• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    Virus de severidad de información

    Hola! recurro para ver si tienen una solución para mi problema. Ocurre que alguien abrió un mail malicioso desde mi ordenador ejecutando un archivo .js, si no me equivoco, que contenía un virus. Quiero destacar ...

    1. #1
      Usuario Avatar de 0Dard
      Registrado
      nov 2016
      Ubicación
      Chile
      Mensajes
      5

      Virus de severidad de información

      Hola! recurro para ver si tienen una solución para mi problema. Ocurre que alguien abrió un mail malicioso desde mi ordenador ejecutando un archivo .js, si no me equivoco, que contenía un virus. Quiero destacar que al momento de ser afectado por el virus el ordenador no tenía antivirus.
      Desconozco la naturaleza de este virus. He efectuado un análisis de AVG en modo seguro, obteniendo una lista de directorios diciendo "Archivo bloqueado No analizado. es Correcto.", y al final dice:
      ------------------------------------------------------------
      El análisis comenzó: 6.11.2016 4:49:48
      Duración del análisis: 1 hora(s) 47 minuto(s) 40 segundo(s)
      ------------------------------------------------------------
      Objetos analizados: 560881
      Infecciones encontradas: 183
      Se encontró una severidad alta: 0
      Se encontró una severidad media: 0
      Se encontró una severidad de información: 183
      Se solucionó una severidad alta: 0
      Se solucionó una severidad media: 0
      Se solucionó una severidad de información: 0

      Cualquier respuesta es bienvenida. De antemano muchas gracias!

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      22.431

      Re: Virus de severidad de información

      Buenas 0Dard. al Foro.

      Temas que interesa revisar y leer :

      Consejos para antes de publicar un nuevo mensaje.

      Políticas del Foro de InfoSpyware.

      Políticas Foro Oficial de HijackThis en español.

      ¿Cómo subir imágenes al Foro? *TUTORIAL*
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Lo primero que vamos a realizar es una revisión de tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

      Paso 1.- Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus, mientras realizamos TODOS los pasos.

      Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


      Una vez descargadas, desconectas tu equipo de Internet(apaga el router) << Muy Importante, y Cierras también cualquier otro programa que tengas abierto.

      Paso 2.- Ejecutas las herramientas de una en una y en el orden indicado :

      Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador") para Todos los programas.
      CCleaner.-
      • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
      • Úsalo primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      Malwarebytes.-
      • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
      • Realiza un Análisis Completo.
      • Seleccionando "TODOS a Cuarentena" para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

      AdwCleaner.-
      • Ejecuta Adwcleaner.exe.
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\Program Files(x86)\AdwCleaner\AdwCleaner[C1].txt"

      Junkware Removal Tool.-
      • Ejecuta JRT.exe.
      • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
      • Si en algún momento te pide Reiniciar hazlo.
      • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

      Farbar Recovery Scan Tool.-
      • Ejecuta FRST.exe.
      • En el mensaje de la ventana del Disclaimer, pulsamos Yes.
      • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el análisis.
      • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

      Paso 3.- Poner los informes en tu próxima respuesta de :

      • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.


      Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de 0Dard
      Registrado
      nov 2016
      Ubicación
      Chile
      Mensajes
      5

      Re: Virus de severidad de información

      Hola! primero que todo gracias por la respuesta. Corrí los programas en el orden pedido, te pego los .txt:

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Fecha del análisis: 06-11-2016
      Hora del análisis: 22:41
      Archivo de registro: asdasd.txt
      Administrador: Sí

      Versión: 2.2.1.1043
      Base de datos de malwares: v2016.02.16.06
      Base de datos de rootkits: v2016.02.08.01
      Licencia: Gratis
      Protección contra el malware: Desactivado
      Protección contra sitios web maliciosos: Desactivado
      Autoprotección: Desactivado

      SO: Windows 8.1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: usuario

      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 332346
      Tiempo transcurrido: 29 min, 4 seg

      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      Procesos: 0
      (No hay elementos maliciosos detectados)

      Módulos: 0
      (No hay elementos maliciosos detectados)

      Claves del registro: 0
      (No hay elementos maliciosos detectados)

      Valores del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Carpetas: 0
      (No hay elementos maliciosos detectados)

      Archivos: 0
      (No hay elementos maliciosos detectados)

      Sectores físicos: 0
      (No hay elementos maliciosos detectados)

      ______________________________________________________________

      # AdwCleaner v6.030 - Registro generado 06/11/2016 en 23:17:42
      # *Updated on 19/10/2016 by Malwarebytes
      # Base de datos : 2016-10-18.1 [*Local]
      # Sistema operativo : Windows 8.1 Single Language (X64)
      # Nombre de usuario : usuario - EQUIPO
      # Ejecutado desde : C:\Users\usuario\Desktop\AdwCleaner.exe
      # Limpiar
      # Apoyo : hxxps://www.malwarebytes.com/support



      ***** [ Servicios ] *****

      [-] Políticas de IE borradasvToolbarUpdater40.3.6
      [-] Políticas de IE borradasWtuSystemSupport


      ***** [ Carpetas ] *****

      [-] RestauróC:\Users\usuario\AppData\Local\avg web tuneup
      [-] RestauróC:\Users\usuario\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
      [-] RestauróC:\Program Files\avg web tuneup
      [-] RestauróC:\Program Files\Common Files\AVG Secure Search
      [-] RestauróC:\ProgramData\avg web tuneup
      [#] *Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
      [-] RestauróC:\Program Files (x86)\avg web tuneup
      [-] RestauróC:\Program Files (x86)\Common Files\AVG Secure Search
      [-] RestauróC:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


      ***** [ Archivos ] *****

      [-] RestauróC:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


      ***** [ DLL ] *****



      ***** [ WMI ] *****



      ***** [ Accesos directos ] *****



      ***** [ Tareas programadas ] *****



      ***** [ Registro ] *****

      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      [-] RestauróHKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      [-] RestauróHKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
      [-] RestauróHKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
      [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
      [-] RestauróHKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
      [-] RestauróHKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
      [-] RestauróHKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
      [-] RestauróHKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
      [-] RestauróHKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      [-] RestauróHKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      [-] RestauróHKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
      [-] RestauróHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
      [-] RestauróHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
      [-] RestauróHKLM\SOFTWARE\AVG Tuneup
      [-] RestauróHKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] RestauróHKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] Restauró[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
      [-] RestauróHKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      [-] RestauróHKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      [#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      [-] RestauróHKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      [-] Restauró[x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      [-] RestauróHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
      [-] RestauróHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
      [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
      [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
      [-] RestauróHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
      [-] RestauróHKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
      [-] RestauróHKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      [-] RestauróHKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
      [#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


      ***** [ Analizando los navegadores web... ] *****

      [-] [C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default] [extension] eliminarchfdnecihphmhljaaejmgoiahnihplgn


      *************************

      :: Llaves "Tracing" removidas
      :: Winsock Configuración borrada

      *************************

      C:\AdwCleaner\AdwCleaner[C0].txt - [5727 bytes] - [06/11/2016 23:17:42]
      C:\AdwCleaner\AdwCleaner[S0].txt - [5841 bytes] - [06/11/2016 23:16:05]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5873 bytes] ##########

      _____________________________________________________________________

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.0.9 (09.30.2016)
      Operating System: Windows 8.1 Single Language x64
      Ran by usuario (Administrator) on 06-11-2016 at 23:24:34,24
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 1

      Successfully deleted: C:\Windows\prefetch\TOOLBARUPDATER.EXE-1707848D.pf (File)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 06-11-2016 at 23:28:59,84
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    4. #4
      Usuario Avatar de 0Dard
      Registrado
      nov 2016
      Ubicación
      Chile
      Mensajes
      5

