Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019 Ran by dark1 (14-09-2019 15:43:30) Running from C:\Users\dark1\Desktop Windows 10 Pro Version 1903 18362.356 (X64) (2019-06-26 02:14:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1190635516-3450097252-2682465791-500 - Administrator - Disabled) dark1 (S-1-5-21-1190635516-3450097252-2682465791-1001 - Administrator - Enabled) => C:\Users\dark1 DefaultAccount (S-1-5-21-1190635516-3450097252-2682465791-503 - Limited - Disabled) Invitado (S-1-5-21-1190635516-3450097252-2682465791-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1190635516-3450097252-2682465791-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123 Flash Chat 9.9 (HKLM\...\0238-6852-0763-8947) (Version: 9.9 - TopCMM Software Ltd.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden ActiveState Komodo Edit 11.0.0 (HKLM-x32\...\{C0C305D4-1D83-46A3-9DEE-EF836E8C7C30}) (Version: 11.0.0 - ActiveState Software Inc.) Actualización de NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe) Akamai NetSession Interface (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Allavsoft 3.14.8.6425 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden Aplicación de escritorio de Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach) Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) AutoCAD 2017 - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden AutoCAD 2017 Language Pack - Español (Spanish) (HKLM\...\{28B89EEF-0001-040A-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk) Autodesk AutoCAD 2017 - Español (Spanish) (HKLM\...\AutoCAD 2017 - Español (Spanish)) (Version: 21.0.52.0 - Autodesk) Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk) Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk) AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.3 - Gobierno de España) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 76.0.1659.101 - AVAST Software) BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.44.1625 - BlueStack Systems, Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 76.0.68.132 - Los creadores de Brave) BrowserBackup (HKLM-x32\...\BrowserBackup) (Version: 9.0 - Cjcr-Software) Cache (HKLM-x32\...\{9A48535E-55EB-4FFA-B221-5C5493558F71}) (Version: 1.5.48.1000 - Microsoft) Hidden Cache (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\{0646a350-e862-48db-a343-dcd13daa6291}) (Version: 1.5.48.1000 - Microsoft) CALENER-GT (HKLM-x32\...\CALENER-GT) (Version: - ) calibre (HKLM-x32\...\{E287031B-230C-4127-AA44-598FA9CE3478}) (Version: 2.69.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) CE3X v2.3 (HKLM-x32\...\{7139BD7B-FC0B-435F-8E79-63D7CCDA2BA8}_is1) (Version: - Certificacion Energetica SL) ContaSOL (HKLM-x32\...\{D9EB4E80-3876-4F47-83C5-E85D2563C677}) (Version: 1.0.0 - Software del Sol, S.A.) CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World) CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World) CTEHE2013 v1.0.1564.1124 (HKLM-x32\...\{6DDD4631-E97B-4F81-A3F1-9B4B6786851F}_is1) (Version: - AICIA-GrupoTERMOTECNIA) Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia) Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.) DatosClimaticosGenericos 1.1 (HKLM-x32\...\{80DDE880-81D5-4777-B7AA-6E65AAFC7B92}_is1) (Version: - AICIA-Grupo de Termotecnia) DUO-CAPTURE EX Driver (HKLM\...\RolandRDID0135) (Version: - Roland Corporation) eMule (HKLM-x32\...\eMule) (Version: - ) Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook) FactuSOL (HKLM-x32\...\{0E61066A-7B88-4215-9C8F-6CC724EF4C02}) (Version: 1.0.0 - Software del Sol, S.A.) FactuSOL (HKLM-x32\...\{30390D06-514C-4CDB-A9F6-64EDD6B3DC5C}) (Version: 1.0.0 - Software del Sol, S.A.) FastStone Photo Resizer 3.6 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.6 - FastStone Soft.) FileZilla Client 3.37.1 (HKLM-x32\...