• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    Malware Delaton

    Buenas noches, tengo un problema con un malware que me para direccionando mis paginas que quiero abrir, la página que sale inicialmente es delaton.com y me direciona a otras pagína, ayuda por favor. El resultado ...

    1. #1
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Malware Delaton

      Buenas noches, tengo un problema con un malware que me para direccionando mis paginas que quiero abrir, la página que sale inicialmente es delaton.com y me direciona a otras pagína, ayuda por favor. El resultado del scan con Infospyware es:

      Código:
      ~~~~~~~~~~~| Inicio: 
      
      *IFS (InfoSpyware First Steps) v 1.3
      *www.InfoSpyware.com | www.ForoSpyware.com
      *Iniciado: 03/11/2017 a las 23h.51m.14s
      
      ~~~~~~~~~~~|  Información del Sistema:
      
      OS: Microsoft Windows 8.1 x64 
      Idioma: Spanish (Peru) (Peru|es-PE)
      Permisos de Administrador / ON
      Windows se Inició en   Modo Normal
      Drive: C:\WINDOWS (Install: \Device\HarddiskVolume4)
      
      ~~~~~~~~~~~| Arquitectura Fisica:
      
      CPU: Acer
      CPU Modelo: Aspire ZS600
      Procesador: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (x64-BasedPC)
      Memoria RAM: 6 Gb. En Uso: 60 %
      Video: Intel(R) HD Graphics
      Chip: Intel(R) HD Graphics Family Capacidad video:-1984 MB (Internal)
      
      ~~~~~~~~~~~| Unidades
      
      C: [FIXED|NTFS|Acer] - [915.4 Gb][528.2 Gb][387.2 Gb]
      E: [REMOVABLE|FAT32|] - [3.7 Gb][1.3 Gb][2.3 Gb]
      F: [REMOVABLE|FAT32|ADATA UFD] - [7.0 Gb][1.3 Gb][5.9 Gb]
      D: [CDROM]
      C:\ Fragmentación total 4.73% - Correcto
      
      ~~~~~~~~~~~| Seguridad del SO
      
      SafeBoot: Inicio en Modo seguro Correcto
      Security Center: Correcto (Servicio Activo)
      Windows Update: Correcto (Servicio Activo) [LST: 2017-09-12 00:45:38][LD: 2017-09-13 23:13:03][LI: 2017-09-14 12:04:10][NDT: 2017-11-04 03:52:40]
      AV: Avast Antivirus *Protección Residente [ON] / Actualizado*
      AV: Windows Defender *Protección Residente [OFF] / Actualizado*
      AV: Malwarebytes *Protección Residente [OFF] / Actualizado*
      AV: AVG Internet Security 2015 *Protección Residente [OFF] / Actualizado*
      SP: Malwarebytes *Protección Residente [OFF] / Actualizado*
      SP: Windows Defender *Protección Residente [OFF] / Actualizado*
      SP: AVG Internet Security 2015 *Protección Residente [OFF] / Actualizado*
      SP: Avast Antivirus *Protección Residente [ON] / Actualizado*
      FW: AVG update module *Protección Residente [OFF]*
      FW: Windows Firewall *Habilitado*
      
      ~~~~~~~~~~~|  Update Check
      
      Internet Explorer Versión Instalada 11
      Mozilla FireFox Versión Instalada 43.0.1
      Google Chrome Versión Instalada 61.0.3163.100
      Microsoft SilverLigth Versión instalada 5.1.50907.0
      
      ~~~~~~~~~~~| Process List 
      
      MBAMTray.exe (Malwarebytes Anti-Malware)
      MBAMservice.exe (Malwarebytes Anti-Malware)
      avastUI.exe (Productos Alwil Software Avast4)
      
      ~~~~~~~~~~~| Install Check 
      
      
      Avast Free Antivirus [17.7.2314]
      AVG 2015 [2015.0.6125]
      CCleaner [4.17]
      SUPERAntiSpyware [6.0.1250]
      
      ~~~~~~~~~~~| Registry Check
      
      HKLM\Run(x64): [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      HKLM\Run(x64): [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
      HKLM\Run(x64): [Soluto] C:\Program Files\Soluto\soluto.exe /init
      HKLM\Run(x64): [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
      HKLM\Run(x64): [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      HKLM\Run(x64): [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
      HKLM\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      HKLM\Run: [Launcher6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
      HKLM\Run: [6015N RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
      HKLM\Run: [StatusAutoRun6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
      HKLM\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
      HKLM\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
      HKLM\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      HKLM\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      Winlogon(x64): Shell = explorer.exe
      Winlogon: Shell = explorer.exe
      Userinit(x64): Userinit = C:\WINDOWS\System32\Userinit.exe,
      Userinit: Userinit = C:\WINDOWS\System32\Userinit.exe,
      
      [HKCR\.\.open\command] -> Navegador Preferido es Internet Explorer
      StarPage:about:blank
      StarPage:about:blank
      
      ~~~~~~~~~~~| PUPs Check
      
      
      ~~~~~~~~~~~| Listado 30 Días
      
      [02/11/2017 20:03] - C:\WINDOWS\V3Inst.log
      [03/11/2017 01:04] - C:\2cbb437bc4a81644a54b681121
      [03/11/2017 23:50] - C:\FSTool
      [03/11/2017 23:51] - C:\IFS.log
      [03/11/2017 21:57] - C:\SUPERDelete
      
      ~~~~~~~~~~~| C:\WINDOWS\Tasks:
      
      [03/11/2017 21:55] - C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 5ca4fd06-aff0-45c6-be9f-22f7c523110f.job
      [03/11/2017 21:55] - C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 976d2597-aef7-4dc2-8d42-d44a4c9ef7c5.job
      
      ~~~~~~~~~~~| End Report
      *Finalizado 00:09:18
      *Se limpiaron los archivos temporales
      *[1599815] C:\Users\Vito\Downloads\IFS.exe
      *Herramienta de Análisis e investigación
      Gracias

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.998

      Re: Malware Delaton

      Hola vitocerron


      Tienes instalados Avast y AVG más activado Windows Defender, pueden crear un caos en tu equipo, dime con cual te quieres crear, que sea legítimo.
      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Sigo con el problema del direccionamiento, este es el resultado

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 3/11/17
      Hora del análisis: 21:09
      Archivo de registro: 04112017.txt
      Administrador: Sí

      -Información del software-
      Versión: 3.0.6.1469
      Versión de los componentes: 1.0.50
      Versión del paquete de actualización: 1.0.1064
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 8.1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: VCCTRANSPORTES\Vito

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 451844
      Tiempo transcurrido: 23 min, 52 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Activado
      PUM: Activado

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 1
      PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WinZip Driver Updater, En cuarentena, [267], [349013],1.0.1064

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 4
      PUP.Optional.MultiPlug.Gen, C:\PROGRAMDATA\5104198175970670796, En cuarentena, [8263], [234616],1.0.1064
      PUP.Optional.MultiPlug, C:\PROGRAMDATA\HFOHJOPHGJALBHDOKKGIGHFLDEAEDGDF, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.BestAdBlocker, C:\PROGRAM FILES (X86)\BESTADBLOCKER, En cuarentena, [16653], [235746],1.0.1064
      PUP.Optional.PriceChop, C:\PROGRAM FILES (X86)\PRICECCHHOP, En cuarentena, [17092], [241924],1.0.1064

      Archivo: 13
      PUP.Optional.MultiPlug.Gen, C:\PROGRAMDATA\5104198175970670796\3E00A84265564E8637B071A4520F5477.INI, En cuarentena, [8263], [234616],1.0.1064
      PUP.Optional.MultiPlug.Gen, C:\ProgramData\5104198175970670796\253dfe788a14415137b071a4520f5477.ini, En cuarentena, [8263], [234616],1.0.1064
      PUP.Optional.MultiPlug.Gen, C:\ProgramData\5104198175970670796\65a778e8018028f537b071a4520f5477.ini, En cuarentena, [8263], [234616],1.0.1064
      PUP.Optional.MultiPlug, C:\PROGRAMDATA\HFOHJOPHGJALBHDOKKGIGHFLDEAEDGDF\LSDB.JS, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.MultiPlug, C:\ProgramData\hfohjophgjalbhdokkgighfldeaedgdf\background.html, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.MultiPlug, C:\ProgramData\hfohjophgjalbhdokkgighfldeaedgdf\content.js, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.MultiPlug, C:\ProgramData\hfohjophgjalbhdokkgighfldeaedgdf\manifest.json, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.MultiPlug, C:\ProgramData\hfohjophgjalbhdokkgighfldeaedgdf\ZsybdvxK.js, En cuarentena, [191], [233502],1.0.1064
      PUP.Optional.BestAdBlocker, C:\PROGRAM FILES (X86)\BESTADBLOCKER\B57XFGSGY4TVQJ.TLB, En cuarentena, [16653], [235746],1.0.1064
      PUP.Optional.BestAdBlocker, C:\Program Files (x86)\bestadblocker\B57xfgsgy4tvQj.dat, En cuarentena, [16653], [235746],1.0.1064
      PUP.Optional.PriceChop, C:\PROGRAM FILES (X86)\PRICECCHHOP\XHGIOYFAHZJISI.TLB, En cuarentena, [17092], [241924],1.0.1064
      PUP.Optional.PriceChop, C:\Program Files (x86)\PriceCChhop\xHgIoyfaHZjiSi.dat, En cuarentena, [17092], [241924],1.0.1064
      PUP.Optional.Linkey, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\BROWSE AND SEARCH THE INTERNET.LNK, En cuarentena, [6623], [190090],1.0.1064

