• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 22

    Necesito identificar este exe.(Solucionado)

    Buenos dias! En seguida hago que lo me pediste, de nuevo se abrió el cmd y alcance a ver que algo se llamaba "bitsamin.exe" creo....

          
    1. #11
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      Buenos dias!
      En seguida hago que lo me pediste, de nuevo se abrió el cmd y alcance a ver que algo se llamaba "bitsamin.exe" creo.

    2. #12
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      Hola otra vez!
      Aquí están les haré copypaste
      FRTS

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
      Ran by win (administrator) on DESKTOP-8M7M1JK (26-11-2017 10:57:21)
      Running from C:\Users\win\Desktop
      Loaded Profiles: win (Available Profiles: win)
      Platform: Windows 10 Enterprise Version 1703 15063.674 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (AMD) C:\Windows\System32\atiesrxx.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
      (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
      (Auralog) C:\TMMEducation\apps\httpserver\HttpServer.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Spotify Ltd) C:\Users\win\AppData\Roaming\Spotify\SpotifyWebHelper.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
      HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-10-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
      HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
      HKLM-x32\...\Run: [TAForOE Loader] => C:\Program Files (x86)\TextAloud\TAForOELoader.exe [499144 2010-05-17] (NextUp.com)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [uTorrent] => C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-10-18] (BitTorrent Inc.)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-01-07] (Electronic Arts)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [MK LOL] => C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe [1092296 2017-03-25] ()
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [BingSvc] => C:\Users\win\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [Spotify] => C:\Users\win\AppData\Roaming\Spotify\Spotify.exe [21076080 2017-11-25] (Spotify Ltd)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Run: [Spotify Web Helper] => C:\Users\win\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-25] (Spotify Ltd)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\fcbd.bat [2016-12-26] ()
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-10-09]
      ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
      GroupPolicy: Restriction <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4
      Tcpip\..\Interfaces\{b5615578-1d37-46e7-baa2-93796b0148f0}: [DhcpNameServer] 200.30.192.15 190.160.0.13 200.83.1.4

      Internet Explorer:
      ==================
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-cl/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
      BHO: No Name -> {AE7CD045-E861-484f-8273-0445EE161910} -> No File
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
      BHO: No Name -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> No File
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
      BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll => No File
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
      BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll => No File
      Toolbar: HKLM - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
      Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll No File
      Toolbar: HKLM-x32 - TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll [2010-05-20] (NextUp.com)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

      FireFox:
      ========
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-11] [Lagacy]
      FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
      FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
      FF Plugin HKU\S-1-5-21-1956748682-4056117983-1636861691-1001: @nsroblox.roblox.com/launcher -> C:\Users\win\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
      FF Plugin HKU\S-1-5-21-1956748682-4056117983-1636861691-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\win\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
      FF Plugin HKU\S-1-5-21-1956748682-4056117983-1636861691-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\win\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

