Addition.txt - 14/11/2019 - 10:51 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2019 Ran by Administrador (14-11-2019 10:51:06) Running from C:\Users\Administrador\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-08-16 13:42:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3196574434-2115305665-2033167260-500 - Administrator - Enabled) => C:\Users\Administrador HORACIO (S-1-5-21-3196574434-2115305665-2033167260-1000 - Administrator - Enabled) => C:\Users\HORACIO Invitado (S-1-5-21-3196574434-2115305665-2033167260-501 - Limited - Disabled) OPERADOR (S-1-5-21-3196574434-2115305665-2033167260-1002 - Limited - Enabled) => C:\Users\OPERADOR panda (S-1-5-21-3196574434-2115305665-2033167260-1001 - Administrator - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated) BabyWare (HKLM\...\BabyWare_V5.1.0_BabyWare) (Version: V5.1.0 - Paradox Security Systems) Control de Rondas versión 1.2.0.1 (HKLM\...\{FB03E95C-00F0-4275-A8FE-A10BAF8A49CB}_is1) (Version: 1.2.0.1 - Asensio Sistemas S.A.) doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Google Chrome (HKLM\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation) K-Lite Mega Codec Pack 14.2.5 (HKLM\...\KLiteCodecPack_is1) (Version: 14.2.5 - KLCP) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) OneWireDrivers_x86 (HKLM\...\{9C5B7017-C052-4AD3-A7B9-60BB012EF5A3}) (Version: 1.0.0.0 - Maxim Integrated) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.) SGI (HKLM\...\ST6UNST #1) (Version: - ) Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM\...\{63B3B077-8D2E-4B3E-81CB-9A9C9C40FF65}) (Version: 5.40.24 - Silicon Laboratories, Inc.) TeamViewer 13 Host (HKLM\...\TeamViewer) (Version: 13.2.36216 - TeamViewer) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.5 - uvnc bvba) UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.2.2 - SOSVirus (SOSVirus.Net)) VIVOTEK VAST (HKLM\...\VAST) (Version: 1.12.1.8 - VIVOTEK, Inc.) WinLoad 5.71 (HKLM\...\WinLoad 5.71_is1) (Version: - Paradox Security Systems) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2019-05-17 08:48 - 2010-04-14 10:37 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2019-05-17 08:48 - 2010-04-14 10:33 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:04 - 2018-08-16 11:07 - 000000848 _____ C:\Windows\system32\drivers\etc\hosts 192.168.5.51 SERVER01 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3196574434-2115305665-2033167260-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{20A70077-E726-4593-AD21-354CA47267E0}] => (Allow) LPort=5900 FirewallRules: [{5AB0A0B4-419B-43CF-AC64-BCD10347A804}] => (Allow) LPort=5800 FirewallRules: [{12556A88-370B-42DD-BF8E-ACFDDB7BE88D}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) FirewallRules: [{99F1AED3-296C-49A7-94E8-CFE3F712F0FB}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) FirewallRules: [TCP Query User{34EF801B-83F2-41C0-AC90-6F19B12084E4}C:\program files\paradox security systems\babyware\babyware.exe] => (Allow) C:\program files\paradox security systems\babyware\babyware.exe (Paradox Security Systems) [File not signed] FirewallRules: [UDP Query User{7A71FA3A-563B-4D4D-8FB3-E5AB935BDF14}C:\program files\paradox security systems\babyware\babyware.exe] => (Allow) C:\program files\paradox security systems\babyware\babyware.exe (Paradox Security Systems) [File not signed] FirewallRules: [{2C40F10D-3E49-498D-9094-FC8F676D17AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AA673045-4402-4204-A68E-A2386FAD5813}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{2FF42B97-6179-41F0-BCC9-923D3AC656E5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{F772A358-F3F2-4605-B53B-12A134EE267B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{59E5216B-BF70-4F94-9572-75F779F9F015}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{6A80042A-8DFA-4EDE-B54F-DE6F590DF8A0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{4BD4BE54-D1D9-44DA-9F00-58017AD232F0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed] FirewallRules: [{F57B1F52-93E8-4AFE-87A4-F122E318C18D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{D2F9635B-A272-41D1-8F97-1D6F989BFEAC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{3BC3A17A-BA4D-4EF7-A3AD-B67DB7AE95C9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{73F3D2E6-1BC2-454C-B118-08B7C1AC4481}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{CFF2F104-8FE9-4980-A525-3E3765DEB103}] => (Allow) C:\Program Files\Panda Security\WaAgent\WAHost\WAHost.exe No File FirewallRules: [{19B11D79-BE1E-482C-8863-13C2BE29B85A}] => (Allow) C:\Program Files\Panda Security\WaAgent\WAHost\WAHost.exe No File FirewallRules: [{2BAB68DB-25B1-4942-B60E-7B419E850863}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 06-11-2019 14:21:30 Punto de control programado ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/14/2019 10:43:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (11/13/2019 06:35:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (11/13/2019 06:30:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? Error: (11/13/2019 06:30:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? Error: (11/13/2019 06:30:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? Error: (11/13/2019 06:30:20 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? Error: (11/13/2019 06:30:13 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? Error: (11/13/2019 06:30:05 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: ??: FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH -- ?????? System errors: ============= Error: (11/14/2019 10:41:31 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: El equipo se reinició después de una comprobación de errores. La comprobación de errores fue: 0x0000007f (0x0000000f, 0xffdff391, 0x00000000, 0x00000000). Se guardó un volcado en: C:\Windows\MEMORY.DMP. Id. de informe: 111419-24258-01. Error: (11/14/2019 10:41:18 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: El cierre anterior del sistema a las 08:41:22 a.m. del ?13/?11/?2019 resultó inesperado. Error: (11/13/2019 06:34:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: cdrom Error: (11/13/2019 06:33:46 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: El equipo se reinició después de una comprobación de errores. La comprobación de errores fue: 0x0000001a (0x00041287, 0x00011000, 0x00000000, 0x00000000). Se guardó un volcado en: C:\Windows\MEMORY.DMP. Id. de informe: 111319-23961-01. Error: (11/13/2019 06:33:36 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: El cierre anterior del sistema a las 06:30:59 a.m. del ?13/?11/?2019 resultó inesperado. Error: (11/13/2019 06:26:27 AM) (Source: cdrom) (EventID: 15) (User: ) Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso. Error: (11/13/2019 06:26:27 AM) (Source: atapi) (EventID: 11) (User: ) Description: El controlador detectó un error de controladora en \Device\Ide\IdePort3. Error: (11/13/2019 06:26:26 AM) (Source: cdrom) (EventID: 15) (User: ) Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso. CodeIntegrity: =================================== Date: 2018-08-16 12:29:21.386 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:21.370 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:21.370 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:02.230 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:02.220 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:02.220 