Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by User (20-03-2019 03:19:47) Running from C:\Users\User\Desktop Windows 10 Enterprise Version 1809 17763.379 (X64) (2019-02-14 21:41:46) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-2947481483-1064858154-3000073182-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2947481483-1064858154-3000073182-503 - Limited - Disabled) Invitado (S-1-5-21-2947481483-1064858154-3000073182-501 - Limited - Disabled) User (S-1-5-21-2947481483-1064858154-3000073182-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-2947481483-1064858154-3000073182-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Actualización de NVIDIA 35.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 35.0.0.0 - NVIDIA Corporation) Hidden Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology) Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden Asus NahimicSettingsConfigurator (HKLM\...\{4354E970-FFD1-4354-BB44-A23C4C4DDB28}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden Asus ProfileSwitcherCleanup (HKLM\...\{1C7D230F-66FA-4302-80F7-33EFE7EFED4F}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden Asus Sonic Radar 3 (HKLM-x32\...\{379946d7-d0d7-4395-87e8-8097ca734c8a}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Asus Sonic Studio 3 (HKLM-x32\...\{13df6180-9a6f-4b9b-bfb8-3741c3af4e01}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Asus SonicMapperConfigurator (HKLM\...\{6FD5072F-7FCE-4F73-BAB0-98251FF891CE}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden Asus SonicRadar3Setup (HKLM\...\{B938DE12-4F3D-4068-9649-E5A9E3CB464C}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden Asus SonicStudio3Setup (HKLM\...\{4F5EDE91-E41F-428B-BE5D-EB185BE9007A}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform) Complete Internet Repair 5.2.3.4010 (HKLM\...\Complete Internet Repair_is1) (Version: 5.2.3.4010 - Rizonesoft) CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.20 - Janos Mathe) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation) Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden Macrium Reflect Free Edition (HKLM\...\{B9B98940-69DB-4212-B3B1-FB8077FB8B4B}) (Version: 7.2.3957 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.) Magic The Gathering Online - 1 (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\01641bea2c75c522) (Version: 3.4.106.2067 - Wizards of the Coast, LLC) Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\Proplus2019Retail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0009 - Microsoft Corporation) Microsoft Project Professional 2019 - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation) Microsoft Visio Professional 2019 - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.11328.20158 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Mozilla Firefox 65.0.2 (x64 es-AR) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-AR)) (Version: 65.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla) Mozilla Thunderbird 60.5.3 (x86 es-AR) (HKLM-x32\...\Mozilla Thunderbird 60.5.3 (x86 es-AR)) (Version: 60.5.3 - Mozilla) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden NVIDIA Controlador de 3D Vision 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.35 - NVIDIA Corporation) NVIDIA Controlador de audio HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation) NVIDIA Controlador de gráficos 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.35 - NVIDIA Corporation) NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.1.27.831 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.1.27.831 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11328.20158 - Microsoft Corporation) Hidden Panel de control de NVIDIA 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.35 - NVIDIA Corporation) Hidden Python 3.6.6 (32-bit) (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\{b43c5985-05a6-4dc7-be5f-85f504d498d0}) (Version: 3.6.6150.0 - Python Software Foundation) Python 3.6.6 Core Interpreter (32-bit) (HKLM-x32\...\{D9D74228-D4AC-4877-9950-8FDFE485D1A5}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Development Libraries (32-bit) (HKLM-x32\...\{C7844709-AB1D-459E-9C09-E62811844B52}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Documentation (32-bit) (HKLM-x32\...\{A619A9AA-65E2-485A-960E-456327A4787C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Executables (32-bit) (HKLM-x32\...