      Chrome:
      =======
      CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-es
      CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
      CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> bing.com
      CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
      CHR Profile: C:\Users\win\AppData\Local\Google\Chrome\User Data\Default [2017-11-26]
      CHR Extension: (Presentaciones) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Documentos) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-03]
      CHR Extension: (YouTube) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-03]
      CHR Extension: (Adobe Acrobat) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
      CHR Extension: (Hojas de cálculo) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-05]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
      CHR Extension: (Gmail) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-03]
      CHR Extension: (Chrome Media Router) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-18] ()
      R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1267984 2015-02-27] (Disc Soft Ltd)
      S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [409128 2017-02-23] (EasyAntiCheat Ltd)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-07] (Electronic Arts)
      R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2017-01-07] (Electronic Arts)
      R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-05-28] ()
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
      R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-10-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
      R2 TELL ME MORE 7 EDUCATION; C:\TMMEducation\Apps\HttpServer\HttpServer.exe [233472 2004-11-03] (Auralog) [File not signed]
      R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
      R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
      R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0316467.inf_amd64_3d8fbd78102e53d7\atikmdag.sys [38439848 2017-07-26] (Advanced Micro Devices, Inc.)
      R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0316467.inf_amd64_3d8fbd78102e53d7\atikmpag.sys [549800 2017-07-26] (Advanced Micro Devices, Inc.)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
      R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2017-05-14] (Disc Soft Ltd)
      R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
      R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-21] (Malwarebytes)
      R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-25] (Malwarebytes)
      R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-25] (Malwarebytes)
      R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-21] (Malwarebytes)
      R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-26] (Malwarebytes)
      S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
      R1 MpKsl88145957; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F7A3F9D9-7E23-4C44-A3B9-95F2AAA07AA0}\MpKsl88145957.sys [58120 2017-11-25] (Microsoft Corporation)
      R1 MpKsla4f3a993; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03996FDE-9C6B-4D37-9091-B1DE99CD13AB}\MpKsla4f3a993.sys [58120 2017-11-25] (Microsoft Corporation)
      R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-10-09] (SoftEther Corporation)
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
      R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
      S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
      R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-10-09] (SoftEther Corporation)
      R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-21] (Oracle Corporation)
      R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-21] (Oracle Corporation)
      S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
      R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
      S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-07-11] (Wellbia.com Co., Ltd.)
      S3 BstHdDrv; \??\C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [X]
      S3 BstkDrv; \??\C:\Program Files (x86)\Bluestacks\BstkDrv.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-26 10:57 - 2017-11-26 10:58 - 000018980 _____ C:\Users\win\Desktop\FRST.txt
      2017-11-26 10:57 - 2017-11-26 10:57 - 000000000 ____D C:\FRST
      2017-11-26 10:56 - 2017-11-26 10:55 - 002393088 _____ (Farbar) C:\Users\win\Desktop\FRST64.exe
      2017-11-23 23:25 - 2017-11-23 23:25 - 000000000 ____D C:\Users\win\AppData\Local\ESET
      2017-11-23 22:55 - 2017-11-23 22:55 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1422D8A3.sys
      2017-11-23 22:53 - 2017-11-25 13:28 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
      2017-11-23 22:53 - 2017-11-23 22:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\win\Desktop\mbar-1.10.3.1001.exe
      2017-11-23 22:53 - 2017-11-23 22:53 - 000000000 ____D C:\Users\win\Documents\Nueva carpeta
      2017-11-23 22:52 - 2017-11-23 22:52 - 000004354 _____ C:\Users\win\Desktop\startup.txt
      2017-11-21 23:39 - 2017-11-21 23:39 - 000000664 _____ C:\Users\win\Desktop\JRT.txt
      2017-11-21 23:11 - 2017-11-21 23:11 - 000000000 ____D C:\Users\win\Doctor Web
      2017-11-21 23:11 - 2017-11-21 23:11 - 000000000 ____D C:\ProgramData\Doctor Web
      2017-11-21 23:11 - 2017-11-21 23:10 - 161024344 _____ C:\Users\win\Desktop\cureit.exe
      2017-11-21 23:08 - 2017-11-21 23:08 - 000000664 _____ C:\Users\win\Documents\cc_20171121_230847.reg
      2017-11-21 23:07 - 2017-11-21 23:07 - 000022936 _____ C:\Users\win\Documents\cc_20171121_230746.reg
      2017-11-21 23:05 - 2017-11-21 23:06 - 000740966 _____ C:\Users\win\Documents\cc_20171121_230543.reg
      2017-11-21 22:59 - 2017-11-21 22:59 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
      2017-11-21 22:59 - 2017-11-21 22:59 - 000002866 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
      2017-11-21 22:59 - 2017-11-21 22:59 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-11-21 22:59 - 2017-11-21 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-11-21 22:59 - 2017-11-21 22:59 - 000000000 ____D C:\Program Files\CCleaner
      2017-11-21 22:51 - 2017-11-21 22:51 - 000005882 _____ C:\Users\win\Desktop\AdwCleaner[S0].txt
      2017-11-21 22:47 - 2017-11-21 23:45 - 000000000 ____D C:\AdwCleaner
      2017-11-21 22:47 - 2017-11-21 22:47 - 008261584 _____ (Malwarebytes) C:\Users\win\Desktop\AdwCleaner.exe
      2017-11-21 21:18 - 2017-11-21 21:18 - 000001708 _____ C:\Users\win\Desktop\iExplore - Acceso directo.lnk
      2017-11-21 21:16 - 2017-11-26 10:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
      2017-11-21 21:16 - 2017-11-25 13:28 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
      2017-11-21 21:16 - 2017-11-21 21:16 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
      2017-11-21 21:15 - 2017-11-25 13:28 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
      2017-11-21 21:15 - 2017-11-23 22:55 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-21 21:15 - 2017-11-21 21:15 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
      2017-11-21 21:15 - 2017-11-21 21:15 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-11-21 21:15 - 2017-11-21 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-21 21:15 - 2017-11-21 21:15 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-11-21 21:15 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-11-21 21:14 - 2017-11-21 21:17 - 000001882 _____ C:\Users\win\Desktop\Rkill.txt
      2017-11-21 18:50 - 2017-11-21 18:50 - 000000000 ____D C:\Users\win\AppData\LocalLow\uTorrent
      2017-11-20 19:21 - 2017-11-26 10:53 - 000003570 _____ C:\WINDOWS\System32\Tasks\cHDAJGJbOYi
      2017-11-20 19:21 - 2017-11-25 23:10 - 000003366 _____ C:\WINDOWS\System32\Tasks\rsOkCewuS
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000001 _____ C:\Users\win\AppData\Local\WMI.ini
      2017-11-20 19:21 - 2017-03-18 17:58 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\8935489.exe
      2017-11-16 22:02 - 2017-11-16 22:02 - 000000000 ____D C:\Users\win\AppData\Local\ElevatedDiagnostics