\FileZilla Client) (Version: 3.37.1 - Tim Kosse) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC) Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 5.0.0.0 - Google LLC.) IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia) Importación de SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk) IOTA Wallet 2.4.0 (only current user) (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.4.0 - IOTA Foundation) IVA 2016 1.00 (HKLM-x32\...\6663-8884-0599-8584) (Version: 1.00 - AEAT) Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Kodi (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\Kodi) (Version: - XBMC-Foundation) Leawo DVD to MP4 Converter version 4.3.0.0 (HKLM-x32\...\{E583A6F3-8F2F-4644-97FF-748F83A58D68}_is1) (Version: 4.3.0.0 - Leawo Software Co., Ltd.) Library Update for SendBlaster 1.0 (HKLM-x32\...\01F6DC69-1B4C-4C3C-95DC-BB8299081126_is1) (Version: 1.0.0 - Delivery Tech Corp) Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.) MailStyler (HKLM-x32\...\{77C1C524-CCF5-49C8-8B30-516A46559092}) (Version: 1.3.3 - Delivery Tech Corp.) MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 69.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 69.0 (x64 es-ES)) (Version: 69.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 69.0.0.7178 - Mozilla) Mozilla Thunderbird 60.9.0 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 60.9.0 (x86 es-ES)) (Version: 60.9.0 - Mozilla) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7.1 - Notepad++ Team) NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden paint.net (HKLM\...\{893D9E06-E352-4BE4-B8E4-CFADC08B8DBF}) (Version: 4.2.1 - dotPDN LLC) Panel de control de NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) PostCALENER (HKLM-x32\...\PostCALENER) (Version: - ) PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.1.1.35857 - PreSonus Audio Electronics) PuTTY release 0.72 (64-bit) (HKLM\...\{8EFBA1C7-A8B8-4FB9-BEC0-6CEC6C7145DE}) (Version: 0.72.0.0 - Simon Tatham) qBittorrent 4.1.7 (HKLM-x32\...\qBittorrent) (Version: 4.1.7 - The qBittorrent project) Renta 2015 1.30 (HKLM-x32\...\9648-5771-9114-3169) (Version: 1.30 - AEAT) R-Linux 5.6 (HKLM-x32\...\R-Linux 5.6NSIS) (Version: 5.6.173595 - R-Tools Technology Inc.) Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 9.2 - Screaming Frog Ltd) SendBlaster 4 (HKLM-x32\...\{E49ED37A-70A7-423C-86BD-992629D60916}) (Version: 004.001.00003 - eDisplay srl) Shadow 5.0.110 (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\34af0e20-e907-597b-a5a8-fec54fe4de95) (Version: 5.0.110 - Blade) SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com) SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.5.5819 - TeamViewer) Telegram Desktop versión 1.8.8 (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.8 - Telegram FZ-LLC) The Keepers - Lost Progeny 1.00 (HKLM-x32\...\The Keepers - Lost Progeny 1.00) (Version: - ) This War of Mine (HKLM-x32\...\This War of Mine_is1) (Version: - ) TIDAL (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\TIDAL) (Version: 2.6.0 - TIDAL Music AS) Toonly 1.0.7 (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\992dd7b0-5000-5b71-b977-81376e9a347d) (Version: 1.0.7 - Bryxen Inc.) TrackballWorks (HKLM-x32\...\{004C4695-1C46-4d7e-A48E-FEF6A5AD32C4}) (Version: 1.3.1 - Kensington Computer Products Group) TunnelBear (HKLM-x32\...\{21602bb8-cc04-46c7-afa2-be90f9b35830}) (Version: 3.7.6.0 - TunnelBear) TunnelBear (HKLM-x32\...\{395217CC-1D4F-41C5-9A71-7EF5A29CB40C}) (Version: 3.7.6.0 - TunnelBear) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) VidCuratorFX (HKLM-x32\...\{F35C623B-180B-606E-D9D7-48429D7E293F}) (Version: 1.0.0 - UNKNOWN) Hidden VidCuratorFX (HKLM-x32\...\VidCurator) (Version: 1.0.0 - UNKNOWN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) WhatsApp (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\WhatsApp) (Version: 0.3.4479 - WhatsApp) Windows Phone 8.0 Emulation Images (HKLM-x32\...\{7515082B-0B97-331C-9725-9D42EF0DE501}) (Version: 11.0.50727 - Microsoft Corporation) Windows Phone 8.0 Managed SDK Profiler (ARM) (HKLM-x32\...\{D6DEA3AD-637E-368A-BD00-501D443F5E86}) (Version: 11.0.50727 - Microsoft Corporation) Windows Phone 8.0 Managed SDK Profiler (X86) (HKLM-x32\...