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)



      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 8.1 x64
      Ran by Vito (Administrator) on 04/11/2017 at 10:27:31.88
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 3

      Successfully deleted: C:\ProgramData\Avg_Update_0615av (Folder)
      Successfully deleted: C:\ProgramData\mntemp (File)
      Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 04/11/2017 at 10:31:01.04
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



      # AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 04 15:36:47 2017
      # Updated on 2017/27/10 by Malwarebytes
      # Database: 11-03-2017.2
      # Running on Windows 8.1 (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      PUP.Optional.Legacy, C:\Program Files (x86)\lu365
      PUP.Optional.Legacy, C:\Program Files (x86)\blazers


      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\autos.trovit.com.pe
      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\totalrecipesearch.dl.tb.ask.com
      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com.pe
      PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
      PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\VNT
      PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\VNT
      PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {FE69C007-C452-4D3E-86D2-1730DF8BC871}
      PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ApnTBMon
      PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
      PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
      PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
      PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
      PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
      PUP.Optional.WinZipDriverUpdater, [Key] - HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\Software\Nico Mak Computing\WinZip Driver Updater
      PUP.Optional.WinZipDriverUpdater, [Key] - HKCU\Software\Nico Mak Computing\WinZip Driver Updater
      PUP.Optional.MultiPlug, [Key] - HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
      PUP.Optional.MultiPlug, [Key] - HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [7749 B] - [2015/2/21 2:41:23]
      C:/AdwCleaner/AdwCleaner[S1].txt - [3472 B] - [2015/5/26 4:43:22]
      C:/AdwCleaner/AdwCleaner[S2].txt - [1657 B] - [2015/5/28 2:12:19]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########



      Desactive AVG que solo estaba una parte activado, ahora estoy utilizando avast free antivirus. Sigo con el direcionamiento de las paginas en chrome.

      Gracias por la respuesta

    4. #4
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Adicional, ya se contamino mi otra laptop y mi celular. Esto si me esta causando problemas.

    5. #5
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.998

      Re: Malware Delaton

      Hola

      Si también le ocurre a otra PC y móvil entonces el problema es el router/modem.

      Realiza los pasos que se indican en esta guía >> Guía para cambiar las DNSs

      Nos comentas como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Buenas noches, parecia que ya se habia resuelto el problema, apague el equipoc y al volver nuevamente me salen estas dos paginas:

      http://d2.zedo.com/jsc/d2/ff2.html?n...siteid:1410276
      Redirect

      que luego me direccionan a otras páginas.

      Gracias por su ayuda

    7. #7
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.998

      Re: Malware Delaton

      Hola

      Realizaste los pasos que te indiqué para cambiar las DNSs?

      Con ello se solucionó temporalmente? Reseteaste el router?

      En los demás dispositivos también sigue el problema?

      Como te dije ... si el problema está en todos los dispositivos la causa debe estar en el router.

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Buenas tarde, se realizo todos los pasos, parecia que se habia solucionado, apague la computadora y cuando lo volvi a prender comenzo nuevamente el problema. En mi otra laptop sigue el problema, en el celular ya deje de entrar a paginas del chromo por ese problema.
      Tengo un modem Billion de Telefónica y un WIFI DLINK DIR-820L.

      Le adjunto el primer txt.

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
      Ran by Vito (administrator) on VCCTRANSPORTES (06-11-2017 18:38:02)
      Running from C:\Users\Vito\Desktop
      Loaded Profiles: Vito (Available Profiles: Vito)
      Platform: Windows 8.1 (Update) (X64) Language: Inglés (Estados Unidos)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
      (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
      (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
      (PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe
      (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
      (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
      (Soluto) C:\Program Files\Soluto\SolutoService.exe
      (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
      () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
      (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
      (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
      (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
      (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Soluto) C:\Program Files\Soluto\Soluto.exe
      (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
      () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmw.exe
      () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
      HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
      HKLM\...\Run: [Soluto] => C:\Program Files\Soluto\soluto.exe [1177120 2012-11-16] (Soluto)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-02] (AVAST Software)
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
      HKLM-x32\...\Run: [Launcher6015N] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2571264 2011-05-19] (Xerox)
      HKLM-x32\...\Run: [6015N RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2012-01-03] ()
      HKLM-x32\...\Run: [StatusAutoRun6015N] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4476928 2012-01-03] ()
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-06-18] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {06bc87c3-0101-11e6-8904-2016d8d4f5f6} - "F:\LGAutoRun.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {14ac7851-788d-11e7-8d7b-2016d8d4f5f6} - "F:\HiSuiteDownLoader.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {2ef5bd7a-4f0c-11e7-8d23-2016d8d4f5f6} - "F:\HiSuiteDownLoader.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {3011f826-f773-11e6-8c27-2016d8d4d0c6} - "F:\HiSuiteDownLoader.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {33f29fb6-205d-11e5-8587-2016d8d4f5f6} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {8eadf51f-63ac-11e6-8a5c-2016d8d4f5f6} - "E:\HTC_Sync_Manager_PC.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {c32af903-ff70-11e5-8900-2016d8d4f5f6} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Start.exe
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {c9d17263-283e-11e6-8995-2016d8d4f5f6} - "F:\HTC_Sync_Manager_PC.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {e3b4adbf-4a2a-11e6-8a14-2016d8d4f5f6} - "E:\HiSuiteDownLoader.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\MountPoints2: {f535ebd6-f7be-11e6-8c2a-2016d8d4f5f6} - "F:\HiSuiteDownLoader.exe"
      BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: Hosts file not detected in the default directory
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{D4912CE5-FF00-45A7-A4C1-B0385369C225}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{D4912CE5-FF00-45A7-A4C1-B0385369C225}: [DhcpNameServer] 185.162.9.197 8.8.4.4
      Tcpip\..\Interfaces\{DD5AEA07-9A48-4C7F-A011-B01EBAABFA3F}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{FF783327-1029-46E5-B6D2-FA02949AA104}: [NameServer] 8.8.8.8,8.8.4.4

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-10-23] (Oracle Corporation)
      BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2012-11-09] (Qualcomm Atheros Commnucations)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-02] (AVAST Software)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-03] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-02] (AVAST Software)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-03] (Oracle Corporation)
      Toolbar: HKLM - TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE64.dll [2015-01-05] (NextUp.com)
      Toolbar: HKLM-x32 - TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll [2015-01-05] (NextUp.com)
      Handler: WSISVCUchrome - No CLSID Value

      FireFox:
      ========
      FF DefaultProfile: ega7txd0.default
      FF ProfilePath: C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default [2017-11-05]
      FF Extension: (Avira Browser Safety) - C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default\Extensions\[email protected] [2017-11-05]
      FF Extension: (MEGA) - C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default\Extensions\[email protected] [2015-12-03] [not signed]
      FF Extension: (PRiceChop) - C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default\Extensions\[email protected] [2015-10-01] [not signed]
      FF Extension: (SoundCloud Sounds in Google Mail™) - C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default\Extensions\[email protected] [2016-06-19]
      FF Extension: (bestadblocker) - C:\Users\Vito\AppData\Roaming\Mozilla\Firefox\Profiles\ega7txd0.default\Extensions\[email protected] [2015-10-01] [not signed]
      FF HKLM-x32\...\Firefox\Extensions: [{4ba57eab-93a9-4b0f-90d4-414773f8ef5c}] - C:\Program Files (x86)\TextAloud\TAForFirefox
      FF Extension: (TextAloud 3 Toolbar) - C:\Program Files (x86)\TextAloud\TAForFirefox [2016-01-16] [not signed]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi
      FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi [2016-04-10]
      FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-03] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-03] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-1682400155-3688040352-2478644615-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Vito\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