      Re: Virus de severidad de información

      FRST Parte 1 (continúa en el prox comentario)

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
      Ran by usuario (administrator) on EQUIPO (06-11-2016 23:31:13)
      Running from C:\Users\usuario\Desktop
      Loaded Profiles: usuario (Available Profiles: usuario)
      Platform: Windows 8.1 Single Language (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
      (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
      (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
      (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      (Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
      (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
      (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
      (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      (Microsoft Corporation) C:\Windows\System32\SrTasks.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe


      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
      HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)
      HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
      HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
      HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
      HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
      HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4526424 2015-11-14] (Disc Soft Ltd)
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\Run: [AdobeBridge] => [X]
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\MountPoints2: {8f15fbb3-5139-11e6-8268-acb57d0acf4d} - "F:\setup.exe"

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
      Tcpip\..\Interfaces\{49AEB021-909E-4854-A6E6-69904881402A}: [DhcpNameServer] 7.254.254.254
      Tcpip\..\Interfaces\{F1765E21-85B6-4B0E-94E3-82F90B473071}: [NameServer] 8.8.8.8,8.4.4.4
      Tcpip\..\Interfaces\{F1765E21-85B6-4B0E-94E3-82F90B473071}: [DhcpNameServer] 192.168.1.1 0.0.0.0

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL14/20
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL14/20
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL14/20
      BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
      BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-03] (Microsoft Corporation)
      BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.)
      BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-03] (Microsoft Corporation)
      BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.)
      Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-03] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-03] (Microsoft Corporation)
      Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-03] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-03] (Microsoft Corporation)