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-26 10:56 - 2016-07-31 20:14 - 000000000 ____D C:\Users\win\AppData\Local\Spotify
      2017-11-26 10:55 - 2017-04-16 13:11 - 000000000 ____D C:\Users\win\Downloads\Nueva carpeta
      2017-11-26 10:54 - 2017-10-09 13:04 - 000000000 ____D C:\Program Files\SoftEther VPN Client
      2017-11-26 10:53 - 2017-06-19 21:11 - 000004216 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{839E1759-4AA5-4690-B3B2-22D39956086A}
      2017-11-26 10:51 - 2017-06-19 20:54 - 000000000 ____D C:\Users\win
      2017-11-26 10:51 - 2016-07-31 20:13 - 000000000 ____D C:\Users\win\AppData\Roaming\Spotify
      2017-11-25 23:33 - 2017-06-19 20:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-11-25 20:51 - 2016-08-19 13:30 - 000000000 ____D C:\Program Files (x86)\Steam
      2017-11-25 15:30 - 2017-03-18 17:51 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-11-25 13:28 - 2017-06-19 21:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-25 13:28 - 2016-08-10 23:48 - 000000128 _____ C:\AuralogDump.txt
      2017-11-25 11:38 - 2017-10-05 23:56 - 000000000 ____D C:\Users\win\Desktop\Nueva carpeta (3)
      2017-11-23 20:47 - 2016-11-11 20:07 - 000000000 ____D C:\Users\win\Desktop\Nueva carpeta
      2017-11-22 19:24 - 2016-07-31 20:38 - 000000000 ____D C:\WINDOWS\system32\MRT
      2017-11-22 19:20 - 2017-10-10 23:03 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
      2017-11-22 19:20 - 2016-07-31 20:38 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2017-11-22 18:59 - 2017-03-18 18:03 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-11-22 18:59 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-11-21 23:02 - 2017-05-14 12:29 - 000000000 ____D C:\Users\win\AppData\Roaming\DAEMON Tools Pro
      2017-11-21 23:02 - 2017-03-18 18:01 - 000000000 ____D C:\WINDOWS\INF
      2017-11-21 23:02 - 2016-08-26 19:35 - 000000000 ____D C:\Users\win\AppData\Roaming\uTorrent
      2017-11-21 22:54 - 2017-06-19 20:52 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
      2017-11-21 22:54 - 2017-03-18 08:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
      2017-11-21 22:50 - 2016-12-31 00:30 - 000000000 ____D C:\Users\win\AppData\Roaming\IObit
      2017-11-21 22:37 - 2016-10-18 18:29 - 000000000 ____D C:\Users\win\Desktop\Nueva carpeta (4)
      2017-11-21 21:13 - 2017-01-28 04:23 - 000000000 ____D C:\Users\win\Desktop\Juegos
      2017-11-21 18:54 - 2017-06-10 20:13 - 000000000 ____D C:\Users\win\Desktop\Cosas
      2017-11-21 17:03 - 2016-07-31 19:28 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
      2017-11-20 23:25 - 2016-09-02 17:16 - 000000000 ____D C:\Users\win\AppData\Local\Unity
      2017-11-20 19:20 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
      2017-11-20 19:20 - 2015-10-30 04:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
      2017-11-19 23:31 - 2017-09-27 20:28 - 000000000 ____D C:\Program Files\Epic Games
      2017-11-19 18:47 - 2017-03-11 00:29 - 000000000 ____D C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      2017-11-19 00:57 - 2017-07-19 23:46 - 000000000 ____D C:\Users\win\AppData\Roaming\TS3Client
      2017-11-16 21:38 - 2016-08-03 19:54 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 21:31 - 2017-06-19 21:11 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-16 21:31 - 2017-06-19 21:11 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-07 19:37 - 2017-06-26 17:10 - 000000000 ____D C:\Users\win\AppData\Roaming\SmartSteamEmu
      2017-11-04 22:40 - 2017-03-18 18:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2017-11-04 22:40 - 2017-03-18 18:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-01 16:51 - 2017-07-29 17:53 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1956748682-4056117983-1636861691-1001
      2017-11-01 16:51 - 2016-07-31 13:20 - 000002393 _____ C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-11-01 16:51 - 2016-07-31 13:20 - 000000000 ___RD C:\Users\win\OneDrive

      ==================== Files in the root of some directories =======

      2016-09-21 18:54 - 2017-04-05 21:21 - 000000132 _____ () C:\Users\win\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ () C:\Users\win\AppData\Local\lWAltt
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ () C:\Users\win\AppData\Local\lWAltt.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ () C:\Users\win\AppData\Local\pTecJzkATUFO
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ () C:\Users\win\AppData\Local\pTecJzkATUFO.bat
      2017-06-02 21:09 - 2017-10-12 22:26 - 000007605 _____ () C:\Users\win\AppData\Local\Resmon.ResmonCfg
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ () C:\Users\win\AppData\Local\SScHOOGMrT
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ () C:\Users\win\AppData\Local\SScHOOGMrT.bat
      2016-12-18 19:09 - 2017-08-21 22:02 - 000000552 _____ () C:\Users\win\AppData\Local\TroubleshooterConfig.json
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000001 _____ () C:\Users\win\AppData\Local\WMI.ini
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ () C:\Users\win\AppData\Local\wTFJtbGtq
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ () C:\Users\win\AppData\Local\wTFJtbGtq.bat

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-21 23:54

      ==================== End of FRST.txt ============================




      y el ADDITION

    3. #13
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
      Ran by win (26-11-2017 10:59:01)
      Running from C:\Users\win\Desktop
      Windows 10 Enterprise Version 1703 15063.674 (X64) (2017-06-20 00:20:20)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1956748682-4056117983-1636861691-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1956748682-4056117983-1636861691-503 - Limited - Disabled)
      Invitado (S-1-5-21-1956748682-4056117983-1636861691-501 - Limited - Disabled)
      win (S-1-5-21-1956748682-4056117983-1636861691-1001 - Administrator - Enabled) => C:\Users\win