      Chrome:
      =======
      CHR HomePage: Default -> hxxps://www.google.com.pe/
      CHR StartupUrls: Default -> "hxxps://www.google.com/"
      CHR Profile: C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
      CHR Extension: (YouTube) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
      CHR Extension: (Búsqueda de Google) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
      CHR Extension: (mydlink services plugin) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2017-11-06]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
      CHR Extension: (Chrome Media Router) - C:\Users\Vito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
      CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-11-02] (AVAST Software s.r.o.)
      R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-02] (AVAST Software)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-05-19] ()
      S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-29] (BlueStack Systems, Inc.)
      R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-29] (BlueStack Systems, Inc.)
      S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-29] (BlueStack Systems, Inc.)
      R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-09] (Acer Incorporated)
      S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [664288 2012-12-13] (Acer Incorporated)
      R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
      R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [0 2014-02-22] () <==== ATTENTION (zero byte File/Folder)
      R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
      R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
      R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
      R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1800832 2012-10-01] (Microsoft Corporation)
      R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-04-11] (Geek Software GmbH)
      R2 PGService; C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe [53616 2012-08-22] (PointGrab LTD)
      R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [186912 2012-11-16] (Soluto)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
      R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
      R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95744 2012-01-03] () [File not signed]

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-11-02] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-11-02] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-11-02] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-11-02] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-11-02] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-11-02] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-11-02] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-11-02] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-11-02] (AVAST Software)
      R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-11-02] (AVAST Software)
      R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-11-02] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-11-02] (AVAST Software)
      S3 blackberryncm; C:\WINDOWS\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
      S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
      S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-27] (Bluestack System Inc. )
      S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
      R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2016-03-08] (ITE Tech. Inc. )
      S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-06-10] (Apple Inc.) [File not signed]
      S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
      S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated)
      S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
      S3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed]
      S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
      S2 rspndr; C:\WINDOWS\system32\DRIVERS\rspndr.sys [80384 2013-08-22] () [File not signed]
      R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
      R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)
      S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
      S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
      S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
      S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-06 18:38 - 2017-11-06 18:38 - 000025574 _____ C:\Users\Vito\Desktop\FRST.txt
      2017-11-06 18:37 - 2017-11-06 18:38 - 000000000 ____D C:\FRST
      2017-11-06 18:36 - 2017-11-06 18:32 - 002403328 _____ (Farbar) C:\Users\Vito\Desktop\FRST64.exe
      2017-11-06 18:32 - 2017-11-06 18:32 - 002403328 _____ (Farbar) C:\Users\Vito\Downloads\FRST64.exe
      2017-11-06 14:34 - 2017-11-06 14:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-11-06 07:09 - 2017-11-06 07:09 - 000000000 ____D C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
      2017-11-05 20:44 - 2017-11-05 20:44 - 000359999 _____ C:\Users\Vito\Downloads\FLUJO DE CAJA DEL INVERSIONISTA.pdf
      2017-11-05 20:42 - 2017-11-05 20:42 - 000246784 _____ C:\Users\Vito\Downloads\EvalProy.ppt
      2017-11-05 18:37 - 2017-11-05 18:37 - 000179474 _____ C:\Users\Vito\Downloads\Copia de Informe_4_vs 6.xlsx
      2017-11-05 18:37 - 2017-11-05 18:37 - 000179315 _____ C:\Users\Vito\Downloads\Informe_4_vs 5.xlsx
      2017-11-05 17:42 - 2017-11-05 17:42 - 000792654 _____ C:\Users\Vito\Downloads\informe-4-evaluacion-economica-financiera-parte-4.pptx
      2017-11-05 10:02 - 2017-11-05 10:02 - 000012186 _____ C:\Users\Vito\Desktop\cc_20171105_100201.reg
      2017-11-05 10:02 - 2017-11-05 10:02 - 000000294 _____ C:\Users\Vito\Desktop\cc_20171105_100215.reg
      2017-11-05 10:02 - 2017-11-05 10:02 - 000000176 _____ C:\Users\Vito\Desktop\cc_20171105_100229.reg
      2017-11-05 09:58 - 2017-11-05 09:58 - 000000971 _____ C:\Users\Vito\Desktop\IF-DNS.txt
      2017-11-05 09:58 - 2017-11-05 09:58 - 000000971 _____ C:\IF-DNS.txt
      2017-11-05 09:13 - 2017-11-05 09:13 - 000341794 _____ C:\Users\Vito\Downloads\IF-DNS.exe
      2017-11-05 00:43 - 2017-11-05 00:52 - 000179279 _____ C:\Users\Vito\Downloads\Informe_4_vs 4.xlsx
      2017-11-04 23:49 - 2017-11-04 23:49 - 000177563 _____ C:\Users\Vito\Downloads\Informe_4_vs 3.xlsx
      2017-11-04 23:44 - 2017-11-04 23:44 - 007196160 _____ C:\Users\Vito\Downloads\COSTOS_PRODUCCION CERAMICA.xls
      2017-11-04 21:37 - 2017-11-04 21:37 - 000172792 _____ C:\Users\Vito\Downloads\Copia de Informe_4_vs2 (1).xlsx
      2017-11-04 18:23 - 2017-11-04 18:23 - 000000000 ____D C:\ProgramData\Sophos
      2017-11-04 18:09 - 2017-11-04 18:16 - 179498568 _____ (Sophos Limited) C:\Users\Vito\Downloads\Sophos Virus Removal Tool.exe
      2017-11-04 17:26 - 2015-09-14 13:03 - 000039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
      2017-11-04 17:23 - 2017-11-04 17:24 - 038186040 _____ (Panda Security ) C:\Users\Vito\Downloads\PandaCloudCleaner (1).exe
      2017-11-04 12:09 - 2017-11-04 12:09 - 000000016 _____ C:\ProgramData\mntemp
      2017-11-04 12:08 - 2017-11-04 12:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
      2017-11-04 11:22 - 2017-11-04 11:22 - 002645240 _____ (Panda Security S.L.) C:\Users\Vito\Downloads\PandaCloudCleanerUSB.exe
      2017-11-04 10:57 - 2017-11-04 10:57 - 000000162 ____H C:\Users\Vito\Desktop\~$wCleaner[S3] 04112017.txt
      2017-11-04 10:57 - 2017-11-04 10:57 - 000000162 ____H C:\Users\Vito\Desktop\~$JRT.txt
      2017-11-04 10:56 - 2017-11-04 10:56 - 000003611 _____ C:\Users\Vito\Desktop\04112017.txt
      2017-11-04 10:56 - 2017-11-04 10:56 - 000000162 ____H C:\Users\Vito\Desktop\~$T 04112017.txt
      2017-11-04 10:56 - 2017-11-04 10:56 - 000000162 ____H C:\Users\Vito\Desktop\~$112017.txt
      2017-11-04 10:51 - 2017-11-04 10:51 - 000000172 _____ C:\Users\Vito\Desktop\cc_20171104_105118.reg
      2017-11-04 10:50 - 2017-11-04 10:50 - 000008340 _____ C:\Users\Vito\Desktop\cc_20171104_105040.reg
      2017-11-04 10:49 - 2017-11-04 10:49 - 000189504 _____ C:\Users\Vito\Desktop\cc_20171104_104947.reg
      2017-11-04 10:42 - 2017-11-04 10:42 - 000003247 _____ C:\Users\Vito\Desktop\AdwCleaner[C0]04112017 2.txt
      2017-11-04 10:37 - 2017-11-04 10:37 - 000003370 _____ C:\Users\Vito\Desktop\AdwCleaner[S3] 04112017.txt
      2017-11-04 10:33 - 2017-11-04 10:33 - 008261584 _____ (Malwarebytes) C:\Users\Vito\Downloads\AdwCleaner (2).exe
      2017-11-04 10:31 - 2017-11-04 10:31 - 000000742 _____ C:\Users\Vito\Desktop\JRT.txt
      2017-11-04 10:31 - 2017-11-04 10:31 - 000000742 _____ C:\Users\Vito\Desktop\JRT 04112017.txt
      2017-11-04 10:25 - 2017-11-04 10:25 - 001790024 _____ (Malwarebytes) C:\Users\Vito\Downloads\JRT (2).exe
      2017-11-04 09:13 - 2017-11-04 09:48 - 000000000 ____D C:\ProgramData\Avg
      2017-11-04 09:12 - 2017-11-04 09:13 - 003449448 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Vito\Downloads\Antivirus_Free_1856.exe
      2017-11-04 08:31 - 2017-11-04 09:12 - 000000000 ____D C:\AVG_Remover