      FireFox:
      ========
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-03] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-03] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR Profile: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
      CHR Extension: (Presentaciones de Google) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06]
      CHR Extension: (Google Docs) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-06]
      CHR Extension: (Google Drive) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-13]
      CHR Extension: (YouTube) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-13]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-06]
      CHR Extension: (AdBlock) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-06]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-06]
      CHR Extension: (Gmail) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-13]
      CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-06]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
      R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
      R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.)
      R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-06] (Windows (R) Win 7 DDK provider) [File not signed]
      S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
      S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
      R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-03] (Microsoft Corporation)
      R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd)
      U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
      S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
      R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
      R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
      R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-04] (Electronic Arts)
      S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-04] (Electronic Arts)
      R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54800 2016-05-04] (Advanced Micro Devices, Inc.)
      S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
      S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
      S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
      S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
      S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
      S3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
      S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2016-05-04] (Advanced Micro Devices, Inc. )
      R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
      R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277232 2016-05-04] (Advanced Micro Devices, Inc. )
      R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
      R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
      S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
      R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
      R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
      R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
      R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
      R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
      R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
      R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
      R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
      R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
      R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
      S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
      R3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2016-07-23] (Disc Soft Ltd)
      R3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47160 2016-07-23] (Disc Soft Ltd)
      S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
      R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2016-07-12] (Realtek Semiconductor Corp.)
      S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
      S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
      R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
      S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
      S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
      S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
      R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-11-06 23:31 - 2016-11-06 23:31 - 00018715 _____ C:\Users\usuario\Desktop\FRST.txt
      2016-11-06 23:30 - 2016-11-06 23:31 - 00000000 ____D C:\FRST
      2016-11-06 23:28 - 2016-11-06 23:30 - 00000643 _____ C:\Users\usuario\Desktop\JRT.txt
      2016-11-06 23:21 - 2016-11-06 23:21 - 00006011 _____ C:\Users\usuario\Desktop\AdwCleaner[C0].txt
      2016-11-06 23:13 - 2016-11-06 23:17 - 00000000 ____D C:\AdwCleaner
      2016-11-06 23:13 - 2016-11-06 23:13 - 00001286 _____ C:\Users\usuario\Desktop\asdasd.txt
      2016-11-06 22:40 - 2016-11-06 23:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2016-11-06 22:40 - 2016-11-06 22:40 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      2016-11-06 22:40 - 2016-11-06 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
      2016-11-06 22:40 - 2016-11-06 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes
      2016-11-06 22:40 - 2016-11-06 22:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
      2016-11-06 22:40 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
      2016-11-06 22:40 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
      2016-11-06 22:40 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2016-11-06 22:39 - 2016-11-06 22:39 - 00004114 _____ C:\Users\usuario\Desktop\cc_20161106_223919.reg
      2016-11-06 22:34 - 2016-11-06 22:34 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2016-11-06 22:34 - 2016-11-06 22:34 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2016-11-06 22:34 - 2016-11-06 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2016-11-06 22:34 - 2016-11-06 22:34 - 00000000 ____D C:\Program Files\CCleaner
      2016-11-06 21:30 - 2016-11-06 21:30 - 02410496 _____ (Farbar) C:\Users\usuario\Desktop\FRST64.exe
      2016-11-06 21:28 - 2016-11-06 21:28 - 01631928 _____ (Malwarebytes) C:\Users\usuario\Desktop\JRT.exe
      2016-11-06 21:27 - 2016-11-06 21:27 - 03910208 _____ C:\Users\usuario\Desktop\AdwCleaner.exe
      2016-11-06 21:26 - 2016-11-06 21:26 - 22851472 _____ (Malwarebytes ) C:\Users\usuario\Desktop\mbam-setup-2.2.1.1043.exe
      2016-11-06 21:25 - 2016-11-06 21:25 - 08270712 _____ (Piriform Ltd) C:\Users\usuario\Desktop\ccsetup523.exe
      2016-11-06 20:49 - 2016-11-06 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2016-11-06 20:48 - 2016-11-06 20:48 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
      2016-11-06 15:58 - 2016-11-06 17:51 - 00022473 _____ C:\Users\usuario\Desktop\avgrep2.txt
      2016-11-06 15:48 - 2016-11-06 15:48 - 00000959 _____ C:\Users\Public\Desktop\AVG Protection.lnk
      2016-11-06 15:48 - 2016-11-06 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
      2016-11-06 15:40 - 2016-08-14 00:06 - 00000000 ____D C:\Users\usuario\Desktop\AGIS16101775264
      2016-11-06 15:21 - 2016-11-06 21:12 - 00000000 ____D C:\Program Files\Plumbytes Software
      2016-11-06 04:43 - 2016-11-06 06:37 - 00022361 _____ C:\Users\usuario\Desktop\avgrep.txt
      2016-11-06 03:10 - 2016-11-06 03:10 - 00000000 ____D C:\Users\usuario\AppData\Roaming\AVG
      2016-11-06 03:05 - 2016-11-06 03:05 - 00000000 ____D C:\Users\usuario\AppData\Roaming\TuneUp Software
      2016-11-06 02:58 - 2016-11-06 02:58 - 00000000 ___HD C:\$AVG
      2016-11-06 02:52 - 2016-11-06 23:23 - 00000000 ____D C:\ProgramData\MFAData
      2016-11-06 02:52 - 2016-11-06 02:52 - 00000000 ____D C:\Users\usuario\AppData\Local\MFAData
      2016-11-06 02:49 - 2016-11-06 02:58 - 00000000 ____D C:\ProgramData\Avg
      2016-11-06 02:49 - 2016-11-06 02:57 - 00000000 ____D C:\Program Files (x86)\AVG
      2016-11-06 02:48 - 2016-11-06 20:55 - 00000000 ____D C:\Users\usuario\AppData\Local\AvgSetupLog
      2016-11-06 02:48 - 2016-11-06 03:10 - 00000000 ____D C:\Users\usuario\AppData\Local\Avg
      2016-11-06 02:46 - 2016-11-06 02:46 - 263976724 _____ C:\Users\usuario\Desktop\AGIS16101775264.rar
      2016-11-06 02:27 - 2016-11-06 02:27 - 00000000 _____ C:\Users\usuario\AppData\Local\sorrizo
      2016-11-06 02:26 - 2016-11-06 02:26 - 06212994 _____ C:\Users\usuario\AppData\Local\RHQEYTDUENRUDEBDSKKD.zip
      2016-11-03 19:15 - 2016-11-03 19:18 - 00000000 ____D C:\Users\usuario\AppData\Roaming\Rockwell Software
      2016-11-03 19:15 - 2016-11-03 19:15 - 00000000 ____D C:\ProgramData\Rockwell Software
      2016-11-03 19:13 - 2016-11-03 19:14 - 00000000 ____D C:\Program Files\Rockwell Software
      2016-11-03 19:13 - 2016-11-03 19:13 - 00000000 ____D C:\Users\Public\Documents\Rockwell Software
      2016-11-03 19:13 - 2016-11-03 19:13 - 00000000 ____D C:\ProgramData\Rockwell Automation
      2016-11-03 19:09 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files (x86)\SAP BusinessObjects
      2016-11-03 19:07 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\Microsoft Office
      2016-11-03 19:07 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files (x86)\MSECache
      2016-10-29 15:16 - 2016-11-06 22:58 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
      2016-10-29 15:16 - 2016-10-29 15:16 - 00003726 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2016-10-28 21:43 - 2016-10-28 21:43 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau Public 10.0.lnk
      2016-10-25 23:47 - 2016-10-25 23:48 - 00000000 ____D C:\ProgramData\FLEXnet
      2016-10-25 23:46 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
      2016-10-25 23:45 - 2016-10-25 23:45 - 00001265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 10.0.lnk
      2016-10-25 23:43 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\Tableau
      2016-10-25 23:43 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\psqlODBC
      2016-10-25 23:43 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\Amazon Redshift ODBC Driver
      2016-10-25 23:43 - 2016-10-25 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Redshift ODBC Driver (64-bit)
      2016-10-25 23:42 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\MySQL
      2016-10-25 23:42 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server
      2016-10-25 23:42 - 2016-11-06 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
      2016-10-25 23:42 - 2016-10-25 23:43 - 00000875 _____ C:\Windows\ODBCINST.INI
      2016-10-25 23:42 - 2016-10-25 23:42 - 00000000 ____D C:\Windows\SysWOW64\1033
      2016-10-25 23:42 - 2016-10-25 23:42 - 00000000 ____D C:\Windows\system32\1033
      2016-10-19 05:04 - 2016-11-05 17:14 - 00000000 ____D C:\Users\usuario\Desktop\GO
      2016-10-17 03:24 - 2016-11-05 17:18 - 00000000 ____D C:\Users\usuario\Desktop\ISP
      2016-10-13 03:12 - 2016-11-06 17:00 - 00000000 ____D C:\Users\usuario\Desktop\IO
      2016-10-13 03:11 - 2016-11-02 22:01 - 00000000 ____D C:\Users\usuario\Desktop\Mkt II