\{D21B5F75-8042-3B39-80A1-F1D56D6DB4AB}) (Version: 11.0.50727 - Microsoft Corporation) Windows Phone SDK 8.0 Assemblies (HKLM-x32\...\{C7EE26EC-477D-37D0-87B4-ED146C5A9CD2}) (Version: 11.0.50727 - Microsoft Corporation) WinSCP 5.15.3 (HKLM-x32\...\winscp3_is1) (Version: 5.15.3 - Martin Prikryl) yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software) Zoom (HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.) Packages: ========= AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2018-04-08] (AccuWeather) [MS Ad] Adsense Console -> C:\Program Files\WindowsApps\53839UssakliSoftware.AdsenseConsole_1.0.0.7_neutral__pytb26kqt3pq2 [2017-07-30] (Ussakli Software) Age of Empires®: Castle Siege -> C:\Program Files\WindowsApps\Microsoft.AgeCastles_1.26.33.0_x86__8wekyb3d8bbwe [2018-11-08] (Microsoft Studios) Alarm Clock HD -> C:\Program Files\WindowsApps\AntaraSoftware.AlarmClockHD_6.1.8.0_x64__7jhd16s0b93qm [2019-02-10] (ANTARA SOFTWARE and CONSULTING PRIVATE LIMITED) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.147.500.0_x86__kgqvnymyfvs32 [2019-09-09] (king.com) Coinhouse -> C:\Program Files\WindowsApps\53468VillagraLabs.Coinhouse_2.0.14.0_x64__3rqwnxthpafc8 [2018-03-16] (Villagra Labs) Connected Devices -> C:\Program Files\WindowsApps\34507Simplisidy.ShareAcrossDevices_4.2.6.0_x64__wtkr3v20s86d8 [2017-06-14] (Simplisidy) Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad] CV Sampler -> C:\Program Files\WindowsApps\49145Speety.CVSampler_1.1.3.0_x64__v4src7dmx3wmp [2016-10-18] (Speety) Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-03-29] (Facebook Inc) Focus Journal -> C:\Program Files\WindowsApps\zababahano.FocusJournal_1.7.24.0_x86__h479t9074rj58 [2019-04-16] (zababahano) Fotor -> C:\Program Files\WindowsApps\EverimagingCo.Limited.Fotor_1.6.0.3_x64__7mgsahepr4x5w [2016-06-29] (Chengdu Everimaging Science and Technology Co Ltd) GPX viewer and recorder -> C:\Program Files\WindowsApps\45442stefano64.GPXviewerandrecorder_2.0.0.0_x64__bszswgksnzmf2 [2017-05-30] (stefano64) Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_0.92.4.0_x64__9waqn51p1ttv2 [2019-07-02] (Inkscape) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-07-27] (Instagram) Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.2.0.0_x64__ey8k8hqnwqnmg [2019-08-31] (Kali Linux) LaLiga TV - Fútbol Oficial -> C:\Program Files\WindowsApps\3263784A.LaLigaTV-FtbolOficial_1.2.4.0_x64__6rdz10wtnphq0 [2017-08-21] (Liga Nacional de Futbol Profesional) MALÉFICA Free Fall -> C:\Program Files\WindowsApps\Disney.MaleficentFreeFall_2.1.0.1_x86__6rarf9sa4v8jt [2016-12-03] (Disney) Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-05-15] (Facebook Inc) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-06-26] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-26] (Microsoft Studios) [MS Ad] Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.0.22483.0_x64__8wekyb3d8bbwe [2019-09-09] (Microsoft Corporation) microsoftinsider.es -> C:\Program Files\WindowsApps\25032Prefetcher.microsoftinsider.es_2.1.3.0_x64__3c3f64dvwm980 [2016-11-19] (Antonio de la Iglesia) MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad] MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Nextgen Reader UWP -> C:\Program Files\WindowsApps\6205NextMatters.NextgenReaderforWindows10_3.0.70.0_x64__dhevqfrzdz4vg [2017-04-21] (Next Matters) OneLocker Password Manager -> C:\Program Files\WindowsApps\26577SergioPedri.OneLocker_50271.2018.324.0_x64__bkmwp5a68shk0 [2019-04-01] (Sergio Pedri) Paradise Bay -> C:\Program Files\WindowsApps\king.com.ParadiseBay_3.9.0.0_x86__kgqvnymyfvs32 [2019-01-17] (king.com) Photo Editor Pro | Polarr -> C:\Program Files\WindowsApps\613EBCEA.Polarr_5.6.0.0_x64__jb41c8remg0x2 [2019-08-28] (Polarr) PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.7.0.0_x86__crhqpqs3x1ygc [2019-08-09] (PicsArt Inc.) [MS Ad] Pinball FX2 Windows 10 Edition -> C:\Program Files\WindowsApps\ZenStudios.PinballFX2Windows10Edition_1.12.0.0_x86__sqz2yzgfp6bz4 [2017-01-31] (ZEN