\{BB82E3E8-BB03-41F1-8C13-9540188BB592}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 pip Bootstrap (32-bit) (HKLM-x32\...\{46D96E6F-3747-4E02-B95E-E1D1C9F7226D}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Standard Library (32-bit) (HKLM-x32\...\{D40EACD0-CC67-4D18-BDB5-D1D81D73DCF6}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Tcl/Tk Support (32-bit) (HKLM-x32\...\{F64435CF-E0D6-409D-B07B-958C8DEB84E5}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Test Suite (32-bit) (HKLM-x32\...\{387AB42E-1FCC-4FB6-A32C-2295E221A2BB}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python 3.6.6 Utility Scripts (32-bit) (HKLM-x32\...\{9F328F30-55B0-4055-BBB1-AB577ED16D63}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{A9DED8BE-05DF-45D5-81A0-3743A44CC0C9}) (Version: 3.6.6386.0 - Python Software Foundation) qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2947481483-1064858154-3000073182-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-02-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-02-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04CB5AD3-CCEC-4958-B832-CD8A58B315AE} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_User => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (Janos Mathe -> H.D.S. Hungary) Task: {0590579E-F684-4F9E-9233-93AA45C83DCC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {1ABD2B9D-D4C7-4ACA-B01F-24D3A988A816} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {256298A6-EFB2-4F97-8BEB-9F3285390AA7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {2E557017-6829-479E-887E-F25E89732F8F} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe (ASUSTeK COMPUTER INC.) [File not signed] Task: {3E9CE6F7-2E58-4E60-9E6A-29AAF165F802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {47CCB020-3C15-4F8F-A4DF-81FD2155751C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E1F20A0-12E8-4C7E-8B4C-3FE84BAD19B0} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {54A3DEE8-1C90-435C-B2C4-B88B785FFF6D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {5C802F99-B54E-4F19-9DCD-1CDEAE49FF9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {66D2B6B4-758F-4D9F-9CEC-76F9D5418B80} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {69909113-6BB4-406F-8C6D-7818C8A13981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {7203CD73-266F-4191-81E4-41370285FC82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {7DA7A63A-31C0-43C7-B5CD-A98B18EF0AB6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {9B25CC8B-00FC-47D3-B834-F3E12ABCF9F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {A3E8C946-ED88-4290-8D37-4388B26A2220} - System32\Tasks\S-1-5-21-2947481483-1064858154-3000073182-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation) Task: {BCFC32FF-B664-45B2-9081-01B10863D2D2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {C643D16B-67F1-4017-B36E-7035A498C8EC} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {CE5B7903-3B5B-4FDE-92E1-96FF687139A1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {CF50B3BD-E3CF-4FBD-8D39-EB1759228BEB} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe (ASUSTeK COMPUTER INC.) [File not signed] Task: {D03ED3CA-2B34-4B70-8017-85B2A07BD266} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {D16386C2-4D88-4C44-B9F5-4F4C244295D5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {D5B4A7D0-68E0-48D8-864E-0943FBA1DA39} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {DA9AFDA0-336A-4896-B52A-494CD3FB3E25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {DB2548A3-5619-4BAC-AFCC-182D15A1FE06} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {F0957976-F5A0-425C-BE5B-C770CABF87B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {FAFB337A-9DE9-4330-84BF-8252F9A240B8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {FC3327ED-783F-4DF6-85AB-4D02DC927D53} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-10-26 15:27 - 2017-10-26 15:27 - 000506368 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IProsetMonitor.exe 2019-02-14 18:59 - 2014-04-24 03:29 - 001360016 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2009-06-24 10:57 - 2009-06-24 10:57 - 000136704 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe 2018-02-22 10:16 - 2018-02-22 10:16 - 001234432 _____ (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe 2018-02-22 10:20 - 2018-02-22 10:20 - 000811520 _____ (ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe 2019-02-14 18:59 - 2019-03-19 18:35 - 000041768 