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
      Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
      Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
      Alan Wake (HKLM-x32\...\Alan Wake_is1) (Version: - )
      AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
      Apple Application Support (32 bits) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
      Apple Application Support (64 bits) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
      Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
      Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
      Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      BioShock (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
      Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
      Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
      Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
      CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
      Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
      Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - )
      DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0484 - Disc Soft Ltd)
      Eines de correcció del Microsoft Office 2016: català (HKLM-x32\...\{90160000-001F-0403-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      Epic Games Launcher (HKLM-x32\...\{6431EC85-9141-4E3F-90E2-2AD01E51EB22}) (Version: 1.1.123.0 - Epic Games, Inc.)
      Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM-x32\...\{90160000-001F-0456-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
      iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
      Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
      Juego Prototype(TM) (HKLM-x32\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
      Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      League of Legends (HKLM-x32\...\{11B6CA74-0359-4E8B-9729-1902B9ADD29C}) (Version: 4.1.2 - Riot Games) Hidden
      League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
      Loquendo TTS: Jorge (Spanish) (HKLM-x32\...\LoqTTS-Jorge_is1) (Version: - )
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
      Max Payne 3 Complete Edition (HKLM\...\bWF4cGF5bmUz_is1) (Version: 1 - )
      MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
      Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
      Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
      MK LOL (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\MK LOL) (Version: - )
      MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - motioninjoy.com*-*motioninjoy Resources and Information.)
      Niche - a genetics survival game (HKLM\...\bmljaGVhZ2VuZXRpY3NzdXJ2aXZhbGdhbWU_is1) (Version: 1 - )
      Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.3.1 - Duodian Technology Co. Ltd.)
      NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
      Operation7 (HKLM-x32\...\Operation7_is1) (Version: 1 - Softnyx Co., Ltd.)
      Oracle VM VirtualBox 5.1.2 (HKLM\...\{629314D8-8CB7-45F4-8C48-20EF2E330430}) (Version: 5.1.2 - Oracle Corporation)
      Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
      Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
      PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
      Pokémon Trading Card Game Online (HKLM-x32\...\{09D3BF7D-EE53-4165-A56E-A08B15C5BF4E}) (Version: 2.39.0 - The Pokémon Company International)
      Prototype(TM) (HKLM-x32\...\{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision) Hidden
      PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
      QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
      Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM-x32\...\{90160000-001F-0416-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
      ROBLOX Player for win (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
      RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)

    4. #14
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
      Spotify (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\Spotify) (Version: 1.0.68.407.g6864aaaf - Spotify AB)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      TeamSpeak 3 Client (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\TeamSpeak 3 Client) (Version: 3.1.4.2 - TeamSpeak Systems GmbH)
      TELL ME MORE Education - Las aplicaciones del servidor (HKLM-x32\...\TMM70PRO_KAP) (Version: - )
      TELL ME MORE Education - TELL ME MORE (HKLM-x32\...\TMM70PRO_TMM) (Version: - )
      TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
      Unity Web Player (HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
      Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
      VEGAS Pro 14.0 (64-bit) (HKLM\...\{4D911470-79F9-11E6-9145-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
      VirtualDJ 8 (HKLM-x32\...\{5A89A21C-6391-4AFC-8502-66F6F7250125}) (Version: 8.0.2325.0 - Atomix Productions)
      Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
      Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
      WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\win\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll (ROBLOX Corporation)
      ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
      ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
      ContextMenuHandlers1-x32: [TextAloud] -> {BF31B0FB-AE0E-488F-BFD6-416FA2F9915F} => C:\Program Files (x86)\TextAloud\TAContextMenu.dll [2010-05-17] ()
      ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
      ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)
      ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files\DAEMON Tools Pro\DTShl64.dll [2015-02-27] (Disc Soft Ltd)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.)
      ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {13811002-26EB-4D03-9503-163C8A741C56} - System32\Tasks\rsOkCewuS => C:\Users\win\AppData\Local\SScHOOGMrT.bat [2017-11-20] () <==== ATTENTION
      Task: {240A1B47-9CFD-4AF0-81F5-D6F63ABAB781} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
      Task: {27910B25-80B6-4463-A2B5-7CE2F10A7B34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
      Task: {377B27B3-8ADC-4F9A-92B7-7927F1826CAC} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.)
      Task: {4AD64FF1-E65E-44C2-A265-4F259674B248} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      Task: {5BBCB439-CBCF-4DC2-846E-C9DA9EC58F1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {83101E29-A302-4492-A691-FFC24212EA6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
      Task: {86F9C6C8-41A8-4B4C-AA35-835BF5C1CCB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
      Task: {90D3B25E-E2B9-4DCC-8A7B-8FBD89DA18A8} - System32\Tasks\cHDAJGJbOYi => C:\Users\win\AppData\Local\wTFJtbGtq.bat [2017-11-20] () <==== ATTENTION
      Task: {9C23EE95-68BE-4ED1-B2B5-4EFA909EF5D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
      Task: {9DA4BE52-7629-4612-A977-62C8D3894508} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
      Task: {EF21DB97-1098-4497-AAC8-79CC2019665A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
      Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