Studio Kft) [MS Ad] Rain Alarm -> C:\Program Files\WindowsApps\MichaelDiener-Softwaree.K.RainAlarm_1.3.1.5_x64__m9t2x07xenf26 [2019-09-12] (Michael Diener - Software e.K.) Series Gratis Online -> C:\Program Files\WindowsApps\55929RubenGM.SeriesGratisOnline_1.6.1.0_x86__yvg08nghaj6tw [2016-06-01] (RubenGM) [MS Ad] Termius -> C:\Program Files\WindowsApps\Crystalnix.Termius_4.1.2.0_x64__0m0t0j9spf6x8 [2019-08-02] (Crystalnix) TV Online Univ -> C:\Program Files\WindowsApps\18292Jeremias.TVOnlineEspaa_4.1.15.0_x64__szmbgvqvmt7yp [2019-08-13] (Jeremias) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-04-11] (Nik Rolls) Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.12026.20014.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) Wunderlist: Lista de tareas -> C:\Program Files\WindowsApps\6Wunderkinder.Wunderlist_3.6.36.0_x64__b4cwydgxqx59r [2019-09-09] (6 Wunderkinder GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1190635516-3450097252-2682465791-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1190635516-3450097252-2682465791-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1190635516-3450097252-2682465791-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc -> Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk, Inc -> Autodesk) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> ) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\ShellEx.dll [2019-09-14] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team) ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team) ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\ShellEx.dll [2019-09-14] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\ShellEx.dll [2019-09-14] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\dark1\AppData\Local\MEGAsync\ShellExtX64.dll [2019-08-05] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\ShellEx.dll [2019-09-14] (Kaspersky Lab -> AO Kaspersky Lab) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-03-01 16:52 - 2019-03-01 16:52 - 000030720 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll 2019-03-01 16:53 - 2019-03-01 16:53 - 000167424 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2016-05-27 14:38 - 2016-05-21 10:19 - 000077312 ____N (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2018-02-01 23:16 - 2016-02-22 12:29 - 002920448 _____ (Kensington) [File not signed] C:\Program Files (x86)\Kensington\TrackballWorks\TbwResources_ESP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [128] AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D [188] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2019-09-14 00:33 - 000001032 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 activate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\ActiveState Komodo Edit 11\;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Calibre2\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Kensington\TrackballWorks;C:\WINDOWS\System32\OpenSSH\;C:\Users\dark1\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\ HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dark1\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tigre.jpg DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: 123FlashChatServer9.9 => 2 MSCONFIG\Services: 123FlashChatTomcatServer9.9 => 2 MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdPlusAndroidSvc => 3 HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "AlcoholAutomount" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "AceStream" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "Cache" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "MailStylerWarmup" HKU\S-1-5-21-1190635516-3450097252-2682465791-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4278B3C98BB1014E2C7EC34C52EE76AD" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A303F2FF-5D4E-4052-95A8-61FAB9499B32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{AC3BB6A4-F546-4FF2-A1C6-DF591A620D69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{EAD47149-96FE-4B9E-9D9D-318D6C03A673