Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2019 Ran by Guillermo (03-12-2019 19:39:13) Running from C:\Users\Guillermo\Desktop Windows 10 Pro Version 1903 18362.476 (X64) (2019-08-11 21:05:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1651002052-1764723500-360319929-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1651002052-1764723500-360319929-503 - Limited - Disabled) Guillermo (S-1-5-21-1651002052-1764723500-360319929-1001 - Administrator - Enabled) => C:\Users\Guillermo Invitado (S-1-5-21-1651002052-1764723500-360319929-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1651002052-1764723500-360319929-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated) Android USB Driver (HKLM-x32\...\Z5 Android USB Driver_is1) (Version: - ) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 87.3.122 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.243.1 - Dropbox, Inc.) Hidden Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.45.5307 - GOM & Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden IBM SPSS Statistics 24 (HKLM\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp) Intel(R) Chipset Device Software (HKLM-x32\...\{b2573549-8593-4d8d-b795-d0eed7b6d412}) (Version: 10.1.1.45 - Intel(R) Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{73D60EDA-FD00-4CB4-8723-212AFB2219CF}) (Version: 7.3.0 - Intel Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nitro Pro 10 (HKLM\...\{7242D889-1E07-40C9-8FC6-670707B34EE1}) (Version: 10.5.9.9 - Nitro) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Prerequisite installer (HKLM-x32\...\{37E15A76-F310-4C62-9D32-EE96C83BBD2C}) (Version: 20.2.0001 - Nero AG) Hidden R for Windows 3.5.2 (HKLM\...\R for Windows 3.5.2_is1) (Version: 3.5.2 - R Core Team) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.30.815.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden RStudio (HKLM-x32\...\RStudio) (Version: 1.1.463 - RStudio) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) USB Drive Antivirus 3.01 (HKLM-x32\...\USB Drive Antivirus_is1) (Version: - USB Antivirus) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden WhatsApp (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\WhatsApp) (Version: 0.3.9308 - WhatsApp) WhatsApp (HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\...\WhatsApp) (Version: 0.3.9308 - WhatsApp) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.) Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad] Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-05] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389_Classes\CLSID\{47F4F762-C23D-4233-B103-999538479649} -> [MEGAsync] => C:\Users\Guillermo\Documents\MEGAsync [2018-05-21 18:14] CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Guillermo\Dropbox [2018-05-21 18:15] CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001_Classes\CLSID\{47F4F762-C23D-4233-B103-999538479649} -> [MEGAsync] => C:\Users\Guillermo\Documents\MEGAsync [2018-05-21 18:14] CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Guillermo\Dropbox [2018-05-21 18:15] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-07-22] (Nitro Software, Inc. -> Nitro PDF) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Guillermo\Desktop\Guillermo - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Guillermo\Desktop\Guillermo 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ==================== Loaded Modules (Whitelisted) ============= 2019-10-05 17:57 - 2019-10-05 17:57 - 036338176 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220\DolbyAccess.dll 2019-02-12 02:16 - 2019-02-12 02:16 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attributes [778] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attrs [58] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.internal [284] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422121\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422276\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1651002052-1764723500-360319929-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 200.42.4.198 - 200.49.130.41 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "BbInstallUser" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Nero BackItUp" HKLM\...\StartupApproved\Run32: => "DriveSpan" HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\StartupApproved\Run: => "FreeAC" HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1651002052-1764723500-360319929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032019192422389\...\StartupApproved\Run: => "FreeAC" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{D5254E73-53E3-49E5-89B0-8578D273EC3F}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe (RStudio, Inc.) [File not signed] FirewallRules: [TCP Query User{7E75B2D7-678D-4335-B55B-518D54AC1F80}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe (RStudio, Inc.) [File not signed] FirewallRules: [UDP Query User{C1F9436F-A35C-430F-BE3B-91DCA76C4FCF}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{554E50BE-898D-4232-ACD5-AE168490B958}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{993BB3A5-A534-40FB-958D-B406518DED8E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com (IBM -> IBM Corp.) [File not signed] FirewallRules: [{DA4C8929-E41D-4120-8069-82CB6B8BFF2B}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{531E7E8C-D1FD-438D-A8C3-2E48E22860FF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{4AF8D8D5-CC73-4E65-95CC-5AE7DE0F1230}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com (IBM -> IBM Corp.) [File not signed] FirewallRules: [{B77A277C-8A53-496B-8D00-4E6055739C1E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{155C2B41-64EC-4651-BF15-9A5B94313D99}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{2FE9AFF0-0D8C-48CB-972F-B83C5F77BBCA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{AFABF74D-B587-44B1-868A-C21A6E8A7115}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [UDP Query