      ==================== Loaded Modules (Whitelisted) ==============

      2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2016-11-17 01:28 - 2016-11-17 01:28 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2016-12-16 20:38 - 2017-05-28 14:49 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
      2017-11-21 21:15 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-11-21 21:15 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-03-18 17:58 - 2017-03-18 17:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2016-09-13 00:43 - 2016-09-13 00:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
      2016-09-13 00:43 - 2016-09-13 00:43 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
      2016-09-13 00:43 - 2016-09-13 00:43 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
      2016-09-13 00:43 - 2016-09-13 00:43 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
      2016-09-13 00:42 - 2016-09-13 00:42 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
      2016-09-13 00:42 - 2016-09-13 00:42 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
      2017-03-18 17:59 - 2017-03-20 02:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-11-16 22:28 - 2017-11-16 22:28 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2017-11-16 22:28 - 2017-11-16 22:28 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-11-16 22:28 - 2017-11-16 22:28 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2017-11-06 21:50 - 2017-11-06 21:50 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
      2017-11-16 22:28 - 2017-11-16 22:28 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
      2017-10-18 13:19 - 2017-10-18 13:19 - 000098688 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2017-01-07 00:13 - 2017-01-07 00:13 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2015-10-30 04:24 - 2015-10-30 04:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
      DNS Servers: 200.30.192.15 - 190.160.0.13
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\StartupFolder: => "fcbd.bat"
      HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
      HKLM\...\StartupApproved\Run: => "iTunesHelper"
      HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
      HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
      HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
      HKLM\...\StartupApproved\Run32: => "boincmgr"
      HKLM\...\StartupApproved\Run32: => "boinctray"
      HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
      HKLM\...\StartupApproved\Run32: => "TAForOE Loader"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\StartupFolder: => "WORLD MU ONLINE.lnk"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "uTorrent"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "OneDrive"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "Steam"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "BlueStacks Agent"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "EADM"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "MK LOL"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "BingSvc"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "Skype"
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{C3085B7E-7581-4AA1-B0F8-91D8E65D3860}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{FC53EBDF-481B-44EF-AB3D-681185DD72E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{BB6A71A0-0B42-49B3-AFCE-FE84C7ABC17F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{21520E95-4753-464F-9BDB-C4426D170701}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [UDP Query User{FCF92287-ECE9-4A04-9223-E2E60FC18BC3}C:\users\win\desktop\juegos\counter-strike 1.6\hl.exe] => (Allow) C:\users\win\desktop\juegos\counter-strike 1.6\hl.exe
      FirewallRules: [TCP Query User{F3BA2079-4023-4861-8760-BC87F2C9EFD4}C:\users\win\desktop\juegos\counter-strike 1.6\hl.exe] => (Allow) C:\users\win\desktop\juegos\counter-strike 1.6\hl.exe
      FirewallRules: [UDP Query User{921CC93B-75E8-4B1D-996F-8C7AF0FFAB6B}C:\users\win\desktop\juegos\counter-strike 1.6\hltv.exe] => (Block) C:\users\win\desktop\juegos\counter-strike 1.6\hltv.exe
      FirewallRules: [TCP Query User{5CB23A5C-D4A3-44E9-94FF-B5B07C07A186}C:\users\win\desktop\juegos\counter-strike 1.6\hltv.exe] => (Block) C:\users\win\desktop\juegos\counter-strike 1.6\hltv.exe
      FirewallRules: [{106AC7BB-4B9C-48CB-99B0-6A542449DDEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{19D61A9C-A2AC-4470-BF66-303C89D4CCC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{6C42B363-64AB-455E-9B8D-FA7A39C4AB1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{BF788E74-59F7-4B0F-9E53-548EFD066631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{1B6FBE7A-8DAC-492E-B141-FEBC0FEE570C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{23C5E3EA-F0F1-4899-BB20-B3F3B06ABEE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{B57C75E9-08C1-4A7E-A53B-783E1625CD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{72A78438-D04D-4A7D-90C7-0FCD086CE9BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{EB3AC647-2790-4435-8AFC-EC6CABB4A823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{9F0B1C40-A33D-4635-B0F2-182343726602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{5642AE16-B961-446E-8D4F-71BE3A99736F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{C3EC5440-A20F-43E1-8B53-1C7AC51B4DB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{AAC3C9E1-3F2B-45CB-AEB8-FA7F7505148E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{C9592341-E60F-4446-8A97-15607F7683D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{E8F95D94-D860-4190-B85B-561899641754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{A635AAFA-61A3-45C7-84A4-A24CC2CC6B09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{91F54C76-279F-42A2-A53C-6362CAF8AAAA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [UDP Query User{C122EE37-4342-416A-AAB6-54A306BBF572}C:\program files (x86)\steam\steamapps\common\freestylefootball\fsefootball.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestylefootball\fsefootball.exe
      FirewallRules: [TCP Query User{1F2A802F-A5C8-4689-B47E-D14B8A8D7A18}C:\program files (x86)\steam\steamapps\common\freestylefootball\fsefootball.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestylefootball\fsefootball.exe
      FirewallRules: [{7C3E83F5-2FB6-4562-8D2D-A1884EBFE1CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyleFootball\Launcher\Launcher.exe
      FirewallRules: [{5FD4D3E4-1412-4C07-839F-BD21AF8F6117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyleFootball\Launcher\Launcher.exe
      FirewallRules: [{71583EF8-BEB3-4ED9-A60A-C568A01CB53E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
      FirewallRules: [{0CB507F7-3DFB-4FB9-8225-77F4B6C8DA3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\8BitB\8BB.exe
      FirewallRules: [{20C7D516-F547-48BC-8B60-3C185F5CBEA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{5933D1B3-430C-4808-A3BC-CC414C26B800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{20E3DFAF-7ECB-4744-9C4F-A04F9BE60856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{5FD9AA63-5028-41EC-8A4D-BBC7CB190E0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{2EB92FEF-1334-41F1-B492-2A3FE3EE0CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{01BA2620-70CB-4406-A2BF-42523E491C26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{66701A9D-3F03-4DAE-A7FB-E54D60C55879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{060AE773-A9B2-4F43-B903-9335CD9C7DDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{C7607195-DA7A-4FB0-BE4C-16D7FE580686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