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{4118EE63-C3B3-4FA5-B514-0124E50A940C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{DA4E4ABF-05FB-454B-B8A2-772CF0EC549D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E36AE21B-7EC4-48F4-8E8E-636818937952}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B2732F31-9413-4014-9433-B96DC14D235D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4B7CD3D5-1E4E-4212-B6E6-62FE9DFC7FB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{8FA51D8A-8334-4176-9BD5-CFC36E9D3457}C:\util\zeronet-win-dist\zeronet.exe] => (Allow) C:\util\zeronet-win-dist\zeronet.exe (Open Source Developer, Tamas Kocsis -> Open Source Developer, Tamas Kocsis) FirewallRules: [TCP Query User{68447E9F-441C-4137-9B7E-D10F9D7DFFDE}C:\util\zeronet-win-dist\zeronet.exe] => (Allow) C:\util\zeronet-win-dist\zeronet.exe (Open Source Developer, Tamas Kocsis -> Open Source Developer, Tamas Kocsis) FirewallRules: [{A427A1F2-77FE-411A-9060-1D3529CACE92}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{040BB700-69D0-4D68-87D0-871CAC2CED9A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{51A1D524-3797-4668-82E3-DDADE8CBBA80}C:\users\dark1\appdata\local\brave\app-0.23.104\brave.exe] => (Allow) C:\users\dark1\appdata\local\brave\app-0.23.104\brave.exe No File FirewallRules: [TCP Query User{A9E98150-D1F4-4F02-85C1-ADA3A32CA94B}C:\users\dark1\appdata\local\brave\app-0.23.104\brave.exe] => (Allow) C:\users\dark1\appdata\local\brave\app-0.23.104\brave.exe No File FirewallRules: [UDP Query User{F85C5243-97B4-4AE0-9028-6A39180EEA49}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [TCP Query User{C6D789E7-2659-44BB-9884-9E4AEEE76452}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [UDP Query User{A77B78AF-C139-4551-A128-72A492544F87}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{FACD5298-B011-4E5D-AD21-4262C6E48E1C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{E3F429B9-EFAA-4152-8A77-A23BA2DF3AF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{281018CF-C602-414E-84D6-632910105EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: ) [File not signed] FirewallRules: [{BE143C7D-3B00-4AB6-8FA0-EC2CE921892C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{313B81C9-4A5F-41BD-8570-FE62D111C5DA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{E36A6B3B-6A92-4161-BFB4-D1E5C141B3AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C64CA004-2530-4802-AB6F-78AA97073689}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{55746565-C4EE-409D-B6EB-5B62C155020F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1DC3441C-80D6-4AE9-86C9-572A0402C4B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BD36396D-6478-44D6-882E-A8ED4F381495}] => (Allow) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [UDP Query User{EE9E73C6-434A-4C6B-B233-FEBBEEEF3DC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{337ADB31-82D7-4247-9F01-5B6A3F853F03}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{487F32CC-CB7E-4EF8-ABC3-E2AA0E5B9FE2}C:\util\pelis magnet beta\pelismagnet.exe] => (Allow) C:\util\pelis magnet beta\pelismagnet.exe () [File not signed] FirewallRules: [TCP Query User{1A6423B7-90D4-4FB3-86B4-AAE57ABB7B76}C:\util\pelis magnet beta\pelismagnet.exe] => (Allow) C:\util\pelis magnet beta\pelismagnet.exe () [File not signed] FirewallRules: [UDP Query User{654C2876-4A38-4D20-B6DA-B16E4C00EEFA}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [TCP Query User{E168531D-2E91-4C95-84AB-C8B17DF5172B}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [UDP Query User{AA987956-2E3D-4CCC-92AA-BBCFFDD30AEF}G:\users\poche\appdata\local\pelis magnet beta\pelismagnet.exe] => (Allow) G:\users\poche\appdata\local\pelis magnet beta\pelismagnet.exe No File FirewallRules: [TCP Query User{5CDAD00C-37EE-438E-978B-6AD1902A2E2A}G:\users\poche\appdata\local\pelis magnet beta\pelismagnet.exe] => (Allow) G:\users\poche\appdata\local\pelis magnet beta\pelismagnet.exe No File FirewallRules: [UDP Query