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll 2018-02-22 10:15 - 2018-02-22 10:15 - 000367616 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll 2018-02-22 10:33 - 2018-02-22 10:33 - 000230400 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\AIDA64 Reports:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\Battlefield 4:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\Battlefield V:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\Diablo III:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\ezvid:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\FIFA 19:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\My Games:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\Reflect:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] AlternateDataStreams: C:\Users\User\OneDrive - 广厚设计学校\Documentos\SysnativeBSODCollectionApp:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-02-14 21:26 - 2019-03-19 18:35 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NGX;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\Control Panel\Desktop\\Wallpaper -> F:\7dfe4e53480389.5a12679fda25b.jpg DNS Servers: 186.12.238.16 - 186.12.238.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E44D66AB-8880-4DDE-AC44-6C20F6CE4FEA}] => (Allow) D:\JUEGOS\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{239C119E-0770-4432-AC4C-65F2C93FF364}] => (Allow) D:\JUEGOS\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{4BBA6402-A603-4537-85A9-DBE3977FF476}] => (Allow) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{39B52717-D082-4C8C-9CA7-079FEE8D4F84}] => (Allow) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{2681448B-39A4-4C49-9BA1-B6B9C8F858FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CF134EF1-51CB-4354-9DF0-5F3953842391}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4C3D0396-B5A3-4FA1-B019-62DCD6BD02FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DB0A7F38-E1D7-4BB3-ACAC-3533F09D8CDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{5A9C95AB-3E01-4F53-97A9-C23C8C13BA64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{82472BBA-54A4-46AF-B21D-8A2390180565}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DF8A519D-7175-400A-8E77-8F58A0417379}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0803F5E4-0804-45FE-B3CA-4DB829B05509}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1AFEC2D2-06AB-4902-AE4F-ED50E28F46E7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7E4039A2-5249-4956-8CF5-11B084915930}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F721CABC-31B1-464A-AFD9-16FC0A28B86D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{97095217-F147-4296-AD3D-A421DCE2D4B3}D:\juegos\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\juegos\steamapps\common\counter-strike global offensive\csgo.exe (Valve -> ) FirewallRules: [UDP Query User{05653B3C-453C-4458-9019-CB1BB1C2DB06}D:\juegos\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\juegos\steamapps\common\counter-strike global offensive\csgo.exe (Valve -> ) FirewallRules: [TCP Query User{AB35140C-F9EA-4B71-8D54-9869ACECE23A}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{E248D032-AD3C-434D-9C12-1537DD1EB566}D:\diablo iii\x64\diablo iii64.exe] => (Allow) D:\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{04BA8EC9-099C-4A60-9F0E-C6DA80526250}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{BDE23491-4833-4FE7-A2F5-2B983B6A4111}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{513FC2E2-CD7B-46D9-B2F3-F0D131568F23}] => (Allow) D:\JUEGOS\steamapps\common\Path of Exile\PathOfExileSteam.exe No File FirewallRules: [{B2698C27-9519-4015-AAE3-C898BC9FBFEE}] => (Allow) D:\JUEGOS\steamapps\common\Path of Exile\PathOfExileSteam.exe No File FirewallRules: [{3CAAE1A6-6ADB-411A-BEE6-7EE7E6897DC3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{594AF123-8843-43FF-A743-E48FD5B68AA3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{41A8AC46-CD1E-429C-8388-2449875490F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [TCP Query User{E6EB18C6-7CA3-4ED4-82C2-C6EE8C8C06FC}C:\program files (x86)\mozilla thunderbird\thunderbird.exe] => (Allow) C:\program files (x86)\mozilla thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{E6C73231-4EC5-48E7-B4F4-B279EA7844FD}C:\program files (x86)\mozilla thunderbird\thunderbird.exe] => (Allow) C:\program files (x86)\mozilla thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{C82F9532-8F24-4F4B-86BB-38FC7F8FBA7C}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{1AD0B1E9-9328-471D-95DF-374C41668386}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{2B5CABC5-EDB2-46FE-928F-DA2858707B94}] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{C71D4032-9B91-45F8-B823-8312068C6B6A}] => (Allow) C:\programdata\battle.net\agent\agent.6610\agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{6A7CE9BB-407F-4275-8BB1-D6B9ECD9F8CC}] => (Allow) C:\program files\nvidia corporation\nvcontainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4776CEA5-7DDB-40A7-BC6C-20E2A7268F70}] => (Allow) C:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DAD6C614-B688-455D-BF78-F545147C2581}] => (Allow) C:\users\user\appdata\local\microsoft\onedrive\onedrive.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{69376973-5942-4CF9-A408-08142E4BB5DE}] => (Allow) C:\program files\macrium\common\reflectui.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) FirewallRules: [{94EC54C3-9E45-4177-AB23-83078CDF75AC}] => (Allow) D:\juegos\steam.exe (Valve -> Valve Corporation) FirewallRules: [{EC82849E-38AE-4B01-9DA4-0EDE81A55A25}] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{44217E8F-18E7-4DA2-830F-93071192122A}] => (Allow) D:\juegos\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4556D3C7-1CFA-4DFF-916A-0783CA01B9DA}] => (Allow) C:\windows\prey\versions\1.8.2\bin\node.exe No File FirewallRules: [{F19488C2-62B6-4055-B583-36D432217968}] => (Allow) C:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CFEB6E70-10BB-4A02-9C9F-5CBD28936F35}] => (Allow) C:\program files\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{AAA43BF0-DD04-4391-8D09-F0B3D5D74FF4}] => (Allow) C:\program files\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{667730B4-A9CB-425B-AF1E-A1D35A33F8D1}] => (Allow) C:\windows\system32\speech_onecore\common\speechruntime.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2118B5A6-471F-40D7-972D-0170C2DE9C1E}] => (Allow) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{14CFA35A-AC4E-40D8-BF82-4C6F5302E4F0}] => (Allow) C:\program files\nvidia corporation\update core\nvprofileupdater64.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D4BD246A-044B-4BE6-9A70-7473ABA6B5FF}] => (Allow) C:\program files (x86)\mozilla thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{DDF8D77E-D4F9-4C58-B84E-9452372229A5}] => (Allow) C:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BBD9B73B-22B7-45E3-9B53-9522D1E40B01}] => (Allow) C:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D8BAEC0D-BC3E-4DB7-8ED6-805D29CF1B71}] => (Allow) C:\program files\ccleaner\ccupdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{91619285-41E2-41AD-BDB6-CC8999560EE0}] => (Allow) C:\program files\ccleaner\ccleaner64.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{055136D2-F37A-4377-B77F-3E05DAB0043A}] => (Allow) C:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9AF5C21F-47C1-483A-9876-65F5A253492D}] => (Allow) C:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{D5C6553A-0A12-4508-967E-F46D78363AC6}] => (Allow) C:\windows\system32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{1873ECDF-1921-476B-80BF-519AECABB093}] => (Allow) C:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{26117860-187F-454F-860C-91620F5D28E1}] => (Allow) C:\program files\microsoft office\root\office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{038076FB-0D3C-4CD4-A992-DD1476E0B183}] => (Allow) C:\program files (x86)\google\update\googleupdate.exe (Google Inc -> Google Inc.) FirewallRules: [{75C8A38C-EE39-4A4F-AD35-87E0D6603610}] => (Allow) C:\program files (x86)\google\update\googleupdate.exe (Google Inc -> Google Inc.) FirewallRules: [{EB4030C8-4844-44BB-B022-5EB15B5030F1}] => (Allow) C:\users\user\appdata\local\temp\7zsccf92a82\setup-stub.exe No File FirewallRules: [{205A6B04-1FD2-412C-AA6D-43F1B1F6C9AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3A6A3143-D706-48AC-A2F3-A74EFDC94914}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{97AA69F6-B912-4684-B640-6D9835EBC3C7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{5D321774-E2CE-45F3-B85F-E68711873CFE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B3F0AE4B-6B5C-440C-84EC-89D4E2C80ECA}] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{68D9DC07-A330-42FA-A4EA-945D4CC313FC}] => (Allow) D:\diablo iii\diablo iii launcher.