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:02.210 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-08-16 12:29:02.210 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. ==================== Memory info =========================== BIOS: Intel Corp. TCIBX10H.86A.0035.2010.0429.1516 04/29/2010 Motherboard: Intel Corporation DH55PJ Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz Percentage of memory in use: 84% Total physical RAM: 1909.33 MB Available physical RAM: 301.95 MB Total Virtual: 2933.33 MB Available Virtual: 1078.35 MB ==================== Drives ================================ Drive c: (SISTEMA) (Fixed) (Total:29.19 GB) (Free:10.99 GB) NTFS Drive d: (RESPALDO) (Fixed) (Total:45.23 GB) (Free:22.93 GB) NTFS \\?\Volume{b1b4a5ba-a158-11e8-bd88-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 179D179C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=45.2 GB) - (Type=0F Extended) ==================== End of Addition.txt ======================= FRST.txt - 14/11/2019 - 10:51 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2019 Ran by Administrador (administrator) on PC0267 (INTEL_ DH55PJ__) (14-11-2019 10:50:14) Running from C:\Users\Administrador\Desktop Loaded Profiles: Administrador (Available Profiles: HORACIO & OPERADOR & Administrador) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe (Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Sosvirus (Le Bozec Cedric, Dominique, Marie ) -> ) C:\Program Files\UsbFix\UsbFix.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (uvnc bvba -> UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [VAST] => [X] HKLM\...\RunOnce: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3196574434-2115305665-2033167260-500\...\Policies\system: [NoVisualStyleChoice] 1 HKU\S-1-5-21-3196574434-2115305665-2033167260-500\...\Policies\system: [NoDispAppearancePage] 1 HKU\S-1-5-21-3196574434-2115305665-2033167260-500\...\Policies\system: [NoDispScrSavPage] 1 HKU\S-1-5-21-3196574434-2115305665-2033167260-500\...\Policies\Explorer: [NoThemesTab] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-12] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sincronizacion.bat [2017-06-01] () [File not signed] GroupPolicy\User: Restriction ? <==== ATTENTION GroupPolicyScripts: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1F9D87E3-3E03-4F4D-8D60-E47DCD21623F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-08-16] (Google Inc -> Google Inc.) Task: {47DAEC6A-9180-429B-9135-B6D9381C8BD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {5B6E5958-0D69-4A75-951C-C2A2CDB36B77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2018-08-16] (Google Inc -> Google Inc.) Task: {86A1818A-6705-46C6-B54F-EAB15C0FD5C9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740032 2015-09-27] (@ByELDI -> @ByELDI) [File not signed] Task: {F525639F-F910-412E-93B3-D00D2B57C8F0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{9c9e9d63-17c7-40d7-819b-dc9e1f463e59} <==== ATTENTION (Restriction - IP) Hosts: 192.168.5.51 SERVER01 Tcpip\..\Interfaces\{E90FE600-AC40-4491-A762-F5BA459CE7E9}: [NameServer] 8.8.8.8,8.8.4.4 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.5.1,-1] Internet Explorer: ================== BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default [2019-11-14] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-14] CHR Extension: (Chrome Media Router) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-14] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "Ms8FA5BDFEAppB" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\Ms8FA5BDFEAppB => C:\Windows\System32\Ms8FA5BDFEApp.dll <==== ATTENTION (Rootkit!