Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by acer1 (09-04-2019 16:07:08) Running from C:\Users\acer1\Desktop Windows 10 Pro Version 1809 17763.379 (X64) (2019-01-18 19:06:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= acer1 (S-1-5-21-3545106304-3766720184-4112346381-1000 - Administrator - Enabled) => C:\Users\acer1 Administrador (S-1-5-21-3545106304-3766720184-4112346381-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3545106304-3766720184-4112346381-503 - Limited - Disabled) Invitado (S-1-5-21-3545106304-3766720184-4112346381-501 - Limited - Disabled) SAT (S-1-5-21-3545106304-3766720184-4112346381-1001 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-3545106304-3766720184-4112346381-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\uTorrent) (Version: 3.5.5.45095 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) Advanced IP Scanner 2.5 (HKLM-x32\...\{DD54C89F-0E20-4388-8F8B-7FA4EB4BC16D}) (Version: 2.5.3646 - Famatech) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 4.2.3 - philandro Software GmbH) Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG) AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.2 - Gobierno de España) Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.) Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd) Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Freemake Video Converter versión 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.) GenesisSCT (HKLM-x32\...\{CD2DCD2C-0C21-4514-9CEE-54ED06B4AE12}) (Version: - HERMESTI INGENIERIA DOCUMENTAL) Gmail Notifier Pro (HKLM-x32\...\{AD598CD7-E473-47B6-88D8-5CEAE5FB981D}) (Version: 5.3.5.0 - IntelliBreeze Software) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation) Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) K-Lite Codec Pack 14.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.5 - KLCP) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.1120 - KYOCERA Document Solutions Inc.) Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\Proplus2019Retail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation) Microsoft Project Professional 2019 - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visio Professional 2019 - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden Office Tab Enterprise 12.00 (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 12.00 - Detong Technology Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.) Software para dispositivos de chipset Intel® (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 7.3.1550.0 - SolidDocuments) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI) viafirma desktop (HKLM-x32\...\{5B2FCA66-B73C-4A83-B0EA-C8BBF6FBA42D}) (Version: 1.3.3 - Viafirma) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) ZkTime Lite EU (HKLM-x32\...\ZkTime Lite EU) (Version: 1.6 - Professional Software Development) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\acer1\Dropbox [2017-05-25 15:49] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B2E5DAF-4F61-427D-B65C-CE6C103DD418} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed] Task: {0DCF0152-7855-4845-B89A-B228326722B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {170AB024-CD3A-4DC4-A24F-00DFCD8CD0F9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {1B366121-D209-4C80-88C8-EE66B9C2A5D7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed] Task: {1B4F50A0-ACDE-48DD-B841-F97FB36603C2} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation) Task: {1DD452D1-776A-49E2-9187-F8649C0FD44B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {23635600-D5D3-4419-B64E-FC6E91DA79DD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {27AABDBE-1072-4B11-ACC4-155B159D8068} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2CB6DC12-B173-4438-B768-C6D134753B4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {3340A8A4-E759-4024-8B71-EF48C88F2D5D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3830A90B-FC32-4FBC-AED2-3B7FFFC9B8CE} - System32\Tasks\Credentials => powershell -nop -w hidden -ep bypass -f C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Microsoft\cred.ps1 Task: {39C7BF1E-4C14-4B13-BA89-3EE69160A0FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {3A72CCE6-19DD-43DC-969C-E929BC345DE0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) Task: {3AC34263-CD9B-44B1-A3D7-4D32C278D87E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3C31160A-1623-40D6-82DD-2E7394E9EF75} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3FFED9EE-9E31-42A8-8FE0-39A9C1F6C29C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {48336EC4-EF0A-4AC4-AB5C-E60496960594} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4B725931-64FC-4B59-B775-7BF900B8487E} - \Microsoft\windows\4C-CC-6A-45-B2-4F -> No File <==== ATTENTION Task: {4E9F5BBE-02FA-4A5F-A33D-D5F6D55B4FB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {4FA81E75-4391-4466-BA06-2A22F1C3AC63} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {5B0D436F-83D0-4249-97A4-874181EF1734} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5FB3F7FE-2715-41DE-9231-DC3E4CE13F61} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) Task: {6062B138-3F54-4F3B-A2E7-7C26F3FC4364} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {6226D74A-3C47-4F76-89FC-C2D6767A8ABD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {630B574C-2405-4922-A75B-2EE32AB7E51A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {68F2B1E0-CD55-4E42-A1C6-DBCD424CDD34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {6CCB532F-0904-445B-A64B-A29D75F3B7A5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6F2C7FBD-3F3C-4D4E-ABAD-0BFDB550969F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {72906468-1294-4646-98A2-AEF7547B312D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Task: {75E8E0C2-79AE-499F-B7E7-A451883A6CD7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {82418B10-6257-409A-82DA-193FC7567A56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {8355CD89-CFAB-4086-B728-E7D04B4FF603} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender) Task: {8A2B91E9-D0DA-4FE4-B153-9DFA39219B83} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8C698D22-C122-4F9C-8D26-72C254DF7430} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8FA06A27-5AE9-4C83-A40E-92B4219EF820} - \Microsoft\windows\Rass -> No File <==== ATTENTION Task: {9A06F9B4-E285-43F7-AEB1-F2091B5C71E0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {A4D10C0D-BBCC-4CCC-A616-D0C61CA491BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {A7AA3ADC-B109-456C-811F-B8BA81AD40E9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ADB927FF-824C-4D62-BF74-704D71C7875D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {AE941001-6DCC-43D4-A4CF-822087BE5FB3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B585D24A-2533-410E-8DDF-572920B6B829} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {CE111579-007D-4956-A919-8CA3165F324D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {DA5B3A64-9C8E-44D6-B1C3-B2E4F3E8B566} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {E1457A02-4907-4F09-AF0A-3626998BD225} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EA2AD5E3-2F2A-49E0-9578-9809ECF01FA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {EF10DEE6-BCC4-4731-ACB0-6482F22757C7} - System32\Tasks\S-1-5-21-3545106304-3766720184-4112346381-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation) Task: {F10E1F59-110C-47AD-88D5-0B41D92219D0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F3FB3C13-E02F-4CBA-B8D8-6A1F2C985B82} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate Task: {FF740DB8-E4B7-4807-A29B-6DC68C3B7348} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-25 16:34 - 2017-05-25 16:34 - 000561152 _____ (Trimla Soft, Inc.) [File not signed] C:\Users\acer1\Desktop\Teclado.exe 2019-04-09 11:38 - 2019-04-09 11:38 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\python27.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 000113664 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_ctypes.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000080896 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\bz2.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 001792512 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_hashlib.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000128512 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32api.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000137728 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\pywintypes27.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 000548864 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\pythoncom27.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 000689664 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\unicodedata.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000438784 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32com.shell.shell.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 001489408 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._core_.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxbase30u_net_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxbase30u_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxmsw30u_adv_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxmsw30u_core_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 001007104 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._gdi_.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 001039872 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._windows_.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxmsw30u_html_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 001325056 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._controls_.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000916992 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._misc_.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 001084416 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\pysqlite2._sqlite.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000149504 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32file.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000136192 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32security.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000007680 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\hashobjs_ext.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000020992 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\thumbnails_ext.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000118784 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\usb_ext.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000047616 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_socket.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 002224640 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_ssl.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000014848 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\common.time34.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000023040 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32event.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000034304 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\windows.conditional.