      FirewallRules: [{58C9C4E4-7188-4B12-A64A-A9F827274D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
      FirewallRules: [UDP Query User{46EECC79-4C44-4334-A494-83985E0E9B73}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
      FirewallRules: [TCP Query User{E04E19BC-2DAF-44B2-A071-FF7DBCB2A9AD}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
      FirewallRules: [UDP Query User{344878A6-C105-4CAA-9630-C1159768DBCF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
      FirewallRules: [TCP Query User{8F1B3EA7-C8EC-4607-A517-B46C614989F8}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
      FirewallRules: [{2C732C06-5C9D-4CD2-8BFB-C2E3919B8539}] => (Allow) C:\Program Files\iTunes\iTunes.exe
      FirewallRules: [{A747C958-7E9D-45B9-BF97-A515062BB801}] => (Block) %ProgramFiles%\Max Payne 3\Max Payne 3\MaxPayne3.exe
      FirewallRules: [UDP Query User{8DAD749F-B401-478B-B422-4CA74D489AFC}C:\program files\max payne 3\max payne 3\maxpayne3.exe] => (Allow) C:\program files\max payne 3\max payne 3\maxpayne3.exe
      FirewallRules: [TCP Query User{D31CD7E1-54AA-4457-9B70-72CCC5A0B37F}C:\program files\max payne 3\max payne 3\maxpayne3.exe] => (Allow) C:\program files\max payne 3\max payne 3\maxpayne3.exe
      FirewallRules: [{6E84691F-F2C8-4162-8483-1DF9A00BC38A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{56C85DC2-C2D0-454E-AE6C-E1CD96C88937}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{1B13EAE4-2642-4EC9-959D-BDE8BD293B07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DISTRAINT\distraint.exe
      FirewallRules: [{75161144-8705-47B7-9580-8126F6183EDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DISTRAINT\distraint.exe
      FirewallRules: [UDP Query User{DDFFB51F-9EFE-47A6-82CA-DC9CF7BBFD2B}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
      FirewallRules: [TCP Query User{46F69B9F-7847-424F-AAB6-AD2D5D159B0D}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
      FirewallRules: [{11DDBFFE-F4B7-444C-9F89-898F9224D086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
      FirewallRules: [{23782EA7-F61E-4893-A9B0-B6272ADE620C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
      FirewallRules: [{454101FA-6FE2-4128-AE64-DAB9E32A9C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
      FirewallRules: [{77E7A81E-43B3-4EE9-93B3-29685AD45DD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
      FirewallRules: [{6B0A46E2-9408-42EF-AE8E-880EC170C9F5}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{A8851BAB-826B-462A-BF90-0C49F75CC960}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{D9B5B93A-B3E4-4280-BEDF-0EF33ED24AE5}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{9BE89595-E257-449C-AE1C-6057AFCFE9E9}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{EBF62012-3412-4A98-9B6D-D3A24DDC0038}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{667C83B3-0739-417E-9EFB-1A6325F50FF4}] => (Allow) C:\Users\win\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{AF9F7FFA-E7CF-4029-996F-F588C2863509}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{833FB8C0-A77C-48F2-B9BB-37C5519BE8EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{3362C089-0CB4-4457-AB19-22C4B99B816E}] => (Allow) %ProgramFiles%\Oracle\VirtualBox\VirtualBox.exe
      FirewallRules: [{20D3DD2F-5B1A-4556-9A29-5B53A2DF3555}] => (Allow) %SystemDrive%\TMMEducation\apps\httpserver\HttpServer.exe
      FirewallRules: [UDP Query User{355809A5-A8B6-4220-B000-F42DECEB789E}C:\users\win\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win\appdata\roaming\spotify\spotify.exe
      FirewallRules: [TCP Query User{DE31E995-CBE1-443E-A33C-4FD6F1D29840}C:\users\win\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win\appdata\roaming\spotify\spotify.exe
      FirewallRules: [{A755D6B3-DC63-45A9-9BBC-411FAEDC669D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{FFCC7A5D-5C5F-4420-BE10-633AEAA1DF9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{69E1C80D-800F-4902-B509-131D9B80E2F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{9A84D804-03AA-4202-AFAB-942FD3CF8C3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{90D12314-B241-4187-BA79-C2320B900FA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
      FirewallRules: [{DF09B7A8-5903-428A-ACAF-1E54CC80DE83}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
      FirewallRules: [{2914DEEF-1402-4990-8270-6F7BC32C8D9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
      FirewallRules: [{444E9B2F-00C4-46BB-88ED-2A2B5DC6FE52}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
      FirewallRules: [UDP Query User{59C168A2-A20A-4717-BFE3-CFEB262474D5}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
      FirewallRules: [TCP Query User{60414F30-3966-4E51-A3C1-B60897B75C6F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
      FirewallRules: [TCP Query User{AAA28084-77D2-4CC6-AEA6-9D75D4D6DAB0}C:\users\win\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{30A515C7-4AF5-45E2-8F7F-A7151DD10BEE}C:\users\win\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win\appdata\roaming\spotify\spotify.exe
      FirewallRules: [{958788EC-7358-4958-8397-CF6B4DCB7CF9}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
      FirewallRules: [{090265F6-A93A-4239-824D-A48740DB83AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
      FirewallRules: [{E2C17922-5A0B-4D48-BD98-7A71C27A3652}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
      FirewallRules: [{F762FC37-56D9-4A5E-93AD-23523B175B9E}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
      FirewallRules: [{5DCB500A-6DC1-415F-BD7D-9DD2D98970E7}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
      FirewallRules: [{B6597F36-40E5-45E9-AB7E-5472DC6BBC8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{CF002297-7A65-4116-94A0-123FEA427B54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
      FirewallRules: [{78422CEF-D1B8-4C96-8A14-F9B468A7864A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
      FirewallRules: [{BC50B445-AA31-439E-867B-EF40E18C68AD}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
      FirewallRules: [{83758E1E-97F9-4569-94E9-F6FB771ED379}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
      FirewallRules: [{B3859689-A0B2-45B4-B395-A5EBB934AD12}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
      FirewallRules: [{02CE47CC-D351-4883-A85A-ECF4779C5179}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
      FirewallRules: [{0891AE24-0D55-4E80-851A-A553B7A79C3B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
      FirewallRules: [TCP Query User{C3D47E40-CAC3-42DA-B4E9-8BD40DBB84BA}C:\users\win\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\win\appdata\roaming\utorrent\updates\3.5.0_44090.exe
      FirewallRules: [UDP Query User{F0585862-DE71-42CA-BDC8-5FBE87E30313}C:\users\win\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\win\appdata\roaming\utorrent\updates\3.5.0_44090.exe
      FirewallRules: [{D39EE3C0-E652-4D78-BC94-A331A8299CEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{6E3473B1-1648-48BF-98F0-481E8ACA7B03}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
      FirewallRules: [UDP Query User{6619EFC2-7B7E-496C-B567-BD5E3A36B4F7}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe

      ==================== Restore Points =========================

      21-11-2017 16:47:49 Windows Update
      21-11-2017 23:34:29 JRT Pre-Junkware Removal
      25-11-2017 15:22:52 Windows Update

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/26/2017 10:53:47 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/25/2017 0523 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: 8935489.exe, versión: 7.8.15063.0, marca de tiempo: 0x00b27afd
      Nombre del módulo con errores: msvcrt.dll, versión: 7.0.15063.0, marca de tiempo: 0xce3b7a18
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00080e2b
      Identificador del proceso con errores: 0x2264
      Hora de inicio de la aplicación con errores: 0x01d36629612c377c
      Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\8935489.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\System32\msvcrt.dll
      Identificador del informe: 1f9c3224-6c50-44ea-8bfb-4b64b6285930
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (11/25/2017 01:40:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8M7M1JK)
      Description: No se pudo activar la aplicación Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App debido al error: -2147024865. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (11/25/2017 01:40:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8M7M1JK)
      Description: No se pudo activar la aplicación Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App debido al error: -2147024865. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (11/25/2017 01:40:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8M7M1JK)
      Description: No se pudo activar la aplicación Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (11/25/2017 01:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: 8935489.exe, versión: 7.8.15063.0, marca de tiempo: 0x00b27afd
      Nombre del módulo con errores: msvcrt.dll, versión: 7.0.15063.0, marca de tiempo: 0xce3b7a18
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x00080e2b
      Identificador del proceso con errores: 0x2264
      Hora de inicio de la aplicación con errores: 0x01d3660b03b3b9c7
      Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\8935489.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\System32\msvcrt.dll
      Identificador del informe: e827a07f-0b28-4ab8-8da8-cb8e46d3fc02
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (11/25/2017 10:51:55 AM) (Source: SideBySide) (EventID: 35) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\Office16\UccApi.DLL" en la línea 1.
      La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
      La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
      La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
      Use sxstrace.exe para obtener un diagnóstico detallado.

      Error: (11/23/2017 11:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: TiWorker.exe, versión: 10.0.15063.0, marca de tiempo: 0x38cb1f7b
      Nombre del módulo con errores: dpx.dll, versión: 5.0.1.1, marca de tiempo: 0x487c45c5
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x000000000004d7b7
      Identificador del proceso con errores: 0x1754
      Hora de inicio de la aplicación con errores: 0x01d364cc21e3a9d3
      Ruta de acceso de la aplicación con errores: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\dpx.dll
      Identificador del informe: 94637b7b-b4de-4b42-8fdb-56524088c4b0
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (11/23/2017 11:22:25 PM) (Source: VSS) (EventID: 8193) (User: )
      Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
      .


      Operación:
      Ejecutando operación asincrónica

      Contexto:
      Estado actual: DoSnapshotSet

      Error: (11/23/2017 11:21:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddWin32ServiceFiles: Unable to back up image of service HiPatchService since QueryServiceConfig API failed

      System Error:
      El sistema no puede encontrar el archivo especificado.
      .


      System errors:
      =============
      Error: (11/25/2017 06:44:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      y APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (11/25/2017 03:30:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
      Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073701: 2017-11 Actualización acumulativa para Windows 10 Version 1703 para sistemas basados en x64 (KB4048954).

      Error: (11/25/2017 02:57:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (11/25/2017 02:57:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\win\AppData\Local\Temp\ehdrv.sys

      Error: (11/25/2017 02:57:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (11/25/2017 02:57:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\win\AppData\Local\Temp\ehdrv.sys

      Error: (11/25/2017 02:57:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (11/25/2017 02:57:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\win\AppData\Local\Temp\ehdrv.sys

      Error: (11/25/2017 02:57:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (11/25/2017 02:57:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: \??\C:\Users\win\AppData\Local\Temp\ehdrv.sys


      CodeIntegrity:
      ===================================
      Date: 2017-11-26 10:56:00.554
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-26 10:56:00.548
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-26 10:55:59.115
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-26 10:55:59.112
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-26 10:51:09.078
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-26 10:51:09.074
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-25 17:58:14.598
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-25 17:58:14.595
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-25 17:08:17.166
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-11-25 17:08:17.162
      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


      ==================== Memory info ===========================

      Processor: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G
      Percentage of memory in use: 19%
      Total physical RAM: 14278.38 MB
      Available physical RAM: 11458.88 MB
      Total Virtual: 16062.38 MB
      Available Virtual: 13168.93 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:488.28 GB) (Free:164.72 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 931.5 GB) (Disk ID: B2DE2572)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    5. #15
      muf
      muf está offline
      Colaborador Avatar de muf
      Registrado
      jun 2011
      Ubicación
      Antofagasta
      Mensajes
      4.448

      Re: Necesito identificar este exe.