/Locked Service) R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems) R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation -> Intel Corporation) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI -> @ByELDI) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11449176 2019-10-10] (TeamViewer GmbH -> TeamViewer GmbH) R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2144560 2017-06-12] (uvnc bvba -> UltraVNC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-02] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2009-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories, Inc.) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63872 2009-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: Ms8FA5BDFEApp -> no filepath. NETSVC: Ms8FA5BDFEAppC -> no filepath. NETSVC: Ms8FA5BDFEAppA -> no filepath. NETSVC: Ms8FA5BDFEAppBak -> no filepath. NETSVC: Ms8FA5BDFEAppB -> no filepath. ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-14 10:50 - 2019-11-14 10:50 - 000009250 _____ C:\Users\Administrador\Desktop\FRST.txt 2019-11-14 10:50 - 2019-11-14 10:50 - 000000000 ____D C:\Users\Administrador\Desktop\FRST-OlderVersion 2019-11-14 10:49 - 2019-11-14 10:50 - 000000000 ____D C:\FRST 2019-11-14 10:48 - 2019-11-14 10:48 - 000003912 _____ C:\Users\Administrador\Desktop\USB FIX.txt 2019-11-14 10:47 - 2019-11-14 10:49 - 000001959 _____ C:\Users\Administrador\Desktop\UsbFix_Report.txt 2019-11-14 10:46 - 2019-11-14 10:46 - 000001840 _____ C:\Users\Administrador\Desktop\UsbFix Anti-Malware.lnk 2019-11-14 10:46 - 2019-11-14 10:46 - 000000000 ____D C:\Program Files\UsbFix 2019-11-14 10:45 - 2019-11-14 10:50 - 001989120 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 32.exe 2019-11-14 10:45 - 2019-11-13 07:07 - 002260480 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 64.exe 2019-11-14 10:45 - 2019-11-13 07:05 - 004773088 _____ (SOSVirus) C:\Users\Administrador\Desktop\UsbFix_2019_11.022.exe 2019-11-14 10:41 - 2019-11-14 10:41 - 000131072 _____ C:\Windows\Minidump\111419-24258-01.dmp 2019-11-13 06:33 - 2019-11-13 06:33 - 000131072 _____ C:\Windows\Minidump\111319-23961-01.dmp 2019-11-12 13:09 - 2019-11-12 13:09 - 000135216 _____ C:\Windows\Minidump\111219-24460-01.dmp 2019-11-11 06:20 - 2019-11-11 06:20 - 000131072 _____ C:\Windows\Minidump\111119-22042-01.dmp 2019-11-11 06:16 - 2019-11-11 06:16 - 000290570 _____ C:\Windows\system32\1762ACE2B0B0B70F6FA7621DBF9B4AEE.CRA116 2019-11-09 12:46 - 2019-11-09 12:46 - 000131072 _____ C:\Windows\Minidump\110919-26754-01.dmp 2019-11-08 20:15 - 2019-11-08 20:15 - 000131072 _____ C:\Windows\Minidump\110819-25272-01.dmp 2019-11-08 05:28 - 2019-11-08 05:28 - 001113271 _____ C:\Windows\system32\04B488D9F147B24006A0D80CDAE15ABD.CPB116 2019-11-08 05:27 - 2019-11-08 05:28 - 000135216 _____ C:\Windows\Minidump\110819-29577-01.dmp 2019-11-02 19:27 - 2019-11-02 19:27 - 000135216 _____ C:\Windows\Minidump\110219-24242-01.dmp 2019-10-29 11:28 - 2019-10-29 11:28 - 000000000 ____D C:\Program Files\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH 2019-10-29 10:25 - 2019-10-29 10:25 - 000131072 _____ C:\Windows\Minidump\102919-25209-01.dmp 2019-10-29 10:03 - 2019-10-29 10:03 - 000135216 _____ C:\Windows\Minidump\102919-22542-01.dmp 2019-10-29 07:13 - 2019-10-29 07:13 - 000135216 _____ C:\Windows\Minidump\102919-25272-01.dmp 2019-10-28 14:15 - 2019-10-28 14:15 - 000135216 _____ C:\Windows\Minidump\102819-22869-01.dmp 2019-10-28 14:00 - 2019-10-28 14:00 - 000135216 _____ C:\Windows\Minidump\102819-25100-01.dmp 2019-10-28 07:03 - 2019-10-28 07:03 - 000135216 _____ C:\Windows\Minidump\102819-29842-01.dmp 2019-10-25 14:40 - 2019-10-25 14:40 - 000135216 _____ C:\Windows\Minidump\102519-27830-01.dmp 