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000020480 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\windows.winwrap.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000110080 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\windows.volumes.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000223232 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32gui.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000173568 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_elementtree.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000169472 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\pyexpat.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000048128 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32inet.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000103424 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wx._html2.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\wxmsw30u_webview_vc90_x64.dll 2019-04-09 11:38 - 2019-04-09 11:38 - 000046080 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_psutil_windows.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000011776 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32crypt.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000301568 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\PIL._imaging.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000032256 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_multiprocessing.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 005752320 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\cello.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000026112 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\_yappi.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000044032 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32process.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000027648 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32pipe.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000010752 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\select.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000029696 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32pdh.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000038400 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\windows.connectivity.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000073216 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\windows.device_monitor.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000020480 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32profile.pyd 2019-04-09 11:38 - 2019-04-09 11:38 - 000026624 _____ () [File not signed] C:\Users\acer1\AppData\Local\Temp\_MEI93242\win32ts.pyd 2019-04-09 08:15 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-04-09 08:15 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2017-05-14 13:43 - 2017-05-14 13:43 - 000038400 _____ (IntelliBreeze Software AB) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\GMNcommon.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000058368 _____ (Google Inc) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Google.Apis.Plus.v1.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000128512 _____ (Google Inc) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Google.Apis.dll 2017-05-14 13:32 - 2017-05-14 13:32 - 000007680 _____ (IntelliBreeze Software) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.PluginInterface.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 005009408 _____ (DevComponents.com) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\DevComponents.DotNetBar2.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000744448 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\System.Data.SQLite.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000015360 _____ (Google Inc) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Google.Apis.Authentication.OAuth2.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 001128448 _____ () [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\DotNetOpenAuth.dll 2017-05-14 13:43 - 2017-05-14 13:43 - 000005632 _____ (IntelliBreeze Software AB) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.BrandingInterface.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000290304 _____ ( ) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Mono.Security.dll 2017-05-14 13:43 - 2017-05-14 13:43 - 000844288 _____ (IntelliBreeze Software AB) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.Translations.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000086016 _____ (The Outercurve Foundation) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Facebook.dll 2017-05-14 13:31 - 2017-05-14 13:31 - 000112640 _____ (Google Inc) [File not signed] C:\Program Files (x86)\Gmail Notifier Pro\Google.Apis.Drive.v2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376] AlternateDataStreams: C:\ProgramData\TEMP:D8999815 [93] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\fnmt.es -> hxxp://fnmt.es IE trusted site: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\fnmt.es -> hxxps://fnmt.es IE trusted site: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\fnmt.gob.es -> hxxps://fnmt.gob.es IE trusted site: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\fnmt.gob.es -> hxxp://fnmt.gob.es IE trusted site: HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2019-04-08 08:10 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\AutoFirma\AutoFirma;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.0.5 - 80.58.61.