User{E07FFD7E-5F6D-4642-83E3-048A1D5DAF1E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [TCP Query User{78B0A99D-0ACD-4C9F-A15B-DEB316FD30DA}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [{202D2B8B-5830-437E-833F-CF544B1DB15E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File FirewallRules: [UDP Query User{D6F57430-7479-4F4C-BB4C-FCC06288321B}C:\users\dark1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dark1\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [TCP Query User{6417D05C-85B6-4015-9962-BD0C83A7756C}C:\users\dark1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dark1\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.) FirewallRules: [UDP Query User{C8942BAC-A6A3-4D6D-BC2A-4513AA2910FB}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed] FirewallRules: [TCP Query User{BAE0A247-E4E0-4A40-AA54-644E7ED46D67}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed] FirewallRules: [{2E9551F3-95B5-4A09-B74C-12958C1E46BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{FF2F045D-E141-4A8D-924B-20385FA1FF5F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{8E0666DD-7591-4F6B-BE6A-A3A46C3CB31C}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe () [File not signed] FirewallRules: [UDP Query User{1525E8E3-9834-421C-889E-11E7BE1ECBAB}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe () [File not signed] FirewallRules: [{33886B9E-72BD-4B60-B167-0022137F4083}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E24F3068-AF13-4F13-840B-63A3A846CE49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2CEE9A19-7202-42E8-B837-0258791F3B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File FirewallRules: [{AE4C1DF9-B5C1-4C31-BD74-726FF447F6A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A36ECE0B-C5D0-4FEE-B981-3149498B3F00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{A2C1F7F2-B350-4742-B611-4D5292FAB491}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe (PreSonus) [File not signed] FirewallRules: [UDP Query User{E66EECE8-496B-4BB8-8E37-82D044AC327F}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe (PreSonus) [File not signed] FirewallRules: [TCP Query User{7F9B98FA-3B58-422A-AF53-07DD1624DF61}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [UDP Query User{47F8BFF0-2423-468D-95BC-E81615189E55}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed] FirewallRules: [TCP Query User{57E1E4C8-E8EB-469A-BD53-1DAE022E1BA3}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [UDP Query User{F00DF5BC-35DB-4751-B972-E3ED084E55C0}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [TCP Query User{E12CD0FB-948B-4087-B40A-DFB533A0E876}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [UDP Query User{A06BB713-F830-4BB5-A580-B818D08BA0CF}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed] FirewallRules: [TCP Query User{065316BB-05E7-400C-8FF2-C9181CCDB43C}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe No File FirewallRules: [UDP Query User{13E675CC-D9AD-44CC-B4C2-EFAF641C189D}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe No File FirewallRules: [TCP Query User{337DE70F-95BA-4220-9D37-6CAAD0318D12}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [UDP Query User{4F9F7578-EE8F-4640-A9AD-36ED25F1015E}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe FirewallRules: [TCP Query User{C5E3B9D3-3219-4097-BE6F-71C853565074}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{A25F8DB7-A7F3-4C87-8527-3815617E35C6}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F058EAAC-2777-4E39-A66A-510928C86985}] => (Allow) D:\Games\Fishing Planet\steamapps\common\Fishing Planet\FishingPlanet.exe () [File not signed] FirewallRules: [{5A9C6946-D063-4577-B421-EA359C33DACF}] => (Allow) D:\Games\Fishing Planet\steamapps\common\Fishing Planet\FishingPlanet.exe () [File not signed] FirewallRules: [{A19208E5-6E74-4410-9113-099FE596F933}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{5192F6A0-772A-4B3C-B5F4-877FBA050EDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{88481F28-12FA-4CEB-9006-B95CB7604086}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{5EA663A0-E2A6-4006-8058-D1F9486336A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{44E73A4C-F163-4835-95BA-489E8BD7C7B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8292A26F-46FB-4727-9B33-E616FA4E08E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{AA03179A-95DD-47F9-81FA-5974AD2179C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{53FADCAD-5FCF-45F5-B073-8E6D9C53B850}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{BF4D0BE2-F034-4C8C-B4ED-D18E71C9AD11}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{DE6A8A87-31E7-4E59-BD84-7FA932B9CCA9}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed] ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:118.77 GB) (Free:14.02 GB) (12%) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2019 03:44:13 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (13176,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (09/14/2019 03:27:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. La cuenta especificada ya existe. Error: (09/14/2019 02:42:08 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3036,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (09/14/2019 02:27:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. La cuenta especificada ya existe. Error: (09/14/2019 01:42:08 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12792,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (09/14/2019 01:27:03 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. La cuenta especificada ya existe. Error: (09/14/2019 01:26:55 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2932,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (09/14/2019 01:11:38 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3364,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (09/14/2019 12:36:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Error en la llamada ScRegSetValueExW para Start con el error siguiente: Acceso denegado. Error: (09/14/2019 12:36:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Error en la llamada ScRegSetValueExW para Start con el error siguiente: Acceso denegado. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/14/2019 12:32:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ARO93OS) Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido. Windows Defender: =================================== Date: 2019-09-13 22:31:30.042 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Chopper.B!dha&threatid=2147735632&enterprise=0 Nombre: Backdoor:PHP/Chopper.B!dha Id.: 2147735632 Gravedad: Grave Categoría: Puerta trasera Ruta de acceso: containerfile:_D:\Onedrive\Documentos\Pescamed\backup\backup_info_1908150504.xml.tar; containerfile:_D:\Onedrive\Documentos\Pescamed\backup\pmed_cubenode_last.zip; file:_C:\Users\dark1\AppData\Local\Temp\7zO061242D8\404.php; file:_D:\Onedrive\Documentos\Pescamed\backup\backup_info_1908150504.xml.tar->backup_user-data_1908150504.tgz->(GZip)->public_html/blocks/SpryAssets/404.php; file:_D:\Onedrive\Documentos\Pescamed\backup\pmed_cubenode_last.zip->blocks/SpryAssets/404.php Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de inteligencia de seguridad: AV: 1.301.1197.0, AS: 1.301.1197.0, NIS: 1.301.1197.0 Versión de motor: AM: 1.1.16300.1, NIS: 1.1.16300.1 Date: 2019-09-13 22:30:04.460 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Chopper.B!dha&threatid=2147735632&enterprise=0 Nombre: Backdoor:PHP/Chopper.B!dha Id.: 2147735632 Gravedad: Grave Categoría: Puerta trasera Ruta de acceso: containerfile:_D:\Onedrive\Documentos\Pescamed\backup\backup_info_1908150504.xml.tar; containerfile:_D:\Onedrive\Documentos\Pescamed\backup\pmed_cubenode_last.zip; file:_C:\Users\dark1\AppData\Local\Temp\7zO061242D8\404.php; file:_D:\Onedrive\Documentos\Pescamed\backup\backup_info_1908150504.xml.tar->backup_user-data_1908150504.tgz->(GZip)->public_html/blocks/SpryAssets/404.php; file:_D:\Onedrive\Documentos\Pescamed\backup\pmed_cubenode_last.zip->blocks/SpryAssets/404.php Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de