      2016-10-11 20:10 - 2016-09-12 20:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2016-10-11 20:10 - 2016-09-09 10:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2016-10-11 20:10 - 2016-09-09 10:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2016-10-11 20:09 - 2016-09-30 21:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2016-10-11 20:09 - 2016-09-30 04:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2016-10-11 20:09 - 2016-09-30 03:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2016-10-11 20:09 - 2016-09-30 03:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2016-10-11 20:09 - 2016-09-30 03:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2016-10-11 20:09 - 2016-09-30 03:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2016-10-11 20:09 - 2016-09-30 02:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2016-10-11 20:09 - 2016-09-30 02:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2016-10-11 20:09 - 2016-09-30 02:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
      2016-10-11 20:09 - 2016-09-30 02:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2016-10-11 20:09 - 2016-09-30 02:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2016-10-11 20:09 - 2016-09-30 02:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2016-10-11 20:09 - 2016-09-30 02:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2016-10-11 20:09 - 2016-09-30 02:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2016-10-11 20:09 - 2016-09-30 02:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2016-10-11 20:09 - 2016-09-30 02:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2016-10-11 20:09 - 2016-09-30 02:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2016-10-11 20:09 - 2016-09-30 02:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2016-10-11 20:09 - 2016-09-30 02:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
      2016-10-11 20:09 - 2016-09-30 02:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2016-10-11 20:09 - 2016-09-30 02:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2016-10-11 20:09 - 2016-09-30 02:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2016-10-11 20:09 - 2016-09-30 02:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2016-10-11 20:09 - 2016-09-30 02:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2016-10-11 20:09 - 2016-09-30 01:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2016-10-11 20:09 - 2016-09-30 01:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2016-10-11 20:09 - 2016-09-30 01:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2016-10-11 20:09 - 2016-09-30 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2016-10-11 20:09 - 2016-09-17 15:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
      2016-10-11 20:09 - 2016-09-17 14:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
      2016-10-11 20:09 - 2016-09-17 14:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
      2016-10-11 20:09 - 2016-09-17 14:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
      2016-10-11 20:09 - 2016-09-17 14:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2016-10-11 20:09 - 2016-09-13 22:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
      2016-10-11 20:09 - 2016-09-13 22:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2016-10-11 20:09 - 2016-09-13 22:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
      2016-10-11 20:09 - 2016-09-13 22:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
      2016-10-11 20:09 - 2016-09-12 19:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
      2016-10-11 20:09 - 2016-09-12 18:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
      2016-10-11 20:09 - 2016-09-09 11:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2016-10-11 20:09 - 2016-09-08 17:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
      2016-10-11 20:09 - 2016-09-08 11:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
      2016-10-11 20:09 - 2016-09-08 11:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2016-10-11 20:09 - 2016-09-07 19:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2016-10-11 20:09 - 2016-09-07 18:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
      2016-10-11 20:09 - 2016-09-07 18:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2016-10-11 20:09 - 2016-09-07 18:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
      2016-10-11 20:09 - 2016-09-07 18:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
      2016-10-11 20:09 - 2016-08-31 14:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2016-10-11 20:09 - 2016-08-31 13:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
      2016-10-11 20:09 - 2016-08-25 17:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
      2016-10-11 20:09 - 2016-08-25 16:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
      2016-10-11 20:09 - 2016-08-12 21:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2016-10-11 20:09 - 2016-08-12 21:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
      2016-10-11 20:09 - 2016-08-12 21:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
      2016-10-11 20:09 - 2016-08-12 21:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
      2016-10-11 20:09 - 2016-08-12 19:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
      2016-10-11 20:09 - 2016-08-12 19:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
      2016-10-11 20:09 - 2016-08-12 18:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2016-10-11 20:09 - 2016-08-12 18:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
      2016-10-11 20:09 - 2016-08-12 17:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
      2016-10-11 20:09 - 2016-08-11 22:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2016-10-11 20:09 - 2016-08-11 22:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
      2016-10-11 20:09 - 2016-08-11 15:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
      2016-10-11 20:09 - 2016-08-11 15:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
      2016-10-11 20:09 - 2016-08-11 15:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
      2016-10-11 20:09 - 2016-08-11 14:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
      2016-10-11 20:09 - 2016-08-11 10:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
      2016-10-11 20:09 - 2016-08-11 02:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
      2016-10-11 20:09 - 2016-08-03 12:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
      2016-10-11 20:09 - 2016-08-03 12:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
      2016-10-11 20:09 - 2016-08-03 12:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
      2016-10-11 20:09 - 2016-08-03 12:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
      2016-10-11 20:09 - 2016-07-30 14:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
      2016-10-11 20:09 - 2016-07-30 13:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
      2016-10-11 20:09 - 2016-07-26 10:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
      2016-10-11 20:09 - 2016-07-26 10:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
      2016-10-11 20:09 - 2016-07-23 15:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
      2016-10-11 20:09 - 2016-07-23 15:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
      2016-10-11 20:07 - 2016-08-27 16:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2016-10-11 20:07 - 2016-08-27 16:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
      2016-10-11 20:07 - 2016-08-27 15:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
      2016-10-11 20:07 - 2016-08-27 13:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
      2016-10-11 20:07 - 2016-08-27 12:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
      2016-10-11 20:07 - 2016-08-20 19:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2016-10-11 20:07 - 2016-08-20 19:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
      2016-10-11 20:06 - 2016-08-27 16:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
      2016-10-11 20:06 - 2016-08-27 15:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
      2016-10-11 20:06 - 2016-08-27 15:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
      2016-10-11 20:06 - 2016-08-27 13:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
      2016-10-11 20:06 - 2016-08-27 13:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
      2016-10-07 15:34 - 2016-10-07 15:34 - 00000165 ____H C:\Users\usuario\Desktop\~$Avance 1 (1).pptx
      2016-10-07 15:19 - 2016-10-29 20:06 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
      2016-10-07 15:19 - 2016-10-29 15:16 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2016-11-06 23:21 - 2016-07-13 19:27 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2016-11-06 23:20 - 2016-09-28 22:00 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
      2016-11-06 23:20 - 2016-07-11 12:21 - 00000000 ____D C:\ProgramData\McAfee
      2016-11-06 23:20 - 2016-07-11 12:21 - 00000000 ____D C:\Program Files (x86)\McAfee
      2016-11-06 23:19 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
      2016-11-06 23:18 - 2016-07-11 12:11 - 00065536 _____ C:\Windows\system32\spu_storage.bin
      2016-11-06 23:07 - 2016-07-13 19:27 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2016-11-06 23:03 - 2016-07-11 20:13 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957736222-3041730585-2728577965-1002
      2016-11-06 22:40 - 2016-07-13 23:31 - 00694272 ___SH C:\Users\usuario\Desktop\Thumbs.db
      2016-11-06 22:36 - 2016-08-10 23:00 - 00000000 ____D C:\Windows\Minidump
      2016-11-06 22:36 - 2016-07-13 23:47 - 00000000 ____D C:\Users\usuario\AppData\Roaming\TS3Client
      2016-11-06 22:36 - 2016-07-13 19:30 - 00000000 ____D C:\Program Files (x86)\Steam
      2016-11-06 22:36 - 2014-04-02 07:25 - 00000000 ____D C:\Windows\Panther
      2016-11-06 22:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
      2016-11-06 21:34 - 2013-08-22 12:36 - 00000000 ___HD C:\Windows\ELAMBKUP
      2016-11-06 21:34 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
      2016-11-06 21:24 - 2014-04-02 06:52 - 00000000 ____D C:\inetpub
      2016-11-06 21:06 - 2016-07-11 20:11 - 00000000 ____D C:\Users\usuario\Documents\Youcam
      2016-11-06 15:53 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
      2016-11-06 15:00 - 2016-07-11 20:06 - 00000000 ____D C:\Users\usuario
      2016-11-06 13:49 - 2014-05-04 20:57 - 00000000 ____D C:\Program Files\7-Zip
      2016-11-06 13:49 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\inetsrv
      2016-11-06 13:49 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
      2016-11-06 13:45 - 2016-07-23 22:51 - 00000000 ____D C:\Program Files\DAEMON Tools Ultra
      2016-11-06 13:45 - 2016-07-14 18:49 - 00000000 ____D C:\Program Files\WinRAR
      2016-11-06 13:45 - 2016-07-11 12:19 - 00000000 ____D C:\Program Files\Bonjour
      2016-11-06 13:45 - 2016-07-11 12:16 - 00000000 ____D C:\Program Files\Apoint2K
      2016-11-06 13:44 - 2016-07-11 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
      2016-11-06 13:44 - 2016-07-11 12:18 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
      2016-11-06 13:35 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps
      2016-11-06 13:28 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\registration
      2016-11-06 13:26 - 2014-05-05 06:10 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