      2017-11-04 08:29 - 2017-11-04 08:30 - 007986864 _____ ( ) C:\Users\Vito\Downloads\AVG_Remover.exe
      2017-11-04 00:07 - 2017-11-04 00:07 - 003936376 _____ (Google) C:\Users\Vito\Downloads\chrome_cleanup_tool.exe
      2017-11-03 23:50 - 2017-11-04 00:09 - 000000000 ____D C:\FSTool
      2017-11-03 23:50 - 2017-11-03 23:50 - 001599815 _____ C:\Users\Vito\Downloads\IFS.exe
      2017-11-03 23:21 - 2017-11-03 23:21 - 000165852 _____ C:\Users\Vito\Downloads\Copia de Informe_4_vs1-1.xlsx
      2017-11-03 23:20 - 2017-11-03 23:20 - 000172792 _____ C:\Users\Vito\Downloads\Copia de Informe_4_vs2.xlsx
      2017-11-03 23:17 - 2017-11-03 23:17 - 000000000 ____D C:\Users\Vito\AppData\Local\ESET
      2017-11-03 22:55 - 2017-11-03 23:07 - 006974584 _____ (ESET spol. s r.o.) C:\Users\Vito\Downloads\esetonlinescanner_esl.exe
      2017-11-03 21:57 - 2017-11-03 21:57 - 000000000 ____D C:\SUPERDelete
      2017-11-03 21:52 - 2017-11-03 21:53 - 030912296 _____ (SUPERAntiSpyware) C:\Users\Vito\Downloads\SAS_943E405.EXE
      2017-11-03 21:07 - 2017-11-03 21:07 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-11-03 21:05 - 2017-11-03 21:07 - 055566792 _____ (Malwarebytes ) C:\Users\Vito\Downloads\malwarebytes-anti-malware-3-0-6-1469 (1).exe
      2017-11-03 14:49 - 2017-11-03 14:49 - 000001723 _____ C:\Users\Public\Desktop\iTunes.lnk
      2017-11-03 14:49 - 2017-11-03 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      2017-11-03 14:49 - 2017-11-03 14:49 - 000000000 ____D C:\Program Files\iPod
      2017-11-03 14:48 - 2017-11-03 14:49 - 000000000 ____D C:\Program Files\iTunes
      2017-11-03 14:47 - 2017-11-03 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
      2017-11-03 14:47 - 2017-11-03 14:47 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
      2017-11-03 01:04 - 2017-11-03 01:04 - 000000000 ____D C:\2cbb437bc4a81644a54b681121
      2017-11-03 01:02 - 2016-10-23 10:58 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
      2017-11-03 01:01 - 2017-11-03 01:03 - 025342912 _____ C:\Users\Vito\Downloads\windows8.1-kb4012213-x86_e118939b397bc983971c88d9c9ecc8cbec471b05.msu
      2017-11-03 00:13 - 2017-11-03 00:13 - 000031232 _____ C:\Users\Vito\Downloads\METODOS DE EVALUACION DE INVERSIONES.xls
      2017-11-03 00:03 - 2017-11-03 00:03 - 000311808 _____ C:\Users\Vito\Downloads\ev_privada_ilpes_-_0.ppt
      2017-11-02 22:41 - 2017-11-02 22:41 - 001568792 _____ C:\Users\Vito\Downloads\Ejemplo_2_-_Estudio_Tecnico-1 (1).pdf
      2017-11-02 22:11 - 2017-11-02 22:11 - 001568792 _____ C:\Users\Vito\Downloads\Ejemplo_2_-_Estudio_Tecnico-1.pdf
      2017-11-02 22:10 - 2017-11-02 22:11 - 008261584 _____ (Malwarebytes) C:\Users\Vito\Downloads\adwcleaner_7.0.4.0.exe
      2017-11-02 21:48 - 2017-11-02 21:48 - 000143360 _____ C:\Users\Vito\Downloads\AF_UIIICasoPracticoPresupuesto_rostein.xls
      2017-11-02 21:23 - 2017-11-02 21:23 - 000002713 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-02 21:23 - 2017-11-02 21:23 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-02 21:23 - 2017-11-02 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-02 21:19 - 2017-11-02 21:21 - 058881488 _____ (Skype Technologies S.A.) C:\Users\Vito\Downloads\SkypeSetupFull.exe
      2017-11-02 20:36 - 2017-11-02 20:36 - 000019934 _____ C:\Users\Vito\Downloads\mandatory-activity-10
      2017-11-02 20:15 - 2017-11-02 20:15 - 000000000 ____D C:\Users\Vito\AppData\Roaming\AVAST Software
      2017-11-02 20:14 - 2017-11-02 20:14 - 000001902 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-11-02 20:14 - 2017-11-02 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-11-02 20:13 - 2017-11-02 20:13 - 001029872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
      2017-11-02 20:13 - 2017-11-02 20:13 - 000003914 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2017-11-02 20:13 - 2017-11-02 20:12 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-11-02 20:13 - 2017-11-02 20:12 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-11-02 20:13 - 2017-11-02 20:11 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-11-02 20:13 - 2017-11-02 20:11 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-11-02 20:13 - 2017-11-02 20:11 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-11-02 20:13 - 2017-11-02 20:11 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-11-02 20:12 - 2017-11-02 20:12 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-11-02 20:07 - 2017-11-02 21:18 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-11-02 20:07 - 2017-11-02 20:07 - 000000000 ____D C:\Program Files\AVAST Software
      2017-11-02 20:06 - 2017-11-02 20:07 - 007161304 _____ (AVAST Software) C:\Users\Vito\Downloads\avast_free_antivirus_setup_online.exe
      2017-11-02 20:03 - 2017-11-02 20:03 - 000000000 ____D C:\ProgramData\AhnLab
      2017-11-02 20:01 - 2017-11-02 20:01 - 000164505 _____ C:\Users\Vito\Downloads\Informe_4_vs1.xlsx
      2017-11-02 20:00 - 2017-11-02 20:02 - 075388480 _____ (AhnLab, Inc.) C:\Users\Vito\Downloads\AhnLabV3InternetSecurity_8.0_Softonic.exe
      2017-11-01 13:00 - 2017-11-01 13:00 - 000091769 _____ C:\Users\Vito\Downloads\Tecnología Celular.pptx
      2017-10-29 20:16 - 2017-10-29 20:17 - 005947324 _____ C:\Users\Vito\Downloads\final-presentation-link-httpsyoutu (1).be899flemuj-m
      2017-10-29 20:16 - 2017-10-29 20:16 - 005947324 _____ C:\Users\Vito\Downloads\final-presentation-link-httpsyoutu.be899flemuj-m
      2017-10-29 18:49 - 2017-10-29 18:50 - 055014967 _____ C:\Users\Vito\Desktop\ORAL PRESENTATION 1.wmv
      2017-10-29 18:28 - 2017-11-02 19:30 - 000000000 ____D C:\ProgramData\Wondershare Player
      2017-10-29 18:27 - 2017-10-29 18:24 - 411447300 ____N C:\Users\Vito\Desktop\VID_20171029_182441.mp4
      2017-10-29 17:11 - 2017-10-29 20:07 - 005947324 _____ C:\Users\Vito\Desktop\FINAL PRESENTATION 29102017.pptx
      2017-10-29 15:49 - 2017-10-29 15:49 - 000594606 _____ C:\Users\Vito\Downloads\oral-presentation-1.pptx
      2017-10-29 15:49 - 2017-10-29 15:49 - 000243107 _____ C:\Users\Vito\Downloads\programacion-de-tareas-virtuales-y-actividades-eng-v (3).pdf
      2017-10-29 15:49 - 2017-10-29 15:49 - 000108129 _____ C:\Users\Vito\Downloads\cronograma-de-evaluaciones-virtual-2017 (1).pdf
      2017-10-26 23:28 - 2017-10-26 23:28 - 000243107 _____ C:\Users\Vito\Desktop\programacion-de-tareas-virtuales-y-actividades-eng-v (2).pdf
      2017-10-26 23:28 - 2017-10-26 23:28 - 000108129 _____ C:\Users\Vito\Desktop\cronograma-de-evaluaciones-virtual-2017.pdf
      2017-10-26 23:26 - 2017-10-26 23:26 - 000243107 _____ C:\Users\Vito\Downloads\programacion-de-tareas-virtuales-y-actividades-eng-v (2).pdf
      2017-10-26 23:26 - 2017-10-26 23:26 - 000108129 _____ C:\Users\Vito\Downloads\cronograma-de-evaluaciones-virtual-2017.pdf
      2017-10-26 22:53 - 2017-10-26 22:53 - 005992935 _____ C:\Users\Vito\Desktop\16. Manual Tributario 2016_Caballero_Bustamanteunlocked.pdf
      2017-10-26 22:41 - 2017-10-26 14:48 - 005928138 _____ C:\Users\Vito\Desktop\16. Manual Tributario 2016_Caballero_Bustamante.pdf
      2017-10-25 18:27 - 2017-10-25 18:27 - 000243107 _____ C:\Users\Vito\Downloads\programacion-de-tareas-virtuales-y-actividades-eng-v (1).pdf
      2017-10-24 19:03 - 2017-10-24 19:03 - 000243107 _____ C:\Users\Vito\Downloads\programacion-de-tareas-virtuales-y-actividades-eng-v.pdf
      2017-10-15 10:49 - 2017-10-15 10:50 - 034056574 _____ C:\Users\Vito\Downloads\Un regalo para Pepe - La Granja de Zenón - Episodio 12.mp4
      2017-10-15 10:48 - 2017-10-15 10:48 - 023826975 _____ C:\Users\Vito\Downloads\Había Un Burrito - La Granja de Zenón 4 - El Reino Infantil.mp4
      2017-10-15 10:42 - 2017-10-15 10:44 - 031608424 _____ C:\Users\Vito\Downloads\La Granja de Zenón - La Granja de Zenón 3 (1).mp4
      2017-10-13 19:38 - 2017-11-02 19:31 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2017-10-13 19:38 - 2017-10-13 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2017-10-13 19:38 - 2017-10-13 19:38 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2017-10-13 18:28 - 2017-10-13 18:29 - 001130328 _____ (Google Inc.) C:\Users\Vito\Downloads\ChromeSetup.exe
      2017-10-13 18:26 - 2017-11-03 17:54 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
      2017-10-13 18:26 - 2017-10-13 18:26 - 000000000 ____D C:\Users\Vito\AppData\Roaming\McAfee Safe Connect
      2017-10-13 18:26 - 2017-10-13 18:26 - 000000000 ____D C:\Users\Vito\AppData\Local\McAfee_Inc
      2017-10-13 18:20 - 2017-10-13 19:38 - 000001944 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2017-10-13 18:20 - 2017-10-13 18:20 - 000004510 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-10-13 18:20 - 2017-10-13 18:20 - 000004332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2017-10-08 22:36 - 2017-10-08 22:36 - 000212937 _____ C:\Users\Vito\Downloads\D432.pdf
      2017-10-08 19:19 - 2017-10-08 19:19 - 000925658 _____ C:\Users\Vito\Downloads\D429.pdf
      2017-10-07 14:46 - 2017-10-07 14:46 - 000000043 _____ C:\Users\Vito\Downloads\hbpix (1)