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKU\S-1-5-21-3545106304-3766720184-4112346381-1000\...\StartupApproved\Run: => "appOnt" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{13B938FC-AE3E-4CAA-90C8-3B022957D353}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{BF9B0689-1421-4487-A5D8-67D1D37F9022}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6C987940-D146-4A42-8D45-70BBEDF7F438}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6BC53C57-CC7D-49D5-983F-CFAD97F504D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{26F0A76C-6686-48B6-B3B7-36B92AA8F288}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A1D2CDBD-54EF-4177-92FE-FD089D117561}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C1A47F96-0DC6-4814-A58E-29C0A3D462D9}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{2D624E9D-1D32-418E-9887-4495A41E4940}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{0EBF0155-DE0C-4B4D-941C-E7469411662B}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6ADCDF56-8DEE-4962-9E0C-33ADA884B845}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{4F55432D-4743-41E7-9FF2-083A961135E1}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{17CFD629-5A15-48E7-A330-1F8D9D79C4A9}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{4A7C1963-3F7A-479E-AE8E-C3E018220A07}] => (Allow) C:\Users\acer1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{4565C14D-97FD-448C-9902-0184FD4CBF42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{70D0BAFD-7345-47AF-8B8C-DDC19E4F2E54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3A0595A2-94E3-4AC1-A245-1A663D1EF4A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2635BA54-89AC-45C5-A7B6-5E7EFB7A7460}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [TCP Query User{D4B1FBED-E2E4-4957-BA77-9ED09A40551D}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [UDP Query User{E5760781-303E-4DFC-B3AB-99CAC58A8277}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [{06AE9AC2-5A63-4727-A90A-42B5A30DBDCE}] => (Allow) LPort=9422 FirewallRules: [{81906DF3-9F18-4D05-A1B9-8F95DC4C0941}] => (Allow) LPort=9245 FirewallRules: [{27FB0121-49A3-433F-89DA-9573FEF09D06}] => (Allow) LPort=9246 FirewallRules: [{9B817CAD-8326-4F09-811A-A71606852250}] => (Allow) LPort=9247 FirewallRules: [{0891C828-6E5B-481A-B724-D4FEFD1107BE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{92730B44-E245-4699-A5BC-92EE0534D7CB}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{D2F71DE4-FAB6-4246-ABB2-15E1B26160A2}] => (Allow) LPort=65533 FirewallRules: [{4F01316F-D1E2-4A02-A3A6-BCABFAE13FE0}] => (Block) C:\Program Files\Detong\Office Tab Enterprise\ExtendOfficeChanger.exe (Addin Technology Inc. -> ) FirewallRules: [{27D44FB8-DDB9-433C-8CFD-74688D44EF14}] => (Block) C:\Program Files\Detong\Office Tab Enterprise\TabsforOfficeCenter1316.exe (Addin Technology Inc. -> ) FirewallRules: [{440ED498-8486-422C-8692-6C98D7C657A9}] => (Block) C:\Program Files\Detong\Office Tab Enterprise\TabsforOfficeCenter1316(Admin).exe (Addin Technology Inc. -> ) FirewallRules: [{3D3C77F9-9920-40FB-B102-3FAE2481CC07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{376E63A5-7541-4016-A5B5-D6E0D6F93759}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{0B111A4C-C3B2-4530-9E3C-3D9A8F563221}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{F5ED89A7-C12E-4F77-A376-B4C9CCF67770}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{13AF3503-555A-486F-B0F6-535E7CD44826}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{607C22CC-F231-473D-B80C-A1734780C606}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) ==================== Restore Points ========================= 05-04-2019 16:08:40 Instalador de Módulos de Windows ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2019 11:41:06 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido. . Operación: Ejecutando operación asincrónica Contexto: Estado actual: DoSnapshotSet Error: (04/09/2019 11:40:05 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado. . A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud. Operación: Recopilando datos del escritor Contexto: Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220} Nombre del escritor: System Writer Id. de instancia del escritor: {28293478-b959-4ecd-b8b5-794a73a41cf5} Error: (04/09/2019 11:20:41 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (04/09/2019 11:20:41 AM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8). Error: (04/09/2019 11:20:31 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (04/09/2019 11:20:31 AM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8). Error: (04/09/2019 11:20:21 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) al abrir un archivo de registro C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (04/09/2019 11:20:21 AM) (Source: ESENT) (EventID: 490) (User: ) Description: taskhostw (996,R,98) WebCacheLocal: Al intentar abrir el archivo "C:\Users\acer1\AppData\Local\Microsoft\Windows\WebCache\V01.log" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8). System errors: ============= Error: (04/09/2019 04:07:06 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: Este equipo no pudo establecer una sesión segura con un controlador de dominio en el dominio AGRICOLA debido a lo siguiente: No podemos iniciar tu sesión con esta credencial porque el dominio no está disponible. Asegúrate de que el dispositivo esté conectado a la red de tu organización y vuelve a intentarlo. Si ya iniciaste sesión en este dispositivo con otra credencial, puedes iniciar sesión con ella. Esto puede derivar en problemas de autenticación. Asegúrese de que el