      2016-11-06 13:26 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\SysWOW64\winrm
      2016-11-06 13:26 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\WinStore
      2016-11-06 13:26 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Web
      2016-11-06 13:26 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Vss
      2016-11-06 13:26 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\vpnplugins
      2016-11-06 13:25 - 2014-05-04 21:16 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
      2016-11-06 13:25 - 2014-05-04 21:08 - 00000000 ____D C:\Windows\SysWOW64\Adobe
      2016-11-06 13:25 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\SysWOW64\slmgr
      2016-11-06 13:25 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
      2016-11-06 13:25 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\system32\winrm
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\Licenses
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\IME
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\et-EE
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\Com
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SystemResources
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Shared
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
      2016-11-06 13:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\System
      2016-11-06 13:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
      2016-11-06 13:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
      2016-11-06 13:25 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Sysprep
      2016-11-06 13:24 - 2016-07-11 12:15 - 00000000 ____D C:\Windows\system32\SRSLabs
      2016-11-06 13:24 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\system32\slmgr
      2016-11-06 13:24 - 2014-03-18 06:25 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\spool
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\MUI
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\MsDtc
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\migwiz
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\Macromed
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\lv-LV
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\lt-LT
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\Licenses
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\InputMethod
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\IME
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\et-EE
      2016-11-06 13:24 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\en-GB
      2016-11-06 13:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\SMI
      2016-11-06 13:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\oobe
      2016-11-06 13:23 - 2014-03-18 06:38 - 00000000 ____D C:\Windows\SKB
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ___SD C:\Windows\system32\dsc
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ___SD C:\Windows\system32\Configuration
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\DesktopTileResources
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\Com
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\security
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\schemas
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Resources
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PLA
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Performance
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\InputMethod
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\IME
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Help
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Globalization
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\FileManager
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Camera
      2016-11-06 13:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Branding
      2016-11-06 13:23 - 2013-08-22 11:45 - 00000000 ____D C:\Windows\Setup
      2016-11-06 13:23 - 2013-08-22 11:45 - 00000000 ____D C:\Windows\ServiceProfiles
      2016-11-06 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Dism
      2016-11-06 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\servicing
      2016-11-06 13:22 - 2016-09-07 03:18 - 00000000 ____D C:\Users\usuario\Documents\BioWare
      2016-11-06 13:22 - 2016-07-15 23:36 - 00000000 ____D C:\Users\usuario\Documents\CAPCOM
      2016-11-06 13:22 - 2016-07-13 21:00 - 00000000 ____D C:\Users\usuario\Documents\My Games
      2016-11-06 13:22 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppCompat
      2016-11-06 13:22 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\ADFS
      2016-11-06 13:21 - 2016-09-05 23:59 - 00000000 ____D C:\Users\usuario\AppData\Roaming\11bitstudios
      2016-11-06 13:21 - 2016-09-04 18:05 - 00000000 ____D C:\ProgramData\Origin
      2016-11-06 13:21 - 2016-08-10 03:43 - 00000000 ____D C:\Riot Games
      2016-11-06 13:21 - 2016-08-09 20:31 - 00000000 ____D C:\Users\usuario\AppData\Local\HP_Development_Company,_L
      2016-11-06 13:21 - 2016-08-01 02:49 - 00000000 ____D C:\Users\usuario\AppData\Local\PTE_Patch
      2016-11-06 13:21 - 2016-07-31 22:56 - 00000000 ____D C:\ProgramData\Steam
      2016-11-06 13:21 - 2016-07-23 23:52 - 00000000 ____D C:\Users\usuario\AppData\Local\Disc_Soft_Ltd
      2016-11-06 13:21 - 2016-07-23 22:51 - 00000000 ____D C:\Users\usuario\AppData\Roaming\DAEMON Tools Ultra
      2016-11-06 13:21 - 2016-07-17 19:54 - 00000000 ____D C:\Users\usuario\.spyder2
      2016-11-06 13:21 - 2016-07-14 02:14 - 00000000 ____D C:\Users\Public\Documents\Tunngle
      2016-11-06 13:21 - 2016-07-13 19:36 - 00000000 ____D C:\Users\usuario\AppData\Local\CEF
      2016-11-06 13:21 - 2016-07-13 19:27 - 00000000 ____D C:\Users\usuario\AppData\Local\Google
      2016-11-06 13:21 - 2016-07-13 19:26 - 00000000 ____D C:\Users\usuario\AppData\Local\Apps\2.0
      2016-11-06 13:21 - 2016-07-11 20:29 - 00000000 ____D C:\Users\usuario\AppData\Local\Hewlett-Packard
      2016-11-06 13:21 - 2016-07-11 20:13 - 00000000 ____D C:\Users\usuario\AppData\Roaming\Macromedia
      2016-11-06 13:21 - 2016-07-11 20:11 - 00000000 ____D C:\Users\usuario\AppData\Local\CyberLink
      2016-11-06 13:21 - 2016-07-11 20:07 - 00000000 ____D C:\Users\usuario\AppData\Roaming\Adobe
      2016-11-06 13:21 - 2016-07-11 20:07 - 00000000 ____D C:\Users\usuario\AppData\Local\Packages
      2016-11-06 13:21 - 2016-07-11 12:25 - 00000000 ____D C:\ProgramData\Temp
      2016-11-06 13:21 - 2016-07-11 12:10 - 00000000 ____D C:\ProgramData\Package Cache
      2016-11-06 13:21 - 2014-05-04 21:50 - 00000000 ____D C:\ProgramData\WildTangent
      2016-11-06 13:21 - 2014-05-04 20:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
      2016-11-06 13:21 - 2014-03-31 22:07 - 00000000 ___HD C:\SYSTEM.SAV
      2016-11-06 13:21 - 2014-03-31 22:07 - 00000000 ____D C:\SWSetup
      2016-11-06 13:20 - 2016-09-28 22:00 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
      2016-11-06 13:20 - 2016-09-24 20:55 - 00000000 ____D C:\Program Files\RStudio
      2016-11-06 13:20 - 2016-09-24 20:51 - 00000000 ____D C:\Program Files\R
      2016-11-06 13:20 - 2016-09-04 18:10 - 00000000 ____D C:\Program Files (x86)\Origin Games
      2016-11-06 13:20 - 2016-09-04 18:05 - 00000000 ____D C:\ProgramData\Electronic Arts
      2016-11-06 13:20 - 2016-09-04 18:00 - 00000000 ____D C:\Program Files (x86)\Origin
      2016-11-06 13:20 - 2016-08-02 04:38 - 00000000 ____D C:\Program Files\Adobe
      2016-11-06 13:20 - 2016-08-02 04:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
      2016-11-06 13:20 - 2016-07-31 22:50 - 00000000 ____D C:\Program Files (x86)\Pro Evolution Soccer 2016
      2016-11-06 13:20 - 2016-07-23 22:54 - 00000000 ____D C:\Program Files (x86)\Borderlands 2 GOTY
      2016-11-06 13:20 - 2016-07-17 20:07 - 00000000 ____D C:\Program Files (x86)\Adobe
      2016-11-06 13:20 - 2016-07-17 20:06 - 00000000 ____D C:\ProgramData\Adobe
      2016-11-06 13:20 - 2016-07-17 19:45 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
      2016-11-06 13:20 - 2016-07-17 19:22 - 00000000 ____D C:\gurobi652
      2016-11-06 13:20 - 2016-07-17 19:05 - 00000000 ____D C:\Anaconda2
      2016-11-06 13:20 - 2016-07-17 17:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
      2016-11-06 13:20 - 2016-07-14 02:14 - 00000000 ____D C:\Program Files (x86)\Tunngle
      2016-11-06 13:20 - 2016-07-13 23:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2016-11-06 13:20 - 2016-07-13 23:53 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
      2016-11-06 13:20 - 2016-07-13 23:47 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
      2016-11-06 13:20 - 2016-07-13 19:27 - 00000000 ____D C:\Program Files (x86)\Google
      2016-11-06 13:20 - 2016-07-12 23:15 - 00000000 ____D C:\Program Files (x86)\HP
      2016-11-06 13:20 - 2016-07-11 12:27 - 00000000 ____D C:\ProgramData\CyberLink
      2016-11-06 13:20 - 2016-07-11 12:25 - 00000000 ____D C:\ProgramData\install_clap
      2016-11-06 13:20 - 2016-07-11 12:25 - 00000000 ____D C:\Program Files (x86)\CyberLink
      2016-11-06 13:20 - 2016-07-11 12:19 - 00000000 ____D C:\ProgramData\Apple
      2016-11-06 13:20 - 2016-07-11 12:17 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
      2016-11-06 13:20 - 2016-07-11 12:15 - 00000000 ____D C:\Program Files\Realtek
      2016-11-06 13:20 - 2016-07-11 12:13 - 00000000 ____D C:\Program Files (x86)\Realtek
      2016-11-06 13:20 - 2016-07-11 12:13 - 00000000 ____D C:\Program Files (x86)\AMD AVT
      2016-11-06 13:20 - 2016-07-11 12:12 - 00000000 ____D C:\Program Files\ATI Technologies
      2016-11-06 13:20 - 2016-07-11 12:11 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
      2016-11-06 13:20 - 2016-07-11 12:11 - 00000000 ____D C:\Program Files\AMD
      2016-11-06 13:20 - 2016-07-11 12:10 - 00000000 ____D C:\Program Files\ATI
      2016-11-06 13:20 - 2016-07-11 12:10 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
      2016-11-06 13:20 - 2014-05-05 05:48 - 00000000 ___HD C:\HP
      2016-11-06 13:20 - 2014-05-04 21:50 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
      2016-11-06 13:20 - 2014-05-04 21:50 - 00000000 ____D C:\Program Files (x86)\WildGames
      2016-11-06 13:20 - 2014-05-04 21:14 - 00000000 ___RD C:\Program Files (x86)\Online Services
      2016-11-06 13:20 - 2014-05-04 21:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
      2016-11-06 13:20 - 2014-05-04 21:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      2016-11-06 13:20 - 2014-05-04 21:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
      2016-11-06 13:20 - 2014-05-04 20:59 - 00000000 ____D C:\ProgramData\Hewlett-Packard
      2016-11-06 13:20 - 2014-05-04 20:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2016-11-06 13:20 - 2014-05-04 20:54 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
      2016-11-06 13:20 - 2014-04-02 06:50 - 00000000 ____D C:\Program Files\Reference Assemblies
      2016-11-06 13:20 - 2014-04-02 06:50 - 00000000 ____D C:\Program Files\MSBuild
      2016-11-06 13:20 - 2014-04-02 06:50 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
      2016-11-06 13:20 - 2014-04-02 06:50 - 00000000 ____D C:\Program Files (x86)\MSBuild