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{A2DFCF20-F1A1-446D-A4D3-5E7C90D7AEE0}] => (Allow) D:\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{8F7FE3A5-E534-44AD-80D1-854DCB6B962C}] => (Allow) C:\program files\vs revo group\revo uninstaller\revounin.exe (VS Revo Group Ltd. -> VS Revo Group) FirewallRules: [{4FB81929-5C3D-4CB3-A233-205ADF4E0C4C}] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F71055BC-37C4-4EA7-9F8B-04004A82E4D1}] => (Allow) %ProgramFiles%\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E0712A62-D15A-4FD5-836E-C6AC9E854CFD}] => (Allow) %ProgramFiles%\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 14-03-2019 14:19:32 Windows Update 16-03-2019 12:12:23 CrowdStrike Windows Sensor 17-03-2019 09:14:17 Installed ProtonVPN 17-03-2019 12:14:46 Revo Uninstaller's restore point - ProtonVPN 17-03-2019 12:15:47 Revo Uninstaller's restore point - ProtonVPNTap 17-03-2019 12:16:35 Revo Uninstaller's restore point - Malwarebytes Windows Firewall Control 17-03-2019 12:17:07 Revo Uninstaller's restore point - Malwarebytes Windows Firewall Control 19-03-2019 15:21:25 CrowdStrike Windows Sensor 19-03-2019 17:38:11 Operación de restauración ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/19/2019 05:40:03 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Error no especificado durante Restaurar sistema: (CrowdStrike Windows Sensor). Información adicional: 0x8007018b. Error: (03/17/2019 12:14:45 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado. . A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud. Operación: Recopilando datos del escritor Contexto: Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220} Nombre del escritor: System Writer Id. de instancia del escritor: {74a5f29d-7824-45ad-b55f-69cb2375fab1} Error: (03/16/2019 06:28:39 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (03/16/2019 06:28:39 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (03/16/2019 06:28:39 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (03/16/2019 05:36:40 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (03/16/2019 05:33:27 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (03/16/2019 05:33:27 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. System errors: ============= Error: (03/20/2019 03:06:59 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QGCBUE3) Description: No se puede iniciar un servidor DCOM: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. Error "0" al iniciar este comando: C:\Windows\System32\coredpussvr.exe -Embedding Error: (03/20/2019 02:27:28 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QGCBUE3) Description: No se puede iniciar un servidor DCOM: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. Error "0" al iniciar este comando: C:\Windows\System32\coredpussvr.exe -Embedding Error: (03/20/2019 01:27:40 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QGCBUE3) Description: No se puede iniciar un servidor DCOM: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. Error "0" al iniciar este comando: C:\Windows\System32\coredpussvr.exe -Embedding Error: (03/19/2019 07:05:46 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QGCBUE3) Description: No se puede iniciar un servidor DCOM: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. Error "0" al iniciar este comando: C:\Windows\System32\coredpussvr.exe -Embedding Error: (03/19/2019 06:37:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscBrokerManager y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/19/2019 06:37:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.SecurityAppBroker y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/19/2019 06:37:16 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QGCBUE3) Description: No se puede iniciar un servidor DCOM: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. Error "0" al iniciar este comando: C:\Windows\System32\coredpussvr.exe -Embedding Error: (03/19/2019 06:36:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QGCBUE3) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-QGCBUE3\User con SID (S-1-5-21-2947481483-1064858154-3000073182-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Windows Defender: =================================== Date: 2019-03-17 04:48:40.427 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Nombre: Trojan:Win32/Occamy.C Id.: 2147726780 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_C:\Users\User\Desktop\AntiTest.exe Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Protección