2019-10-25 12:28 - 2019-10-25 12:28 - 000135216 _____ C:\Windows\Minidump\102519-23509-01.dmp 2019-10-24 09:45 - 2019-10-24 09:45 - 000131072 _____ C:\Windows\Minidump\102419-29000-01.dmp 2019-10-23 14:04 - 2019-10-23 14:04 - 000131072 _____ C:\Windows\Minidump\102319-23868-01.dmp 2019-10-23 14:00 - 2019-10-23 14:00 - 000135216 _____ C:\Windows\Minidump\102319-29686-01.dmp ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-14 10:45 - 2018-08-16 10:59 - 000109280 _____ C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-14 10:41 - 2019-08-15 10:45 - 000000000 ____D C:\Windows\Minidump 2019-11-14 10:41 - 2018-08-16 11:02 - 000000000 ____D C:\Program Files\TeamViewer 2019-11-14 10:41 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-13 06:49 - 2009-07-14 01:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-11-13 06:49 - 2009-07-14 01:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-11-12 13:40 - 2018-08-16 11:13 - 000000000 ____D C:\WinloadPrivateDir 2019-11-12 12:58 - 2018-08-16 11:09 - 000000000 ____D C:\Program Files\ControlRondasGS6000 2019-11-12 08:45 - 2018-08-16 11:14 - 000013030 _____ C:\PDOXUSRS.NET 2019-11-12 05:14 - 2018-08-16 11:05 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-12 05:14 - 2018-08-16 11:05 - 000002134 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-11-12 05:14 - 2018-08-16 11:05 - 000002134 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-11-04 23:25 - 2018-08-16 11:03 - 000003460 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2019-11-04 23:25 - 2018-08-16 11:03 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2019-11-04 23:25 - 2018-08-16 11:03 - 000000000 ____D C:\Program Files\Google 2019-10-29 11:31 - 2018-08-16 11:29 - 000109280 _____ C:\Users\OPERADOR\AppData\Local\GDIPFONTCACHEV1.DAT 2019-10-29 11:31 - 2018-08-16 10:54 - 000000000 ____D C:\Users\Administrador 2019-10-29 10:53 - 2009-07-14 01:33 - 000409272 _____ C:\Windows\system32\FNTCACHE.DAT 2019-10-29 10:51 - 2018-12-27 06:06 - 000000000 _RSHD C:\Windows\PSICache 2019-10-29 10:51 - 2018-08-16 11:18 - 000000000 ____D C:\Program Files\Panda Security 2019-10-29 10:49 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf 2019-10-28 06:15 - 2018-08-16 11:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-10-28 06:03 - 2009-07-14 01:53 - 000032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-10-25 00:50 - 2018-08-16 11:02 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13 Host.lnk 2019-10-25 00:50 - 2018-08-16 11:02 - 000000924 _____ C:\Users\Public\Desktop\TeamViewer 13 Host.lnk 2019-10-25 00:50 - 2018-08-16 11:02 - 000000924 _____ C:\ProgramData\Desktop\TeamViewer 13 Host.lnk 2019-10-23 18:51 - 2018-08-16 11:07 - 000000000 ____D C:\ProgramData\VIVOTEK Inc 2019-10-23 18:51 - 2018-08-16 11:07 - 000000000 ____D C:\log 2019-10-21 07:53 - 2018-11-03 17:43 - 000000000 ____D C:\Windows\system32\Tasks\Games 2019-10-17 06:40 - 2018-08-16 11:04 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2019-10-17 06:38 - 2018-08-16 12:57 - 000000000 ____D C:\Users\OPERADOR\AppData\Local\Adobe ==================== Files in the root of some directories ======== 2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Administrador\AppData\Local\setup.txt ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-11-09 13:04 ==================== End of FRST.txt ======================== Usb-Fix-Report-01.txt - 14/11/2019 # ---------------------------------------------------- # UsbFix Antivirus Free # ---------------------------------------------------- # Versión : 11.022 # Base de datos : 2019.10.27 # Contacto : https://www.usb-antivirus.com/es/contacto # ---------------------------------------------------- # Tipo de