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-06 18:15 - 2016-06-24 19:27 - 000000000 ____D C:\Users\Vito\AppData\Local\LogMeIn Hamachi
      2017-11-06 15:39 - 2013-09-29 23:04 - 000005498 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-11-06 15:39 - 2013-07-27 17:53 - 008785800 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-11-06 15:39 - 2013-07-27 17:53 - 002648898 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-11-06 11:30 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
      2017-11-06 07:15 - 2013-07-27 17:21 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1682400155-3688040352-2478644615-1001
      2017-11-06 07:01 - 2015-06-06 14:11 - 000000000 __SHD C:\Users\Vito\IntelGraphicsProfiles
      2017-11-06 07:01 - 2014-04-29 11:53 - 000000000 __RDO C:\Users\Vito\SkyDrive
      2017-11-06 07:00 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-05 20:42 - 2013-07-27 17:12 - 000000000 ____D C:\Users\Vito\AppData\Local\Packages
      2017-11-05 20:01 - 2013-11-10 06:27 - 000000000 ____D C:\Users\Vito\AppData\Local\Deployment
      2017-11-05 17:33 - 2013-10-30 20:10 - 000000000 ____D C:\Users\Vito
      2017-11-05 10:00 - 2014-03-28 06:33 - 000000000 ____D C:\WINDOWS\Minidump
      2017-11-05 01:17 - 2016-08-23 07:45 - 000000000 ____D C:\Users\Vito\AppData\Roaming\Skype
      2017-11-04 17:59 - 2016-09-17 16:54 - 000000000 ____D C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
      2017-11-04 17:59 - 2016-06-26 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
      2017-11-04 17:59 - 2016-06-23 19:39 - 000000000 ____D C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
      2017-11-04 17:59 - 2013-11-12 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
      2017-11-04 12:14 - 2016-09-23 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewTek
      2017-11-04 12:11 - 2017-05-19 17:06 - 000000000 ____D C:\Program Files (x86)\Steam
      2017-11-04 12:08 - 2013-10-30 20:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
      2017-11-04 11:24 - 2013-09-06 23:57 - 001398272 ___SH C:\Users\Vito\Desktop\Thumbs.db
      2017-11-04 10:47 - 2016-07-06 17:09 - 000000000 ____D C:\Users\Vito\AppData\Roaming\PhotoScape
      2017-11-04 10:47 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\ModemLogs
      2017-11-04 10:42 - 2015-02-20 21:33 - 000000000 ____D C:\AdwCleaner
      2017-11-04 10:16 - 2015-08-11 09:23 - 000000000 ____D C:\Users\Vito\Desktop\erika
      2017-11-04 09:48 - 2015-06-06 10:16 - 000000000 ____D C:\Users\Vito\AppData\Local\Avg
      2017-11-04 09:46 - 2015-09-11 20:43 - 000000000 ____D C:\Users\Vito\AppData\Local\AvgSetupLog
      2017-11-04 09:43 - 2015-06-06 09:24 - 000000000 ____D C:\ProgramData\MFAData
      2017-11-04 09:35 - 2013-08-22 08:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2017-11-04 00:09 - 2015-06-30 16:13 - 000003468 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-04 00:09 - 2015-06-30 16:13 - 000003340 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-03 21:07 - 2015-02-20 21:49 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-03 19:50 - 2017-02-09 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
      2017-11-03 19:50 - 2016-02-20 22:07 - 000000000 ____D C:\Program Files (x86)\Wondershare
      2017-11-03 14:48 - 2014-08-16 15:30 - 000000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      2017-11-03 14:47 - 2014-08-16 15:26 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
      2017-11-03 14:26 - 2016-03-02 05:41 - 000000000 ____D C:\Program Files (x86)\Avira
      2017-11-03 01:05 - 2015-05-26 22:36 - 000000000 ____D C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-11-03 01:05 - 2015-05-26 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-11-03 01:05 - 2015-05-26 22:36 - 000000000 ____D C:\Program Files (x86)\WinRAR
      2017-11-03 01:05 - 2015-05-11 22:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-11-03 01:01 - 2016-10-23 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
      2017-11-03 01:01 - 2015-03-13 19:38 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
      2017-11-03 01:01 - 2015-03-13 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
      2017-11-03 01:01 - 2015-03-13 19:38 - 000000000 ____D C:\Program Files (x86)\Java
      2017-11-02 21:23 - 2016-10-15 10:14 - 000000000 ____D C:\ProgramData\Skype
      2017-11-02 19:55 - 2016-03-02 05:41 - 000000000 ____D C:\ProgramData\Package Cache
      2017-11-02 19:55 - 2014-01-13 22:05 - 000000000 ____D C:\ProgramData\Avira
      2017-11-02 19:48 - 2017-07-25 14:59 - 000003182 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1682400155-3688040352-2478644615-1001
      2017-11-02 19:47 - 2016-04-23 06:38 - 000002379 _____ C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
      2017-11-02 19:31 - 2017-09-10 09:37 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Free
      2017-11-02 19:27 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-11-02 19:19 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\registration
      2017-11-02 19:16 - 2013-01-11 04:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
      2017-10-29 22:02 - 2014-11-26 20:49 - 000000000 ____D C:\Users\Vito\AppData\Local\WMTools Downloaded Files
      2017-10-29 18:29 - 2017-09-10 09:42 - 000000000 ____D C:\ProgramData\xml_param
      2017-10-27 07:31 - 2016-01-16 18:31 - 000000000 ____D C:\Users\Vito\Desktop\Voices
      2017-10-16 13:17 - 2016-07-06 17:10 - 000002022 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2017-10-16 13:17 - 2016-07-06 17:10 - 000002020 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2017-10-16 13:17 - 2016-07-06 17:10 - 000002010 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2017-10-16 13:17 - 2016-07-06 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
      2017-10-15 11:44 - 2015-04-13 21:45 - 000000000 ____D C:\Users\Vito\AppData\Roaming\.minecraft
      2017-10-13 18:20 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-10-13 18:20 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-10-13 18:20 - 2012-12-05 03:59 - 000000000 ____D C:\ProgramData\McAfee
      2017-10-13 18:19 - 2014-06-14 07:34 - 000000000 ____D C:\Users\Vito\AppData\Local\Adobe