    5. #5
      Usuario Avatar de 0Dard
      Registrado
      nov 2016
      Ubicación
      Chile
      Mensajes
      5

      Re: Virus de severidad de información

      2016-11-06 13:20 - 2013-10-02 18:14 - 00000000 ____D C:\Program Files\Hewlett-Packard
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows NT
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Defender
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\System
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
      2016-11-06 13:20 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
      2016-11-03 18:48 - 2016-07-11 20:07 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{656F4913-181C-45F7-A197-659C78028419}
      2016-11-03 18:19 - 2016-07-17 20:07 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2016-11-01 03:29 - 2016-07-12 14:11 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForusuario.job
      2016-11-01 00:58 - 2016-07-12 14:11 - 00003172 _____ C:\Windows\System32\Tasks\HPCeeScheduleForusuario
      2016-10-29 15:18 - 2016-07-17 20:04 - 00000000 ____D C:\Users\usuario\AppData\Local\Adobe
      2016-10-28 16:53 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
      2016-10-25 23:47 - 2016-09-27 20:42 - 00000000 ____D C:\Users\usuario\AppData\Local\Tableau
      2016-10-25 23:46 - 2016-09-27 20:42 - 00000000 ____D C:\Users\usuario\Documents\Mi Repositorio de Tableau
      2016-10-25 23:38 - 2014-05-05 06:11 - 00845178 _____ C:\Windows\system32\perfh00A.dat
      2016-10-25 23:38 - 2014-05-05 06:11 - 00183430 _____ C:\Windows\system32\perfc00A.dat
      2016-10-25 23:38 - 2014-03-18 06:53 - 01974050 _____ C:\Windows\system32\PerfStringBackup.INI
      2016-10-25 23:10 - 2016-07-13 19:28 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2016-10-25 23:10 - 2016-07-13 19:28 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2016-10-24 18:54 - 2016-07-13 11:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2016-10-24 18:54 - 2016-07-13 11:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2016-10-23 23:18 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
      2016-10-21 18:10 - 2013-08-22 12:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2016-10-20 12:14 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
      2016-10-12 18:43 - 2016-07-17 20:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2016-10-12 14:47 - 2016-07-13 11:13 - 00000000 ____D C:\Windows\system32\appraiser
      2016-10-12 14:47 - 2016-07-13 11:10 - 00000000 ___SD C:\Windows\system32\CompatTel
      2016-10-11 23:36 - 2016-07-12 15:16 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
      2016-10-11 21:05 - 2013-08-22 11:44 - 05101616 _____ C:\Windows\system32\FNTCACHE.DAT
      2016-10-11 20:59 - 2016-07-12 22:29 - 00000000 ____D C:\Windows\system32\MRT
      2016-10-11 20:59 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData
      2016-10-11 20:49 - 2016-07-12 22:29 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2016-10-10 02:16 - 2016-09-04 18:09 - 00000000 ____D C:\Users\usuario\AppData\Roaming\Origin

      ==================== Files in the root of some directories =======

      2016-10-05 23:05 - 2016-10-05 23:05 - 0007606 _____ () C:\Users\usuario\AppData\Local\Resmon.ResmonCfg
      2016-11-06 02:26 - 2016-11-06 02:26 - 6212994 _____ () C:\Users\usuario\AppData\Local\RHQEYTDUENRUDEBDSKKD.zip
      2016-11-06 02:27 - 2016-11-06 02:27 - 0000000 _____ () C:\Users\usuario\AppData\Local\sorrizo

      Some files in TEMP:
      ====================
      C:\Users\usuario\AppData\Local\Temp\0195511478478723mcinst.exe
      C:\Users\usuario\AppData\Local\Temp\avguirn_081738029207.exe
      C:\Users\usuario\AppData\Local\Temp\libeay32.dll
      C:\Users\usuario\AppData\Local\Temp\msvcr120.dll
      C:\Users\usuario\AppData\Local\Temp\sqlite3.dll


      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


      LastRegBack: 2016-10-29 21:39

      ==================== End of FRST.txt ============================

    6. #6
      Usuario Avatar de 0Dard
      Registrado
      nov 2016
      Ubicación
      Chile
      Mensajes
      5

      Re: Virus de severidad de información

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
      Ran by usuario (06-11-2016 23:32:52)
      Running from C:\Users\usuario\Desktop
      Windows 8.1 Single Language (Update) (X64) (2016-07-11 23:05:49)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1957736222-3041730585-2728577965-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-1957736222-3041730585-2728577965-1004 - Limited - Enabled)
      Invitado (S-1-5-21-1957736222-3041730585-2728577965-501 - Limited - Disabled)
      usuario (S-1-5-21-1957736222-3041730585-2728577965-1002 - Administrator - Enabled) => C:\Users\usuario

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: AVG Internet Security (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: AVG Internet Security (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
      7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
      Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
      Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
      Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
      Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
      Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
      ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)
      Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.1 - Amazon)
      AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
      AVG (Version: 16.101.7752 - AVG Technologies) Hidden
      AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
      AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies)
      AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
      Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
      Borderlands 2 GOTY versión 1.8.2 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2 - 2K Games)
      Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
      Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
      Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
      Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
      CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
      CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
      CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
      CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
      CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
      D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
      DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.1.0425 - Disc Soft Ltd)
      Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
      DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
      Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
      Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
      FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
      Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
      Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
      Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
      Gurobi 6.5.2 (64 bit) (HKLM\...\{9CCDB53C-4BDD-EA50-7F4D-BBBBF54DA6AC}) (Version: 6.5.2.0 - Gurobi Optimization, Inc.)
      Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
      HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
      Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
      House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
      HP Documentation (HKLM-x32\...\{3BAA7681-EF42-4FEC-84FC-87BA815492A4}) (Version: 1.2.0.0 - Hewlett-Packard)
      HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
      HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
      HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.34.7 - HP Inc.)
      HP Support Solutions Framework (HKLM-x32\...\{E8FF0A82-0696-4347-B4AE-708DE306FFE9}) (Version: 12.5.32.37 - HP Inc.)
      HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
      HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
      HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
      Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
      Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
      Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
      John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
      Juegos WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
      League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
      League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
      Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
      Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
      Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
      Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
      Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
      Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
      Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
      MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
      Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Microsoft Office 365 ProPlus - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 16.0.6965.2092 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{449EFED6-5F86-4428-8EB2-3DA1F6E67CE4}) (Version: 1.20.146.0 - Microsoft)
      Move or Die (HKLM\...\Steam App 323850) (Version: - Those Awesome Guys)
      Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
      MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
      NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
      OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Nombre de su organización)
      Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2092 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2092 - Microsoft Corporation) Hidden
      Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2092 - Microsoft Corporation) Hidden
      OpenAL (HKLM-x32\...\OpenAL) (Version: - )
      Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
      Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
      PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
      Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
      Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
      Pro Evolution Soccer 2016 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNg==_is1) (Version: 1 - )
      psqlODBC_x64 (HKLM\...\{C0249921-2C35-47C1-83D8-8EABC438A96F}) (Version: 09.03.0400 - PostgreSQL Global Development Group)
      Python 2.7.12 (Anaconda2 4.1.1 64-bit) (HKLM\...\Python 2.7.12 (Anaconda2 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.)
      Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
      Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
      R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
      Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
      Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
      Resident Evil 6 / Biohazard 6 (HKLM\...\Steam App 221040) (Version: - Capcom)
      Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.)
      RStudio (HKLM-x32\...\RStudio) (Version: 0.99.903 - RStudio)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      Tableau 10.0 (10000.16.1004.1720) (HKLM-x32\...\{48c6fc68-f19f-4640-8c03-e2e17d128d06}) (Version: 10.0.1354 - Tableau Software)
      Tableau 10.0 (10000.16.1004.1720) (Version: 10.0.1354 - Tableau Software) Hidden
      Tableau Public 10.0 (10000.16.1004.1720) (HKLM-x32\...\{54dc2f60-b371-48f4-b2f4-7a1e2bd5bf83}) (Version: 10.0.1354 - Tableau Software)
      Tableau Public 10.0 (10000.16.1004.1720) (Version: 10.0.1354 - Tableau Software) Hidden
      TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
      The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
      This War of Mine (HKLM-x32\...\{5BC3A1BE-6BD2-4D7F-AF69-75B284A5B9BC}) (Version: 2.2.2.0 - None)
      Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
      Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
      Unravel™ (HKLM-x32\...\{5105E605-9EE7-4050-9CC0-005093BBF89A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
      Unreal Tournament 3: Black Edition (HKLM\...\Steam App 13210) (Version: - Epic Games, Inc.)
      Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
      Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
      Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
      Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
      WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
      Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1957736222-3041730585-2728577965-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\usuario\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
      CustomCLSID: HKU\S-1-5-21-1957736222-3041730585-2728577965-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\usuario\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0B1FEC2B-7B3A-486B-9450-82404CA0EA9B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
      Task: {0D9C721E-B7FC-4F0E-9E6F-575EAFD37BA7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
      Task: {264BE02E-B1ED-497D-A6F4-C3BB52BD08AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
      Task: {47807929-E738-48F6-B913-1B59E3F9ED64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
      Task: {52D7D215-F75D-4A7E-A8F4-0C9918CB623D} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
      Task: {56C88B76-F3CF-4095-A679-F35A2A4811B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
      Task: {5F614787-2E33-4AEB-A884-236911CE7001} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13] (Google Inc.)
      Task: {6B2733CA-86D3-4E3A-B358-EDD844A3D5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-08-23] (HP Inc.)
      Task: {6D7586CD-D339-4EC4-A0A6-EDAEFF4D165C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
      Task: {7636440D-B48E-4533-8ACE-F20DB654A647} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-04] (Microsoft Corporation)
      Task: {7EFD26CA-2E2F-4585-9F4E-A45241C4E6B0} - System32\Tasks\HPCeeScheduleForusuario => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
      Task: {85542A17-F4A4-48B7-AC9E-A0F2E8DBE81F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-04] (Microsoft Corporation)
      Task: {8D67A65B-2CEA-4A3C-B5B4-2FC002FEA718} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
      Task: {AFA11AF6-43AC-4060-B156-73B0D5E4CD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-13] (Google Inc.)
      Task: {B33C95BE-BEAE-4065-83C4-C252BE843B9F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
      Task: {B7E05B2B-B511-407E-89A4-6C3D17E58B26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-03] (Microsoft Corporation)
      Task: {C3C28E79-8CA3-4121-8568-2CCA0D6ED036} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
      Task: {C6E2D86E-A1B3-4637-8734-13EFED16FFB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-04] (Microsoft Corporation)
      Task: {DF0192DF-7019-4389-8C3C-DCF5423FB9B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
      Task: {E4C24008-3432-47A9-86E5-EBD35D2F5862} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-29] (Adobe Systems Incorporated)
      Task: {EA4ACECD-072A-42E7-94B5-C4F72CE544DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
      Task: {FE29A9A5-FB7F-4D1B-A927-405B65DC054D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-29] (Adobe Systems Incorporated)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
      Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\HPCeeScheduleForusuario.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============