equipo esté conectado a la red. Si el problema persiste, póngase en contacto con el administrador de dominio. INFORMACIÓN ADICIONAL Si este equipo es un controlador de dominio para el dominio especificado, establece la sesión segura con el emulador del controlador de dominio primario en el dominio especificado. De lo contrario, este equipo establece la sesión segura con cualquier controlador de dominio en el dominio especificado. Error: (04/09/2019 04:00:55 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 04:00:55 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 04:00:54 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 04:00:53 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 12:00:25 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 12:00:25 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/09/2019 12:00:25 PM) (Source: DCOM) (EventID: 10016) (User: JOSECARLOS-PC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario JOSECARLOS-PC\acer1 con SID (S-1-5-21-3545106304-3766720184-4112346381-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Windows Defender: =================================== Date: 2019-04-09 08:06:21.496 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:PowerShell/Powdow&threatid=2147726642&enterprise=0 Nombre: TrojanDownloader:PowerShell/Powdow Id.: 2147726642 Gravedad: Grave Categoría: Descargador troyano Ruta de acceso: amsi:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_PowerShell_C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.17763.3460000000000000002 Origen de detección: Desconocido Tipo de detección: Concreto Fuente de detección: AMSI Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Versión de firma: AV: 1.291.1373.0, AS: 1.291.1373.0, NIS: 1.291.1373.0 Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1 Date: 2019-04-08 19:05:00.893 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:PowerShell/Powdow&threatid=2147734737&enterprise=0 Nombre: Trojan:PowerShell/Powdow Id.: 2147734737 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: amsi:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_PowerShell_C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.17763.3460000000000000002 Origen de detección: Desconocido Tipo de detección: Concreto Fuente de detección: AMSI Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Versión de firma: AV: 1.291.1373.0, AS: 1.291.1373.0, NIS: 1.291.1373.0 Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1 Date: 2019-04-08 19:04:56.032 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:PowerShell/Powdow&threatid=2147726642&enterprise=0 Nombre: TrojanDownloader:PowerShell/Powdow Id.: 2147726642 Gravedad: Grave Categoría: Descargador troyano Ruta de acceso: amsi:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Origen de detección: Desconocido Tipo de detección: Concreto Fuente de detección: AMSI Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Versión de firma: AV: 1.291.1373.0, AS: 1.291.1373.0, NIS: 1.291.1373.0 Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1 Date: 2019-04-08 19:04:55.812 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:PowerShell/Powdow&threatid=2147734737&enterprise=0 Nombre: Trojan:PowerShell/Powdow Id.: 2147734737 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: amsi:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Origen de detección: Desconocido Tipo de detección: Concreto Fuente de detección: AMSI Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Versión de firma: AV: 1.291.1373.0, AS: 1.291.1373.0, NIS: 1.291.1373.0 Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1 Date: 2019-04-08 18:23:14.533 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:PowerShell/Powdow&threatid=2147734737&enterprise=0 Nombre: Trojan:PowerShell/Powdow Id.: 2147734737 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: amsi:_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_PowerShell_C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.17763.3460000000000000002 Origen de detección: Desconocido Tipo de detección: Concreto Fuente de detección: AMSI Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Versión de firma: AV: 1.291.1373.0, AS: 1.291.1373.0, NIS: 1.291.1373.0 Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1 Date: 2019-04-08 08:38:35.741 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Supervisión de comportamiento Código de error: 0x80508023 Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. CodeIntegrity: =================================== Date: 2019-04-09 09:17:10.041 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:10.009 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:09.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:07.872 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:07.843 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:07.780 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:05.666 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-04-09 09:17:05.629 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz Percentage of memory in use: 87% Total physical RAM: 3974.01 MB Available physical RAM: 477.35 MB Total Virtual: 8070.01 MB Available Virtual: 3723.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.96 GB) (Free:882.1 GB) NTFS ==>[drive with boot components (obtained from BCD)] \\?\Volume{dc147d68-0000-0000-0000-a0c3e8000000}\ () (Fixed) (Total:0.45 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DC147D68) Partition 1: (Active) - (Size=931 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 MB) - (Type=27) ==================== End of Addition.txt ============================