en tiempo real Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\explorer.exe Versión de firma: AV: 1.289.1386.0, AS: 1.289.1386.0, NIS: 1.289.1386.0 Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9 Date: 2019-03-17 04:48:34.735 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Nombre: Trojan:Win32/Occamy.C Id.: 2147726780 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_C:\Users\User\Desktop\AntiTest.exe Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Protección en tiempo real Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\explorer.exe Versión de firma: AV: 1.289.1386.0, AS: 1.289.1386.0, NIS: 1.289.1386.0 Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9 Date: 2019-03-17 04:48:07.830 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Nombre: Trojan:Win32/Occamy.C Id.: 2147726780 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_C:\Users\User\Desktop\AntiTest.exe Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Protección en tiempo real Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\SearchProtocolHost.exe Versión de firma: AV: 1.289.1386.0, AS: 1.289.1386.0, NIS: 1.289.1386.0 Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9 Date: 2019-03-17 04:48:02.678 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Nombre: Trojan:Win32/Occamy.C Id.: 2147726780 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_C:\Users\User\Desktop\AntiTest.exe Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Protección en tiempo real Usuario: DESKTOP-QGCBUE3\User Nombre de proceso: C:\Program Files\WinRAR\WinRAR.exe Versión de firma: AV: 1.289.1386.0, AS: 1.289.1386.0, NIS: 1.289.1386.0 Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9 Date: 2019-03-14 15:21:00.027 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.A&threatid=2147722997&enterprise=0 Nombre: Trojan:Win32/Ditertag.A Id.: 2147722997 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: containerfile:_C:\Users\User\Desktop\mbamkeygen.rar; file:_C:\Users\User\Desktop\mbamkeygen.rar->mbamkeygen.exe; webfile:_C:\Users\User\Desktop\mbamkeygen.rar|https://www96.zippyshare.com/d/HsBK4BJW/121460/mbamkeygen.rar|pid:8208,ProcessStart:131970566338339585 Origen de detección: Internet Tipo de detección: FastPath Fuente de detección: Descargas y datos adjuntos Usuario: DESKTOP-QGCBUE3\User Nombre de proceso: Unknown Versión de firma: AV: 1.289.1163.0, AS: 1.289.1163.0, NIS: 1.289.1163.0 Versión de motor: AM: 1.1.15700.9, NIS: 1.1.15700.9 Date: 2019-03-04 10:04:45.844 Description: Antivirus de Windows Defender encontró un error al intentar cargar un archivo sospechoso para analizarlo. Nombre de archivo: C:\Users\User\AppData\Local\Temp\tmp00000231\tmp00242fcc Sha256: Versión de firma actual: AV: 1.289.403.0, AS: 1.289.403.0 Versión actual del motor: 1.1.15700.9 Código de error: 0x80508016 CodeIntegrity: =================================== Date: 2019-03-20 03:17:41.485 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2019-03-19 18:50:43.846 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2019-03-19 18:50:36.046 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Microsoft signing level requirements. Date: 2019-03-19 18:37:01.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2019-03-19 18:13:50.161 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2019-03-19 18:13:42.729 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Microsoft signing level requirements. Date: 2019-03-19 18:05:39.485 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2019-03-19 17:52:22.951 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz Percentage of memory in use: 27% Total physical RAM: 20408.88 MB Available physical RAM: 14761.7 MB Total Virtual: 23480.88 MB Available Virtual: 15972.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.97 GB) (Free:136.81 GB) NTFS Drive d: (JUEGOS) (Fixed) (Total:930.18 GB) (Free:844.74 GB) NTFS Drive e: (DATOS) (Fixed) (Total:465.54 GB) (Free:169.44 GB) NTFS Drive f: (Nuevo vol) (Fixed) (Total:1863 GB) (Free:1317.75 GB) NTFS \\?\Volume{8255a513-4e3a-46f0-bd33-591c958976ef}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{98707b82-9631-44cd-b9e8-a80ca891b877}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D972C032) Partition 1: (Not Active) - (Size=930.2 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (Size: 465.8 GB) (Disk ID: 2E0ABA02) Partition: GPT. ==================== End of Addition.txt ============================