escaneo : Full # Usuario : Administrador (Administrador) # Dispositivo : PC0267 # Comenzó : 14/11/2019 10:47:12 # ---------------------------------------------------- ------------ | Discos analizados | C:\ NTFS (11GB/29GB) [Fixed] D:\ NTFS (23GB/45GB) [Fixed] ------------ | Elemento(s) infectado(s) | ~ Ningún elemento detectado ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AutoPico Daily Restart --> "C:\Program Files\KMSpico\AutoPico.exe" /silent Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ------------ | C:\ %SystemDrive% - Disco fijo (NTFS) | [10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys [16/08/2018 - 11:23:05 | RASH | 0 Ko] - MSDOS.SYS [16/08/2018 - 11:23:05 | RASH | 0 Ko] - IO.SYS [14/11/2019 - 10:41:11 | ASH | 1466364 Ko] - hiberfil.sys [12/11/2019 - 08:45:27 | A | 13 Ko] - PDOXUSRS.NET [16/08/2018 - 11:26:22 | SHD] - $Recycle.Bin [10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat [13/07/2009 - 23:37:05 | D] - PerfLogs [14/07/2009 - 01:53:55 | SHD] - Documents and Settings [16/08/2018 - 10:42:33 | SHD] - Archivos de programa [16/08/2018 - 10:42:34 | SHD] - Recovery [16/08/2018 - 10:55:55 | D] - Intel [16/08/2018 - 11:05:02 | RHD] - MSOCache [16/08/2018 - 11:11:31 | D] - SiLabs [16/08/2018 - 11:22:05 | D] - SGI [16/08/2018 - 11:26:08 | RD] - Users [16/08/2018 - 11:38:12 | HD] - ProgramData [23/10/2019 - 18:51:20 | D] - log [12/11/2019 - 13:40:54 | D] - WinloadPrivateDir [14/11/2019 - 10:45:25 | D] - Windows [14/11/2019 - 10:46:10 | RD] - Program Files ------------ | D:\ - Disco fijo (NTFS) | [14/11/2019 - 10:41:13 | ASH | 1048576 Ko] - pagefile.sys [23/08/2018 - 08:26:06 | A | 0 Ko] - SEGUROS CONTRATISTAS.lnk --> D:\SEGUROS CONTRATISTAS [16/08/2018 - 11:26:22 | SHD] - $RECYCLE.BIN [14/10/2010 - 07:23:23 | HD] - be7d0b483f3e7057742569c9746739 [14/10/2010 - 12:47:34 | HD] - e7c4049e2dd4340d1aed6aef50230650 [24/04/2017 - 08:54:11 | SHD] - RECYCLER [24/04/2017 - 08:55:30 | D] - CORREO [24/05/2018 - 11:13:24 | D] - INTERCAMBIO [20/07/2018 - 12:04:30 | RD] - SEGUROS CONTRATISTAS [16/08/2018 - 10:07:05 | D] - OPERADOR [16/08/2018 - 11:11:22 | RD] - MIS DOCUMENTOS [16/08/2018 - 12:53:48 | D] - Habilitador [27/07/2019 - 14:22:55 | RD] - BASE DE DATOS [29/08/2019 - 10:35:41 | RD] - Gestión SP [06/09/2019 - 15:06:46 | D] - Administrativo [14/09/2019 - 07:17:53 | RAD] - Manuales y Procedimientos Seguridad Patrimonial [16/10/2019 - 07:12:23 | RD] - Grabaciones Elemento(s) infectado(s) : 0 Elementos analizados : 50652 en 00h 00m 05s # UsbFix-Report-01.txt [3855B] ------------ | E.O.F | UsbFix-Report-02.txt - 14/11/2019 - # ---------------------------------------------------- # UsbFix Antivirus Free # ---------------------------------------------------- # Versión : 11.022 # Base de datos : 2019.10.27 # Contacto : https://www.usb-antivirus.com/es/contacto # ---------------------------------------------------- # Tipo de escaneo : USB # Usuario : Administrador (Administrador) # Dispositivo : PC0267 # Comenzó : 14/11/2019 10:49:09 # ---------------------------------------------------- ------------ | Discos analizados | No se detectan dispositivos para este tipo de escaneo. ------------ | Elemento(s) infectado(s) | ~ Ningún elemento detectado ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AutoPico Daily Restart --> "C:\Program Files\KMSpico\AutoPico.exe" /silent Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Elemento(s) infectado(s) : 0 Elementos analizados : 23172 en 00h 00m 01s # UsbFix-Report-02.txt [1900B] ------------ | E.O.F | UsbFix-Report-03.txt - 14/11/2019 # ---------------------------------------------------- # UsbFix Antivirus Free # ---------------------------------------------------- # Versión : 11.022 # Base de datos : 2019.10.27 # Contacto : https://www.usb-antivirus.com/es/contacto # ---------------------------------------------------- # Tipo de escaneo : Windows # Usuario : Administrador (Administrador) # Dispositivo : PC0267 # Comenzó : 14/11/2019 10:49:21 # ---------------------------------------------------- ------------ | Discos analizados | C:\ NTFS (11GB/29GB) [Fixed] D:\ NTFS (23GB/45GB) [Fixed] ------------ | Elemento(s) infectado(s) | ~ Ningún elemento detectado ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AutoPico Daily Restart --> "C:\Program Files\KMSpico\AutoPico.exe" /silent Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ------------ | C:\ %SystemDrive% - Disco fijo (NTFS) | [10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys [16/08/2018 - 11:23:05 | RASH | 0 Ko] - MSDOS.SYS [16/08/2018 - 11:23:05 | RASH | 0 Ko] - IO.SYS [14/11/2019 - 10:41:11 | ASH | 1466364 Ko] - hiberfil.sys [12/11/2019 - 08:45:27 | A | 13 Ko] - PDOXUSRS.NET [16/08/2018 - 11:26:22 | SHD] - $Recycle.Bin [10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat [13/07/2009 - 23:37:05 | D] - PerfLogs [14/07/2009 - 01:53:55 | SHD] - Documents and Settings [16/08/2018 - 10:42:33 | SHD] - Archivos de programa [16/08/2018 - 10:42:34 | SHD] - Recovery [16/08/2018 - 10:55:55 | D] - Intel [16/08/2018 - 11:05:02 | RHD] - MSOCache [16/08/2018 - 11:11:31 | D] - SiLabs [16/08/2018 - 11:22:05 | D] - SGI [16/08/2018 - 11:26:08 | RD] - Users [16/08/2018 - 11:38:12 | HD] - ProgramData [23/10/2019 - 18:51:20 | D] - log [12/11/2019 - 13:40:54 | D] - WinloadPrivateDir [14/11/2019 - 10:45:25 | D] - Windows [14/11/2019 - 10:46:10 | RD] - Program Files ------------ | D:\ - Disco fijo (NTFS) | [14/11/2019 - 10:41:13 | ASH | 1048576 Ko] - pagefile.sys [23/08/2018 - 08:26:06 | A | 0 Ko] - SEGUROS CONTRATISTAS.lnk --> D:\SEGUROS CONTRATISTAS [16/08/2018 - 11:26:22 | SHD] - $RECYCLE.BIN [14/10/2010 - 07:23:23 | HD] - be7d0b483f3e7057742569c9746739 [14/10/2010 - 12:47:34 | HD] - e7c4049e2dd4340d1aed6aef50230650 [24/04/2017 - 08:54:11 | SHD] - RECYCLER [24/04/2017 - 08:55:30 | D] - CORREO [24/05/2018 - 11:13:24 | D] - INTERCAMBIO [20/07/2018 - 12:04:30 | RD] - SEGUROS CONTRATISTAS [16/08/2018 - 10:07:05 | D] - OPERADOR [16/08/2018 - 11:11:22 | RD] - MIS DOCUMENTOS [16/08/2018 - 12:53:48 | D] - Habilitador [27/07/2019 - 14:22:55 | RD] - BASE DE DATOS [29/08/2019 - 10:35:41 | RD] - Gestión SP [06/09/2019 - 15:06:46 | D] - Administrativo [14/09/2019 - 07:17:53 | RAD] - Manuales y Procedimientos Seguridad Patrimonial [16/10/2019 - 07:12:23 | RD] - Grabaciones Elemento(s) infectado(s) : 0 Elementos analizados : 50657 en 00h 00m 05s # UsbFix-Report-03.txt [3858B] ------------ | E.O.F | UsbFix-Report-04.txt - 14/11/2019 # ---------------------------------------------------- # UsbFix Antivirus Free # ---------------------------------------------------- # Versión : 11.022 # Base de datos : 2019.10.27 # Contacto : https://www.usb-antivirus.com/es/contacto # ---------------------------------------------------- # Tipo de escaneo : USB # Usuario : Administrador (Administrador) # Dispositivo : PC0267 # Comenzó : 14/11/2019 10:49:35 # ---------------------------------------------------- ------------ | Discos analizados | No se detectan dispositivos para este tipo de escaneo. ------------ | Elemento(s) infectado(s) | ~ Ningún elemento detectado ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AutoPico Daily Restart --> "C:\Program Files\KMSpico\AutoPico.exe" /silent Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Elemento(s) infectado(s) : 0 Elementos analizados : 23172 en 00h 00m 01s # UsbFix-Report-04.txt [1900B] ------------ | E.O.F |