A638D1A-F5D0-4833-81B4-287AF6E3758D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    > > FirewallRules: [{9364AA08-8E66-4576-9810-8F8552285423}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    > > FirewallRules: [{0ED7F46E-1986-4B6E-8C0A-649A52A93D6D}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    > > 
    > > ==================== Restore Points =========================
    > > 
    > > ATTENTION: System Restore is disabled (Total:147.99 GB) (Free:101.8 GB) (69%)
    > > Check "winmgmt" service or repair WMI.
    > > 
    > > 
    > > ==================== Faulty Device Manager Devices =============
    > > 
    > > 
    > > ==================== Event log errors: =========================
    > > 
    > > Application errors:
    > > ==================
    > > Error: (07/21/2019 04:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    > > Description: Nombre de la aplicación con errores: browser_assistant.exe, versión: 62.0.3331.72, marca de tiempo: 0x5d26c250
    > > Nombre del módulo con errores: browser_assistant.exe, versión: 62.0.3331.72, marca de tiempo: 0x5d26c250
    > > Código de excepción: 0xc0000005
    > > Desplazamiento de errores: 0x0000474e
    > > Id. del proceso con errores: 0xb6c
    > > Hora de inicio de la aplicación con errores: 0x01d53ffbbf0abf4b
    > > Ruta de acceso de la aplicación con errores: C:\Program Files\Opera\assistant\browser_assistant.exe
    > > Ruta de acceso del módulo con errores: C:\Program Files\Opera\assistant\browser_assistant.exe
    > > Id. del informe: 0739ef39-abef-11e9-9198-e0cb4ee62916
    > > 
    > > Error: (07/21/2019 11:48:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/19/2019 01:53:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/19/2019 01:45:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/19/2019 01:20:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/18/2019 09:08:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/18/2019 04:11:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > Error: (07/18/2019 09:40:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
    > > Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
    > > 
    > > 
    > > System errors:
    > > =============
    > > Error: (07/21/2019 12:03:22 PM) (Source: DCOM) (EventID: 10010) (User: )
    > > Description: El servidor {E60687F7-01A1-40AA-86AC-DB1CBF673334} no se registró con DCOM dentro del tiempo de espera requerido.
    > > 
    > > Error: (07/21/2019 11:53:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    > > Description: El servicio Windows Update no respondió después de iniciar.
    > > 
    > > Error: (07/19/2019 01:47:52 PM) (Source: DCOM) (EventID: 10010) (User: )
    > > Description: El servidor {3EB3C877-1F16-487C-9050-104DBCD66683} no se registró con DCOM dentro del tiempo de espera requerido.
    > > 
    > > Error: (07/19/2019 01:45:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    > > Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
    > > El controlador no se cargó porque el sistema se está arrancando en modo a prueba de errores.
    > > 
    > > Error: (07/19/2019 01:45:03 PM) (Source: DCOM) (EventID: 10005) (User: )
    > > Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
    > > {9E175B6D-F52A-11D8-B9A5-505054503030}
    > > 
    > > Error: (07/19/2019 01:45:03 PM) (Source: DCOM) (EventID: 10005) (User: )
    > > Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
    > > {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    > > 
    > > Error: (07/19/2019 01:44:52 PM) (Source: DCOM) (EventID: 10005) (User: )
    > > Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor:
    > > {1BE1F766-5536-11D1-B726-00C04FB926AF}
    > > 
    > > Error: (07/19/2019 01:44:39 PM) (Source: DCOM) (EventID: 10005) (User: )
    > > Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor:
    > > {DD522ACC-F821-461A-A407-50B198B896DC}
    > > 
    > > 
    > > CodeIntegrity:
    > > ===================================
    > > 
    > > Date: 2018-11-20 18:16:43.166
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-20 18:16:43.043
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-17 11:48:42.039
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-17 11:48:41.758
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-16 11:41:42.547
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-16 11:41:42.434
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-16 11:41:42.264
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > Date: 2018-11-16 11:41:38.126
    > > Description: 
    > > Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
    > > 
    > > ==================== Memory info =========================== 
    > > 
    > > BIOS: American Megatrends Inc. 0602 09/11/2009
    > > Motherboard: ASUSTeK Computer INC. P5KPL-AM SE
    > > Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
    > > Percentage of memory in use: 95%
    > > Total physical RAM: 2038.18 MB
    > > Available physical RAM: 86.37 MB
    > > Total Virtual: 5672.43 MB
    > > Available Virtual: 1863.03 MB
    > > 
    > > ==================== Drives ================================
    > > 
    > > Drive a: (Datos) (Fixed) (Total:150 GB) (Free:112.22 GB) NTFS
    > > Drive c: () (Fixed) (Total:147.99 GB) (Free:101.8 GB) NTFS
    > > 
    > > \\?\Volume{a9572656-d319-11e5-b7dc-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
    > > 
    > > ==================== MBR & Partition Table ==================
    > > 
    > > ========================================================
    > > Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 328F328F)
    > > Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    > > Partition 2: (Not Active) - (Size=148 GB) - (Type=07 NTFS)
    > > Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS)================== End of Addition.txt ============================

adm77 · 21 Julio, 2019 21:12

a ver , asi ? veamos gra

Miguelgrado · 22 Julio, 2019 07:26

Hola

En el primer log falta la parte primera de los procesos… te comiste el inicio.

Edita la respuesta y añade al principio lo que falta.

recuerda que la ejecución de este tipo de programas está bien indicada ,como hiciste en el primer momento que hay que hacerlo desde escritorio y no desde una carpeta.

De momento corta y pega frst. Exe en el escritorio, y déjalo ahí

adm77 · 23 Julio, 2019 03:50

Comprendo, aunque sabes fui a ver los logs de nuevo en FRST/LOGS y eso es lo q me sale, no lo había notado, quizás lo borre sin querer,al proceso lo hice desde el Escritorio, administrador, quizás lo q haya afectado sea que yo ya tenia un FRST bajado en escritorio y lo abrí para pasarlo y no veía desde donde lo podía actualizar, porque no estaba actualizado, entonces lo baje de nuevo al escritorio y se creo el mismo archivo pero con (1) y desde ahí lo ejecute entiendo.Por otro lado también había buscado en REVO para desinstalar la versión no actualizada de FRST y no lo encontré, como tendría q proceder ahora ¿? perdón no se bien como arreglarlo, lo paso de nuevo ?

Miguelgrado · 23 Julio, 2019 08:26

Como ves, no se ejecuto desde el escritorio.

No hagas nada, solo pon en el escritorio el Frst.exe, para cuando te de el siguiente paso y pega lo que falta del log frst.txt, del inicio

Fijate en el log que me pegaste al principio, que falta algo como esto:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2019 01
Ran by I2 (ATTENTION: The user is not administrator) on DIEGO-PC (17-07-2019 01:46:01)
Running from C:\Users\I2\Desktop
Loaded Profiles: I2 (Available Profiles: Diego & I2 & Invitado)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
```

En cuanto a eliminar Frst u otros, eso ya te indicare, pues como se indicaba en mi primera respuesta, NO HACER PASOS POR TU CUENTA, entre otras