      ==================== Files in the root of some directories =======

      2015-04-04 09:10 - 2017-09-10 11:56 - 000005120 _____ () C:\Users\Vito\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2016-11-28 21:26 - 2016-11-28 21:26 - 000005051 _____ () C:\ProgramData\czchsjpj.srw
      2013-01-11 03:51 - 2013-01-11 03:51 - 000000000 _____ () C:\ProgramData\DP45977C.lfl
      2013-01-11 04:12 - 2013-01-11 04:12 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
      2017-11-04 12:09 - 2017-11-04 12:09 - 000000016 _____ () C:\ProgramData\mntemp

      Some zero byte size files/folders:
      ==========================
      C:\Windows\SysWOW64\ntlanman.dll
      C:\Windows\SysWOW64\provsvc.dll
      C:\Windows\System32\taskeng.exe
      C:\Windows\System32\tquery.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-05 09:54

      ==================== End of FRST.txt ============================

    9. #9
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Se adjunta la primera parte del segundo archivo:

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
      Ran by Vito (06-11-2017 18:39:56)
      Running from C:\Users\Vito\Desktop
      Windows 8.1 (Update) (X64) (2013-10-31 01:28:43)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrator (S-1-5-21-1682400155-3688040352-2478644615-500 - Administrator - Disabled)
      Guest (S-1-5-21-1682400155-3688040352-2478644615-501 - Limited - Disabled)
      Vito (S-1-5-21-1682400155-3688040352-2478644615-1001 - Administrator - Enabled) => C:\Users\Vito

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
      Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Acer Incorporated)
      Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
      AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3124 - Acer Incorporated)
      AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
      Adobe Connect 9 Add-in (HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.980.387 - Adobe Systems Incorporated)
      Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
      Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-90fa3e7c-bc5b-4e9a-a2c5-d617182d573e) (Version: 2.2.0.98 - WildTangent) Hidden
      Aloha TriPeaks (HKLM-x32\...\WTA-f307ebdc-3bb0-4cc8-9774-0540f185cca7) (Version: 2.2.0.98 - WildTangent) Hidden
      Apple Application Support (32 bits) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
      Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
      Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
      Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
      BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
      Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
      Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version: - )
      Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
      CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
      clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
      clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
      clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.1925 - CyberLink Corp.) Hidden
      clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2008 - CyberLink Corp.) Hidden
      Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-07c13ad0-0d25-4ece-a7ea-caea89deaac5) (Version: 2.2.0.98 - WildTangent) Hidden
      CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
      D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      Delicious: Emily's True Love Premium Edition (HKLM-x32\...\WTA-b6b0febc-569b-4fda-8c17-132008583a85) (Version: 2.2.0.98 - WildTangent) Hidden
      Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
      Dora's World Adventure (HKLM-x32\...\WTA-f43abb96-01a9-4a28-87e5-1e7677498caa) (Version: 2.2.0.95 - WildTangent) Hidden
      eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
      Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Hidden
      Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
      Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
      Google Drive (HKLM-x32\...\{AC117AF9-316B-4E1D-959E-F0EB85B0DC5F}) (Version: 2.34.7100.0000 - Google, Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
      Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Acer Incorporated)
      Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
      Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
      Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
      iTunes (HKLM\...\{6135745D-1CE1-47D9-9731-48E7C73570E9}) (Version: 12.7.0.166 - Apple Inc.)
      Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
      Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
      Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
      Jewel Match 3 (HKLM-x32\...\WTA-1134092d-7a6b-4af9-ab2d-be8a1a4cb972) (Version: 2.2.0.98 - WildTangent) Hidden
      LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
      LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
      McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
      Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4420.1017 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
      Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
      Mozilla Firefox 43.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 es-ES)) (Version: 43.0.1 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
      Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-40c04624-6089-4832-8952-e9e99ac8dbac) (Version: 2.2.0.98 - WildTangent) Hidden
      Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
      Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
      Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
      Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
      Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
      Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3202 - Acer)
      Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
      Peggle Nights (HKLM-x32\...\WTA-b7851b72-3a97-4aa8-946f-08681df4ca5b) (Version: 2.2.0.98 - WildTangent) Hidden
      Penguins! (HKLM-x32\...\WTA-30dca80a-d8e6-4eb2-8742-4571fd7480f8) (Version: 2.2.0.98 - WildTangent) Hidden
      PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
      Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-fe6405ca-00c9-4468-929c-ae0dcf542312) (Version: 2.2.0.98 - WildTangent) Hidden
      PointGrab Hand Gesture Control (HKLM-x32\...\{4B145183-E986-4585-ADDF-0C73DB575112}) (Version: 3.2.0.10495 - PointGrab) Hidden
      PointGrab Hand Gesture Control (HKLM-x32\...\InstallShield_{4B145183-E986-4585-ADDF-0C73DB575112}) (Version: 3.2.0.10495 - PointGrab)
      PointGrab Hand Gesture Control Tutorial (HKLM-x32\...\{92586A21-3E08-4055-B413-8ACCAAB50A42}) (Version: 3.2.0.9896 - PointGrab) Hidden
      PointGrab Hand Gesture Control Tutorial (HKLM-x32\...\InstallShield_{92586A21-3E08-4055-B413-8ACCAAB50A42}) (Version: 3.2.0.9896 - PointGrab)
      Polar Bowler (HKLM-x32\...\WTA-d83801df-e8b4-4fe2-99fe-e9b8e8b01c79) (Version: 2.2.0.97 - WildTangent) Hidden
      Polar Golfer (HKLM-x32\...\WTA-433f6284-3b21-480b-b5a4-62d985a25c64) (Version: 2.2.0.98 - WildTangent) Hidden
      Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
      Python 3.6.0b2 (32-bit) (HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\{422816b2-6202-48a4-b77f-eccf67160711}) (Version: 3.6.112.0 - Python Software Foundation)
      Python 3.6.0b2 (64-bit) (HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\{aeb34bf6-bf52-48a9-8057-355a5842494e}) (Version: 3.6.112.0 - Python Software Foundation)
      Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
      Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.31 - Qualcomm Atheros)
      Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
      Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
      RecordPad, grabadora de sonidos (HKLM-x32\...\Recordpad) (Version: 5.38 - NCH Software)
      Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
      Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
      Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
      Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
      Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
      Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
      Soluto (HKLM\...\{9D518600-EEE8-486F-8E13-8EDEB0DFBF62}) (Version: 1.3.1083.1 - Soluto)
      StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Tales of Lagoona (HKLM-x32\...\WTA-1f6b6d05-9033-424c-b4ea-821d201b5e0d) (Version: 2.2.0.110 - WildTangent) Hidden
      Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPRO_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
      Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
      Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
      Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
      Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
      Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
      Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
      WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
      WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.9.3 - WildTangent) Hidden
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
      Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
      WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      Xerox WorkCentre 6015N_NI (HKLM-x32\...\{AF0A195E-2ECE-4B02-AC0E-B7B8B57F5E76}) (Version: 1.014.00 - Xerox) Hidden
      Xerox WorkCentre 6015N_NI (HKLM-x32\...\InstallShield_{AF0A195E-2ECE-4B02-AC0E-B7B8B57F5E76}) (Version: 1.014.00 - Xerox)
      Zuma's Revenge (HKLM-x32\...\WTA-f5facf5b-48f0-4545-95da-0e7d0bbb969e) (Version: 2.2.0.98 - WildTangent) Hidden