      2014-03-28 08:31 - 2014-03-28 08:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
      2014-03-28 08:27 - 2014-03-28 08:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
      2014-03-28 08:27 - 2014-03-28 08:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
      2014-03-28 08:27 - 2014-03-28 08:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
      2014-03-28 08:48 - 2014-03-28 08:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
      2014-03-28 08:48 - 2014-03-28 08:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
      2014-04-17 10:38 - 2014-04-17 10:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
      2014-04-17 10:37 - 2014-04-17 10:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
      2016-11-06 15:43 - 2015-04-07 10:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\usuario\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
      DNS Servers: Media is not connected to internet.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
      FirewallRules: [{97DDF4D6-55FA-45D2-8B65-E230DF684AB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{08358784-9699-4D82-843A-FF709C714D97}] => (Allow) LPort=2869
      FirewallRules: [{99CBE4AC-00C0-4F98-A5BC-DBBB69756C4F}] => (Allow) LPort=1900
      FirewallRules: [{0FDB8CDE-8DFF-4090-A683-B197B276A31C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{7DDE2419-C8FD-4625-AE2A-0EFE78965587}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{241D9599-444A-4BD2-B8FA-710FDA261FC9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{C808F1DA-3E7B-4BDE-8749-CF5DEF77C889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{7E584E2C-9C27-4540-A780-7CC12C83E2DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
      FirewallRules: [{099F9595-0BD5-47C4-9441-6A5153F8CECD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
      FirewallRules: [{82078718-35E9-44C3-9497-CF651B44D44A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
      FirewallRules: [{87287651-BCF2-47C0-A6F1-E06D7D9AF683}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
      FirewallRules: [{B5E3DF49-F1E8-488A-8789-773B44D90B39}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{17EE0A94-80A5-4D13-B540-FE91A7524F98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{E79FEA3A-2964-4E32-8EB9-6EF69A6F073B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
      FirewallRules: [{E9801C4D-92C9-4DCC-B12F-08E3BABDCF21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
      FirewallRules: [{19FC2F96-A977-43CD-B848-4CD97EC75B43}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
      FirewallRules: [{D2DF1D40-C521-4810-B5FA-7659A75E8ED9}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
      FirewallRules: [{F0D76830-8454-4815-A601-27DE46CD1534}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
      FirewallRules: [{1CD4AF10-7D6B-4ACF-AF55-D5C8A22A678B}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
      FirewallRules: [{A65D28E5-4C5C-42DD-B818-BAC43EF292DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
      FirewallRules: [{EBBD3953-743B-425F-96BC-3C24C1AFFB66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
      FirewallRules: [{6C8840C4-83B8-4EE6-B31D-67C657F84398}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
      FirewallRules: [{7D4DB5EA-BE28-4431-A3D8-B330A977BB7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
      FirewallRules: [{E75D32F9-3209-4053-A372-4D3ACA89992F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
      FirewallRules: [{B660151C-E139-4071-9734-CE7490191F44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\MoveOrDie.exe
      FirewallRules: [{E3B9D72F-7494-4B4A-A04C-4B0912D04ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
      FirewallRules: [{36EAC187-8ACC-42E1-A3DB-2CC3A3457796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Move or Die\Editor.exe
      FirewallRules: [{65E5D236-DCFC-4A00-B5F1-B253383F3443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
      FirewallRules: [{2F2D2EE6-4EAC-4B02-80BF-36EC4E436BF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
      FirewallRules: [{B7D9FF9C-3156-4094-A4E7-222795F27F1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{8ECDB764-0587-409E-BE84-82EE88DEFBB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
      FirewallRules: [{98BC9D75-889B-4606-A651-48AF0C16FA08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{EA66CE9E-CA98-4A59-BFAF-2B177DAA7FD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
      FirewallRules: [{3BC692DF-D187-40A5-A83C-8B1385D2AC27}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
      FirewallRules: [{4FE2FC1D-3EFE-4133-A8C2-08EDC9478868}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect\Binaries\MassEffect.exe
      FirewallRules: [{971EA781-C8D7-4139-B3E2-CDFDF0F0AD9E}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
      FirewallRules: [{D8D0A99F-55B3-43E5-8132-13D36DE912D3}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
      FirewallRules: [{99DAF0E6-6238-4FDC-B81D-EF040F8072D6}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
      FirewallRules: [{35B3500C-E922-447F-9549-8CF8D829181A}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
      FirewallRules: [{F7E49924-19D1-441C-8E08-71F074777EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
      FirewallRules: [{35C320AE-9FF4-436A-9036-3B8315130FA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
      FirewallRules: [{4EDFD37F-34A2-414F-948D-1C3D545BEBB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
      FirewallRules: [{1F7C6FC1-428E-436D-902B-A17AC737BA80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
      FirewallRules: [{A51E383F-EE9F-4186-98FE-F2337465392B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
      FirewallRules: [{FFDAC42E-2962-44AF-B1CD-CFBD3914E93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
      FirewallRules: [{A31C7382-1979-45B5-A486-FF7B24568273}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
      FirewallRules: [{4F766DDE-59B6-40EB-AB1E-D4DA5A259B39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{865B1A96-11FF-435E-BDEC-E6136E986A6D}C:\program files (x86)\pro evolution soccer 2016\pes2016.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2016\pes2016.exe
      FirewallRules: [UDP Query User{E787DC94-545E-41DA-8A6C-53A98311CB2B}C:\program files (x86)\pro evolution soccer 2016\pes2016.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2016\pes2016.exe
      FirewallRules: [{68627B0F-0C09-45DA-8F8B-334DCEC231A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
      FirewallRules: [{3E6EBF56-4976-4E2C-B146-668EB355C5D4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
      FirewallRules: [{750A674E-A470-43DC-9E6C-E4F6730C56B3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
      FirewallRules: [{E36FAD08-6EDF-4789-88D9-AD034AD3116A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
      FirewallRules: [{E4BF5170-872B-48A1-B3E7-C7567C2CD58D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
      FirewallRules: [{D1E91413-D524-4CA6-8742-39471D3B4148}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
      FirewallRules: [{F2EFBBEB-A33C-4CCF-BEB9-EC0C943DEA1D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
      FirewallRules: [{68F42748-F064-42FB-9936-E0BBB4369AE3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