User{13F16139-0880-4827-A00D-1607133ED890}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{7DE9E608-92C9-4564-AD89-9094B2EB107E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{A396439E-B9CE-4C59-8DEF-EB9E026AF715}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{05350E37-8144-4F58-80B5-4C0294753720}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{81173155-28F6-40E0-99D3-8F4B6AAA2B2A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{98CB03CB-CCEC-4390-80AE-F65160D3B783}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E776CD86-1272-4C6B-9F58-D917290AF910}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.) FirewallRules: [{1DA896D1-5588-4A46-B257-0C86C0D03136}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{254A8BB2-A504-4CE4-A4FC-2DC7BCEEC8F5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{BDD9AD54-F6CD-48EA-84BB-387264DBF945}] => (Allow) C:\Program Files (x86)\Nero\Nero 2019\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG) FirewallRules: [{E0E26BAE-B702-417E-8E3A-9BF1AB4E4B83}] => (Allow) C:\Program Files (x86)\Nero\Nero 2019\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG) ==================== Restore Points ========================= 22-11-2019 12:28:49 Punto de control programado 29-11-2019 12:07:35 Removed Nero 2019. 29-11-2019 14:13:36 JRT Pre-Junkware Removal 03-12-2019 17:48:29 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/03/2019 07:35:29 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9436,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/03/2019 07:20:23 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3416,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/03/2019 07:13:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (12/03/2019 07:13:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/03/2019 07:03:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/03/2019 05:58:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9860,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/03/2019 05:45:04 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3344,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/03/2019 05:38:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (12/03/2019 07:42:22 PM) (Source: DCOM) (EventID: 10010) (User: GUILLERMO-PC) Description: El servidor Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca no se registró con DCOM dentro del tiempo de espera requerido. Error: (12/03/2019 07:26:36 PM) (Source: DCOM) (EventID: 10000) (User: GUILLERMO-PC) Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error "2147942767" al iniciar este comando: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio Nero BackItUp Background Service 2019 se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio NitroPDFDriverCreatorReadSpool10 se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio NitroUpdateService se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio UDisk Monitor Z5 Phone se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Servicio del Escritorio remoto de Chrome terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio. Error: (12/03/2019 07:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces. Windows Defender: =================================== Date: 2019-08-13 12:09:34.079 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\bluebeam.revu.extreme.2017.(17.0.10)-MPT.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Windows\explorer.exe Versión de inteligencia de seguridad: AV: 1.299.1823.0, AS: 1.299.1823.0, NIS: 1.299.1823.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:49.467 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\1630278.driveupload; file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload; file:_C:\Users\Guillermo\Desktop\bluebeam.revu.extreme.2017.(17.0.10)-MPT.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Windows\explorer.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:46.107 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\1630278.driveupload; file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Program Files\Google\Drive\googledrivesync.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:46.053 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Program Files\Google\Drive\googledrivesync.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 CodeIntegrity: =================================== Date: 2019-12-03 19:39:22.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-03 19:31:12.143 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-03 19:31:12.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-03 19:31:10.619 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-03 19:29:22.371 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-03 19:26:49.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-03 19:23:56.555 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-03 19:23:56.402 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: SAMSUNG ELECTRONICS CO.,LTD 06OV 10/22/2012 Motherboard: SAMSUNG ELECTRONICS CO.,LTD SAMSUNG_DT1234567890 Processor: Intel(R) Core(TM) i5-2390T CPU @ 2.70GHz Percentage of memory in use: 74% Total physical RAM: 6089.97 MB Available physical RAM: 1567.98 MB Total Virtual: 11209.97 MB Available Virtual: 7227.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.62 GB) (Free:315.97 GB) NTFS Drive d: (My Passport) (Fixed) (Total:298.02 GB) (Free:81.64 GB) FAT32 Drive e: (Datos) (Fixed) (Total:488.28 GB) (Free:366.61 GB) NTFS \\?\Volume{5a9c3286-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{5a9c3286-0000-0000-0000-10ae6e000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5A9C3286) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=442.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=522 MB) - (Type=27) Partition 4: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: 5B6AC646) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C) ==================== End of Addition.txt =======================