inteligencia de seguridad: AV: 1.301.1197.0, AS: 1.301.1197.0, NIS: 1.301.1197.0 Versión de motor: AM: 1.1.16300.1, NIS: 1.1.16300.1 Date: 2019-09-13 22:26:15.238 Description: El acceso controlado a carpetas impidió que C:\Program Files\CCleaner\CCleaner64.exe realizara cambios en la memoria. Tiempo de detección: 2019-09-13T20:26:15.237Z Usuario: DESKTOP-ARO93OS\dark1 Ruta de acceso: \Device\Harddisk0\DR0 Nombre del proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de inteligencia de seguridad: 1.301.1197.0 Versión del motor: 1.1.16300.1 Versión del producto: 4.18.1907.4 Date: 2019-09-13 22:25:57.089 Description: El acceso controlado a carpetas impidió que C:\Program Files\CCleaner\CCleaner64.exe realizara cambios en la memoria. Tiempo de detección: 2019-09-13T20:25:57.088Z Usuario: DESKTOP-ARO93OS\dark1 Ruta de acceso: \Device\Harddisk0\DR0 Nombre del proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de inteligencia de seguridad: 1.301.1197.0 Versión del motor: 1.1.16300.1 Versión del producto: 4.18.1907.4 Date: 2019-09-13 22:25:57.082 Description: El acceso controlado a carpetas impidió que C:\Program Files\CCleaner\CCUpdate.exe realizara cambios en la memoria. Tiempo de detección: 2019-09-13T20:25:57.081Z Usuario: DESKTOP-ARO93OS\dark1 Ruta de acceso: \Device\Harddisk0\DR0 Nombre del proceso: C:\Program Files\CCleaner\CCUpdate.exe Versión de inteligencia de seguridad: 1.301.1197.0 Versión del motor: 1.1.16300.1 Versión del producto: 4.18.1907.4 Date: 2019-09-11 20:58:50.838 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Supervisión de comportamiento Código de error: 0x80508023 Descripción del error: El programa no encontró malware ni otro software potencialmente no deseado en este dispositivo. Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2019-09-10 04:33:47.091 Description: Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: Versión anterior de inteligencia de seguridad: 1.301.907.0 Origen de actualización: Servidor de Microsoft Update Tipo de inteligencia de seguridad: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: Versión anterior del motor: 1.1.16300.1 Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Date: 2019-09-10 04:23:43.715 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2019-09-07 01:21:17.126 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. CodeIntegrity: =================================== Date: 2019-09-14 00:37:01.350 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements. Date: 2019-09-14 00:37:01.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements. Date: 2019-09-14 00:37:00.997 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements. Date: 2019-09-14 00:37:00.669 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements. Date: 2019-09-14 00:37:00.488 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements. Date: 2019-09-10 16:39:02.110 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-09-10 15:37:20.602 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-09-10 05:21:04.831 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 2301 07/10/2009 Motherboard: ASUSTeK Computer INC. P5Q DELUXE Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz Percentage of memory in use: 61% Total physical RAM: 8191.04 MB Available physical RAM: 3139 MB Total Virtual: 16382.08 MB Available Virtual: 9382.17 MB ==================== Drives ================================ Drive c: (Nuevo vol) (Fixed) (Total:118.77 GB) (Free:14.02 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (SWISNIFE2) (Fixed) (Total:698.64 GB) (Free:276.19 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{a9130491-0000-0000-0000-40b11d000000}\ () (Fixed) (Total:0.47 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: A9130491) Partition 1: (Active) - (Size=118.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=482 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: F15CDD87) Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================