      ==================== Restore Points =========================

      25-10-2016 23:28:39 Tableau Public 10.0 (10000.16.0917.1429)
      28-10-2016 21:40:04 Tableau Public 10.0 (10000.16.1004.1720)
      03-11-2016 19:11:55 Installed Arena_x64.
      06-11-2016 02:53:13 Installed AVG 2016
      06-11-2016 23:24:45 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/06/2016 11:11:40 PM) (Source: SideBySide) (EventID: 63) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll". Error en el archivo de manifiesto o directiva "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll" en la línea 9.
      El valor "x64" del atributo "processorArchitecture" del elemento "assemblyIdentity" no es válido.

      Error: (11/06/2016 11:11:26 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: svchost.exe_PcaSvc, versión: 6.3.9600.17415, marca de tiempo: 0x54504177
      Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.18438, marca de tiempo: 0x57ae642e
      Código de excepción: 0xc0000008
      Desplazamiento de errores: 0x00000000000925fa
      Identificador del proceso con errores: 0x1ff4
      Hora de inicio de la aplicación con errores: 0x01d23897d597a5b9
      Ruta de acceso de la aplicación con errores: C:\Windows\system32\svchost.exe
      Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
      Identificador del informe: 7c121ff9-a48f-11e6-82a0-acb57d0acf4d
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (11/06/2016 11:11:23 PM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/06/2016 10:41:34 PM) (Source: SideBySide) (EventID: 63) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll". Error en el archivo de manifiesto o directiva "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll" en la línea 9.
      El valor "x64" del atributo "processorArchitecture" del elemento "assemblyIdentity" no es válido.

      Error: (11/06/2016 10:41:17 PM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/06/2016 10:40:01 PM) (Source: SideBySide) (EventID: 63) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll". Error en el archivo de manifiesto o directiva "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll" en la línea 9.
      El valor "x64" del atributo "processorArchitecture" del elemento "assemblyIdentity" no es válido.

      Error: (11/06/2016 10:39:50 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: svchost.exe_PcaSvc, versión: 6.3.9600.17415, marca de tiempo: 0x54504177
      Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.18438, marca de tiempo: 0x57ae642e
      Código de excepción: 0xc0000008
      Desplazamiento de errores: 0x00000000000925fa
      Identificador del proceso con errores: 0x730
      Hora de inicio de la aplicación con errores: 0x01d23889f2e235a3
      Ruta de acceso de la aplicación con errores: C:\Windows\System32\svchost.exe
      Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
      Identificador del informe: 11fb2dd5-a48b-11e6-82a0-acb57d0acf4d
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (11/06/2016 10:39:46 PM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/06/2016 10:37:46 PM) (Source: SideBySide) (EventID: 63) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll". Error en el archivo de manifiesto o directiva "C:\Program Files\R\R-3.3.1\Tcl\bin64\tk85.dll" en la línea 9.
      El valor "x64" del atributo "processorArchitecture" del elemento "assemblyIdentity" no es válido.

      Error: (11/06/2016 10:35:34 PM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.


      System errors:
      =============
      Error: (11/06/2016 11:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Origin Web Helper Service no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/06/2016 11:20:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Origin Web Helper Service.

      Error: (11/06/2016 11:17:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
      Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error:
      Ya se está ejecutando una instancia de este servicio.

      Error: (11/06/2016 11:16:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Disc Soft Ultra Bus Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/06/2016 11:16:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio HP Support Solutions Framework Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/06/2016 11:16:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

      Error: (11/06/2016 11:16:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

      Error: (11/06/2016 11:16:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio Hi-Rez Studios Authenticate and Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/06/2016 11:16:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio vToolbarUpdater40.3.6 se terminó de manera inesperada. Esto ha sucedido 1 veces.

      Error: (11/06/2016 11:16:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: El servicio HPWMISVC se terminó de manera inesperada. Esto ha sucedido 1 veces.


      CodeIntegrity:
      ===================================
      Date: 2016-11-06 23:27:28.935
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:28.154
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:27.326
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:26.482
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:25.591
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:24.591
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:23.715
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:22.793
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:21.965
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-11-06 23:27:21.153
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


      ==================== Memory info ===========================

      Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
      Percentage of memory in use: 38%
      Total physical RAM: 3528.98 MB
      Available physical RAM: 2181.61 MB
      Total Virtual: 7112.98 MB
      Available Virtual: 5589.45 MB

      ==================== Drives ================================

      Drive c: (Windows) (Fixed) (Total:442.74 GB) (Free:241.71 GB) NTFS
      Drive d: (RECOVERY) (Fixed) (Total:22 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 465.8 GB) (Disk ID: A50C2A5E)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    7. #7
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      22.431

      Re: Virus de severidad de información

      Bien...... y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :


      • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

      Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

      Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8 >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad: (Se excluye la palabra código)

      Código:
      START
      CREATERESTOREPOINT:
      CLOSEPROCESSES:
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\Run: [AdobeBridge] => [X]
      HKU\S-1-5-21-1957736222-3041730585-2728577965-1002\...\MountPoints2: {8f15fbb3-5139-11e6-8268-acb57d0acf4d} - "F:\setup.exe"
      BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
      CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-06]
      2016-10-05 23:05 - 2016-10-05 23:05 - 0007606 _____ () C:\Users\usuario\AppData\Local\Resmon.ResmonCfg
      2016-11-06 02:26 - 2016-11-06 02:26 - 6212994 _____ () C:\Users\usuario\AppData\Local\RHQEYTDUENRUDEBDSKKD.zip
      2016-11-06 02:27 - 2016-11-06 02:27 - 0000000 _____ () C:\Users\usuario\AppData\Local\sorrizo
      C:\Users\usuario\AppData\Local\Temp\0195511478478723mcinst.exe
      C:\Users\usuario\AppData\Local\Temp\avguirn_081738029207.exe
      C:\Users\usuario\AppData\Local\Temp\libeay32.dll
      C:\Users\usuario\AppData\Local\Temp\msvcr120.dll
      C:\Users\usuario\AppData\Local\Temp\sqlite3.dll
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio <<< Esto es muy importante.

      Nota: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo



      • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas "Ejecutar como Administrador")
      • Presionar el botón FIX y aguardar a que termine.
      • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).


      Pegar el contenido de este fichero en tu próxima respuesta.

      Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.