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
      ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
      ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
      ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
      ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-02] (AVAST Software)
      ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-02] (AVAST Software)
      ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2012-11-09] (Qualcomm Atheros Commnucations)
      ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-02] (AVAST Software)
      ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
      ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
      ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\WINDOWS\SysWOW64\ISCM64.dll [2015-02-27] ()
      ContextMenuHandlers1: [TextAloud] -> {BF31B0FB-AE0E-488F-BFD6-416FA2F9915F} => C:\Program Files (x86)\TextAloud\TAContextMenu64.dll [2015-01-05] ()
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2012-09-21] ()
      ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-02] (AVAST Software)
      ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2012-11-09] (Qualcomm Atheros Commnucations)
      ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
      ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
      ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-02] (AVAST Software)
      ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
      ContextMenuHandlers1_S-1-5-21-1682400155-3688040352-2478644615-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
      ContextMenuHandlers4_S-1-5-21-1682400155-3688040352-2478644615-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
      ContextMenuHandlers5_S-1-5-21-1682400155-3688040352-2478644615-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0A891611-D0EB-4082-95F6-4FEC57698BB0} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
      Task: {0FDCF2DF-814D-45B2-B79E-80EEFD4BB164} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
      Task: {1511A8E2-D7F7-4CEB-B068-AF4DAA16A9E1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-17] (Microsoft Corporation)
      Task: {163A38B3-40D7-466B-8FAE-77A8C6195F86} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05] (Oracle Corporation)
      Task: {23DAEF7F-6DF4-4478-9405-A373513CA810} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
      Task: {25CA79AF-7035-4261-B1C0-F7FF962DED9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_159_pepper.exe [2017-10-13] (Adobe Systems Incorporated)
      Task: {3C304298-BECF-4BD0-89AE-D7092F0D0729} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-13] (Adobe Systems Incorporated)
      Task: {49172CCB-6BFE-4AFB-B3E4-15DF15DAF590} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
      Task: {593C93B5-625C-4D38-830F-9578E0F856DA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-02] (AVAST Software)
      Task: {6098AD0C-4943-4B9C-9E0F-881428AD3710} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
      Task: {72B68DFC-7FED-4193-B78B-BA4FBA9AED91} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1682400155-3688040352-2478644615-1001
      Task: {89714388-E37F-45CA-8792-020982011DEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
      Task: {907C40A3-E2A2-4863-9B5F-6CDBE4D23EE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {9CE0521C-1C0F-4261-9E15-07C812DCB4F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
      Task: {A5061E35-EA86-4889-B314-942F9BEB0A41} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-10-01] (Microsoft Corporation)
      Task: {B5E4651F-52D1-4547-A9E7-2B70F6054C36} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
      Task: {C32CF057-1369-4DFB-BAF2-5EBE3DDAA15E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
      Task: {C4E4F1CB-24B1-4287-8870-434C32DCC236} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
      Task: {C7792E7B-AC32-4FA0-9A27-7373B999F043} - System32\Tasks\{4142250D-53F3-4CA6-9BE0-D8EC0CFD26DF} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\Vito\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm
      Shortcut: C:\Users\Vito\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com
      Shortcut: C:\Users\Vito\AppData\Local\Microsoft\Windows\Application Shortcuts\35135TwoGuysandaApp.YouTubeNow_xc3b11gcg8yyg\httpwwwyoutubecom.lnk -> hxxp://www.youtube.com
      Shortcut: C:\Users\Vito\AppData\Local\Microsoft\Windows\Application Shortcuts\35135TwoGuysandaApp.YouTubeNow_xc3b11gcg8yyg\httpwwwyoutubecomwatchv5a0juQ0aeGI.lnk -> hxxp://www.youtube.com/watch?v=5a0juQ0aeG

      ShortcutWithArgument: C:\Users\Vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb
      ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

      ==================== Loaded Modules (Whitelisted) ==============

      2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
      2017-09-10 09:38 - 2012-09-21 10:25 - 000727952 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
      2016-04-10 20:47 - 2015-02-27 14:38 - 000721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
      2012-03-09 14:34 - 2012-03-09 14:34 - 000022528 _____ () C:\WINDOWS\System32\xrhk2alm.dll
      2015-07-17 22:01 - 2012-10-01 17:34 - 000373360 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
      2015-07-17 22:01 - 2012-10-01 17:31 - 000495216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
      2015-07-17 22:01 - 2012-10-01 17:33 - 000596080 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
      2014-09-12 13:56 - 2014-09-12 13:56 - 000141824 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\5e3b26aed8574a4d297f73976c8df126\PCGAppControlPluginLoader.ni.exe
      2012-01-03 10:04 - 2012-01-03 10:04 - 000095744 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
      2012-11-16 05:54 - 2012-11-16 05:54 - 000091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
      2012-01-03 10:04 - 2012-01-03 10:04 - 000247296 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
      2012-01-03 10:04 - 2012-01-03 10:04 - 000227840 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
      2017-11-02 20:12 - 2017-11-02 20:12 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
      2017-11-02 20:12 - 2017-11-02 20:12 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
      2017-11-02 20:12 - 2017-11-02 20:12 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
      2017-11-02 20:12 - 2017-11-02 20:12 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
      2017-11-02 20:12 - 2017-11-02 20:12 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
      2017-11-02 20:11 - 2017-11-02 20:11 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
      2017-11-02 20:12 - 2017-11-02 20:13 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
      2013-01-11 03:49 - 2012-06-24 21:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
      DNS Servers: 192.168.0.1 - 8.8.8.8
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run: => "BtPreLoad"
      HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
      HKLM\...\StartupApproved\Run: => "HotKeysCmds"
      HKLM\...\StartupApproved\Run: => "IgfxTray"
      HKLM\...\StartupApproved\Run: => "Persistence"
      HKLM\...\StartupApproved\Run: => "RtHDVCpl"
      HKLM\...\StartupApproved\Run32: => "BCSSync"
      HKLM\...\StartupApproved\Run32: => "iTunesHelper"
      HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
      HKLM\...\StartupApproved\Run32: => "Adobe ARM"
      HKLM\...\StartupApproved\Run32: => "WSHelperSetup.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\StartupApproved\StartupFolder: => "hgr2010662687255723748nuj3.vbs"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\StartupApproved\Run: => "GenieFloater"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\StartupApproved\Run: => "hgr2010662687255723748nuj3"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\StartupApproved\Run: => "WSHelperSetup.exe"
      HKU\S-1-5-21-1682400155-3688040352-2478644615-1001\...\StartupApproved\Run: => "Skype"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{894E6CE4-05AB-44B3-81F5-D9024AE9E544}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      FirewallRules: [{ECAAF2BF-7188-40FA-92E1-7CB6E32063D9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      FirewallRules: [{31B8BB34-F9D2-4DBF-BD11-D05422E9E4B0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
      FirewallRules: [{686517B9-A015-4729-8EB5-B1FE59B1CF71}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
      FirewallRules: [{6DFF7115-33AB-494F-AD6E-A3F11A67895A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
      FirewallRules: [{91C59742-BEB6-4015-8836-9357BE26B386}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
      FirewallRules: [{96858170-5B76-4411-BACF-DDF4360A7C4E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
      FirewallRules: [{DEEE3567-8363-4F23-89F3-20570E965417}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
      FirewallRules: [{AC5379D8-E428-49BF-ADAF-6BD079F04A3B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
      FirewallRules: [{C03D5407-F7B8-429A-ADB5-8F150090FF82}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
      FirewallRules: [{0251FB63-E10D-4FD5-8C6B-0651F70A0E86}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
      FirewallRules: [{1561D3D7-3051-45AD-B970-8B4539E423B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
      FirewallRules: [{3DC4AFDC-29CA-4B91-AD56-585B80FB788F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
      FirewallRules: [{9296F51C-E599-47BD-BBAC-4A5BAF5E63BA}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
      FirewallRules: [{5DE4512E-0858-415D-ABA3-8EA1AAB544EA}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
      FirewallRules: [{5DC19194-E88F-4695-ADD8-1C95E86836E4}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
      FirewallRules: [{4C6CB239-BED2-4CF7-8FFA-64D7F0F899E3}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
      FirewallRules: [{98A83B5E-3338-42DE-A4CF-C858021D5DFA}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
      FirewallRules: [{CA47E75A-2A1D-4FB3-9FB9-35257A2F7640}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
      FirewallRules: [{66DEA16A-17D3-4386-A76D-C893227705F6}] => (Allow) C:\Program Files\Soluto\Soluto.exe
      FirewallRules: [{1368089E-63D3-4645-98D7-4B6AB7A9DFF8}] => (Allow) C:\Program Files\Soluto\Soluto.exe
      FirewallRules: [{87C2DF83-5B68-4B38-A1A6-F352868AE67E}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
      FirewallRules: [{8D603E9B-7D6B-4683-A9FC-F17279916AE8}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
      FirewallRules: [{34193CBB-C3A7-4AD8-8C2D-5A3510BA6399}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      FirewallRules: [{1FADBDF8-EF62-44C8-AEE5-A804CF95AB5D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
      FirewallRules: [{EA488330-D136-4C39-853E-EAA2BBDB336A}] => (Allow) C:\Users\Vito\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
      FirewallRules: [{FE599890-E50C-4446-97B6-F7E3729F1025}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{03C305CA-EF98-43C8-8D07-DB5DC133A4C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{CE9A9257-AB50-4339-8AEE-AE89BF68882A}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
      FirewallRules: [UDP Query User{FC119B0B-3FCF-4DAE-B6F4-4CE4BB48BB04}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
      FirewallRules: [TCP Query User{2BB105EA-2687-4737-B7A5-65573A1466E9}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
      FirewallRules: [UDP Query User{A7C40CAF-C1F8-4460-9A56-7FEF5236C00C}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
      FirewallRules: [{4C943E09-1567-4A1C-B7A0-D59D14818071}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
      FirewallRules: [{7EFD5FCF-8844-428B-8E3F-3A00429B949A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
      FirewallRules: [{60126DD2-2D56-4EC2-BA6B-54093D598F43}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
      FirewallRules: [{4016BDFA-2299-4647-9D84-224DD18D2199}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
      FirewallRules: [{233CA0F7-177A-48FD-B648-4192C4406BD3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{F5566333-D29A-4555-AA57-774C9ABA46D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{7925BB57-B3B3-43F6-8272-2241CEF49938}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{9BA4D6F4-BDCD-422A-81F0-C7357B6554E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{2F69589C-3397-4907-B521-083926CEFD00}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{FF05D710-ABBF-43A0-A343-1F07EF79D59E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{B455908D-5CD7-447D-8DD9-48ADD4457D84}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{1A8998BE-8C3C-44F5-9885-83D78344EC47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [TCP Query User{AE442329-BA52-414D-80FB-1427332863C0}C:\miguel vcc transportes\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\miguel vcc transportes\starcraft ii\versions\base38749\sc2_x64.exe
      FirewallRules: [UDP Query User{FDDABA15-71FF-4A19-9897-9B3B93915BAD}C:\miguel vcc transportes\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) C:\miguel vcc transportes\starcraft ii\versions\base38749\sc2_x64.exe
      FirewallRules: [{43F372AD-7D22-4107-BA35-F1809031397B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{04EFA385-B392-4940-A649-9541B8BCE23E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{B0914431-8D52-4FDB-B4B7-C8CD4A60CDD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{959A9F6E-4CCE-4179-8C9D-6BB2FACF4F87}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [TCP Query User{D715D9D4-8D21-41FC-8BC4-8E4A3144BAC9}C:\miguel vcc transportes\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\miguel vcc transportes\starcraft ii\versions\base42932\sc2_x64.exe
      FirewallRules: [UDP Query User{158588B8-7398-46A8-8591-CE4D34024552}C:\miguel vcc transportes\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\miguel vcc transportes\starcraft ii\versions\base42932\sc2_x64.exe
      FirewallRules: [TCP Query User{A4787951-6911-4E62-99E6-304E81D25416}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
      FirewallRules: [UDP Query User{F77DF788-58DA-48AA-B989-8D8462E915AA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
      FirewallRules: [{0BA9EFD2-EAE3-40C1-B1EF-F747679939E8}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
      FirewallRules: [{534D91CA-BE8C-4EA4-B7BD-A08D948595CD}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
      FirewallRules: [TCP Query User{59F4AFA9-7B30-4A04-A5B2-B45EA50E50B0}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
      FirewallRules: [UDP Query User{7C92ACE5-6A9A-4828-93E8-074697692EB8}C:\program files\java\jre1.8.0_112\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_112\bin\javaw.exe
      FirewallRules: [{CB3CBB50-A95D-462E-AE0F-5611AF5839AE}] => (Block) C:\program files\java\jre1.8.0_112\bin\javaw.exe
      FirewallRules: [{7096B4AC-C887-43E4-B793-C76C3ED33021}] => (Block) C:\program files\java\jre1.8.0_112\bin\javaw.exe
      FirewallRules: [{528E129F-D964-49C6-BE22-3C0119FCC1DD}] => (Allow) C:\Users\Vito\AppData\Local\Apowersoft\Online Screen Recorder\Apowersoft Video Editor.exe
      FirewallRules: [{B8B04EDF-87E9-46C5-992C-0E5A3A7246D6}] => (Allow) C:\Users\Vito\AppData\Local\Apowersoft\Online Screen Recorder\Apowersoft Video Editor.exe
      FirewallRules: [{11C4549D-0D74-46A8-BA51-B9AFB8FB08CA}] => (Allow) C:\Users\Vito\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
      FirewallRules: [{20741CD0-51AD-45E1-874C-B3538671F8E2}] => (Allow) C:\Users\Vito\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
      FirewallRules: [{FAC134C5-219D-4AAD-B408-36F691068735}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{EC876845-207F-47C4-A209-03F1C14D202B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{A8208DB6-920C-4BF3-80B0-C96288C381A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{53FB1AD7-A49D-4206-A5BD-72C3399A3F03}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{D349CB84-9D1A-4674-A0D0-D2A57FC222FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
      FirewallRules: [{09F00A44-1412-45C1-91E3-6AF750FB3F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
      FirewallRules: [{6D86598A-D3D1-490F-BFC3-1F3F4AA05014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
      FirewallRules: [{6283B6AD-650D-44C3-80F8-8F5517027B9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
      FirewallRules: [TCP Query User{79F9B39F-46A8-47F0-9947-88BF8794776E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
      FirewallRules: [UDP Query User{5D8DC1B4-F4EF-4F4A-95F6-3910534A8675}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
      FirewallRules: [{D9646651-9C15-4485-91D5-766FB0DFBA9F}] => (Block) C:\program files (x86)\skype\phone\skype.exe
      FirewallRules: [{7C0E7A5B-9DCE-4887-B527-B05D4D7624EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{C4CE474C-6695-4A44-86D0-90A06350AB93}] => (Allow) C:\Program Files\iTunes\iTunes.exe

      ==================== Restore Points =========================

      02-11-2017 1957 Operación de restauración
      04-11-2017 10:27:37 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============

      Name: Bluetooth Audio Device
      Description: Bluetooth Audio Device
      Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
      Manufacturer: Qualcomm Atheros Communications
      Service: BTATH_A2DP
      Problem: : This device cannot start. (Code10)
      Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
      On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

      Name: Virtual Bluetooth Support (Include Audio)
      Description: Virtual Bluetooth Support (Include Audio)
      Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
      Manufacturer: Qualcomm Atheros Communications
      Service: AthBTPort
      Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
      Resolution: Update the driver

      Name: Bluetooth LWFLT Device
      Description: Bluetooth LWFLT Device
      Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
      Manufacturer: Qualcomm Atheros Communications
      Service: BTATH_LWFLT
      Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
      Resolution: Update the driver

    10. #10
      Usuario Avatar de vitocerron
      Registrado
      nov 2017
      Ubicación
      Perú
      Mensajes
      7

      Re: Malware Delaton

      Finalmente, la parte que faltaba del segundo TXT


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/06/2017 06:37:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: The configuration registry database is corrupt.

      Error: (11/06/2017 06:37:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
      Description: Windows no pudo cargar el Registro. A menudo este problema se debe a una memoria o derechos de seguridad insuficientes.

      DETALLE - The configuration registry database is corrupt.
      para C:\Users\Vito\AppData\Local\Microsoft\Windows\\UsrClass.dat

      Error: (11/06/2017 06:37:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
      Description: Windows no puede cargar el archivo de Registro de clases.
      DETALLE: The configuration registry database is corrupt.

      Error: (11/06/2017 06:37:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
      Description: Windows no pudo cargar el Registro. A menudo este problema se debe a una memoria o derechos de seguridad insuficientes.

      DETALLE - The configuration registry database is corrupt.
      para C:\Users\Vito\AppData\Local\Microsoft\Windows\\UsrClass.dat

      Error: (11/06/2017 03:39:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (11/06/2017 03:39:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/06/2017 03:39:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/06/2017 03:09:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
      Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

      Error: (11/06/2017 03:09:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

      Error: (11/06/2017 03:09:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
      Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.


      System errors:
      =============
      Error: (11/06/2017 06:39:58 PM) (Source: DCOM) (EventID: 10005) (User: VCCTRANSPORTES)
      Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "Unavailable" para ejecutar el servidor:
      {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

      Error: (11/06/2017 06:39:58 PM) (Source: DCOM) (EventID: 10005) (User: VCCTRANSPORTES)
      Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "Unavailable" para ejecutar el servidor:
      {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

      Error: (11/06/2017 06:39:58 PM) (Source: DCOM) (EventID: 10005) (User: VCCTRANSPORTES)
      Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "Unavailable" para ejecutar el servidor:
      {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/06/2017 06:39:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.

      Error: (11/06/2017 06:39:58 PM) (Source: DCOM) (EventID: 10005) (User: VCCTRANSPORTES)
      Description: Error de DCOM "1053" al intentar iniciar el servicio WSearch con argumentos "Unavailable" para ejecutar el servidor:
      {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


      CodeIntegrity:
      ===================================
      Date: 2017-11-06 07:00:07.122
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-06 06:50:51.969
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 17:34:09.913
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 13:03:53.821
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 10:06:59.515
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 09:42:30.672
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 09:37:33.421
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-05 09:00:22.123
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-04 17:17:38.579
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-11-04 12:52:27.353
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
      Percentage of memory in use: 36%
      Total physical RAM: 6027.99 MB
      Available physical RAM: 3837.32 MB
      Total Virtual: 12171.99 MB
      Available Virtual: 9925.89 MB

      ==================== Drives ================================

      Drive c: (Acer) (Fixed) (Total:915.36 GB) (Free:560.17 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 931.5 GB) (Disk ID: 449C3EFE)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    Página 1 de 2 12 ÚltimoÚltimo