      Hola de nuevo CrossZar

      Ya que mencionas el nombre del ejecutable ¿Podrías comprobar si es el mismo ejecutable que se inicia cada vez que se inicia Windows?

      Voy a leer los reportes que nos generó el FRST ara ver qué detectó, por mientras tanto, no hagas nada de modificaciones en el PC hasta que llegue con alguna respuesta

      Saludos
      Última edición por muf fecha: 26/11/17 a las 18:57:44
      muf
      *** Solo sé que nada sé ***

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      muf
      muf está offline
      Colaborador Avatar de muf
      Registrado
      jun 2011
      Ubicación
      Antofagasta
      Mensajes
      4.448

      Re: Necesito identificar este exe.

      Hola de nuevo CrossZar

      Por favor, realiza lo siguiente:

      1. Copia el contenido del siguiente recuadro en el portapapeles (Clic derecho > Copiar)

        Código:
        Start
        CreateRestorePoint:
        CloseProcesses:
        
        GroupPolicy: Restriction <==== ATTENTION
        GroupPolicy\User: Restriction <==== ATTENTION
        SearchScopes: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
        BHO: No Name -> {AE7CD045-E861-484f-8273-0445EE161910} -> No File
        BHO: No Name -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> No File
        BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll => No File
        Toolbar: HKLM - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
        Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll No File
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
        FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
        CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
        CHR HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        2017-11-20 19:21 - 2017-11-26 10:53 - 000003570 _____ C:\WINDOWS\System32\Tasks\cHDAJGJbOYi
        2017-11-20 19:21 - 2017-11-25 23:10 - 000003366 _____ C:\WINDOWS\System32\Tasks\rsOkCewuS
        2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO.bat
        2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO
        2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt.bat
        2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt
        2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq.bat
        2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq
        2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT.bat
        2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT
        2017-11-21 22:50 - 2016-12-31 00:30 - 000000000 ____D C:\Users\win\AppData\Roaming\IObit
        Task: {13811002-26EB-4D03-9503-163C8A741C56} - System32\Tasks\rsOkCewuS => C:\Users\win\AppData\Local\SScHOOGMrT.bat [2017-11-20] () <==== ATTENTION
        Task: {90D3B25E-E2B9-4DCC-8A7B-8FBD89DA18A8} - System32\Tasks\cHDAJGJbOYi => C:\Users\win\AppData\Local\wTFJtbGtq.bat [2017-11-20] () <==== ATTENTION 
        Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
        Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
        C:\Users\win\AppData\Local\SScHOOGMrT.bat 
        C:\Users\win\AppData\Local\wTFJtbGtq.bat
        
        
        HOSTS:
        REMOVEPROXY:
        EMPTYTEMP:
        CMD: netsh winsock reset
        CMD: ipconfig /renew
        CMD: ipconfig /flushdns
        CMD: bitsadmin /reset /allusers
        END
      2. Este paso es muy importante Abre el Bloc de Notas y luego haz clic en Edición > Pegar. Una vez hecho lo anterior, guarda el archivo de texto que se creará en el escritorio con el nombre de: fixlist.txt
      3. Ejecuta FRST.exe (o FRST64.exe) y presiona el botón Fix
      4. Al finalizar la exploración será creado un reporte llamado Fixlog.txt
      5. Pega el contenido de ese log en un nuevo mensaje.


      ¡¡¡¡ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar, por favor, abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo
      Nos comentas cómo te fué y como va el PC después de ejecutar el FRST

      Saludos
      Última edición por muf fecha: 27/11/17 a las 12:53:19
      muf
      *** Solo sé que nada sé ***

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #17
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      Hola!!
      Disculpa la demora, no he tenido tiempo para responder. No han salido de nuevo esos cmd y anda normal.
      Una pregunta que hago con los programas ahora?

    8. #18
      muf
      muf está offline
      Colaborador Avatar de muf
      Registrado
      jun 2011
      Ubicación
      Antofagasta
      Mensajes
      4.448

      Re: Necesito identificar este exe.

      Hola de nuvo CrossZar

      Que bueno que ya hayamos podido solucionar el problema.

      Una duda ¿Ejecutaste el script que coloqué en la respuesta 16? Si es así, por favor, coloca el log que generó el programa para ver si se eliminó correctamente lo que debíamos eliminar

      Saludos
      muf
      *** Solo sé que nada sé ***

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #19
      Usuario Avatar de CrossZar
      Registrado
      nov 2017
      Ubicación
      Chile
      Mensajes
      13

      Re: Necesito identificar este exe.

      Hola !
      Si ejecute el script que me pasaste
      ahi va el log
      Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
      Ran by win (27-11-2017 18:24:23) Run:1
      Running from C:\Users\win\Desktop
      Loaded Profiles: win (Available Profiles: win)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      GroupPolicy: Restriction <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      SearchScopes: HKU\S-1-5-21-1956748682-4056117983-1636861691-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
      BHO: No Name -> {AE7CD045-E861-484f-8273-0445EE161910} -> No File
      BHO: No Name -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> No File
      BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll => No File
      Toolbar: HKLM - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
      Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll No File
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
      CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
      CHR HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      2017-11-20 19:21 - 2017-11-26 10:53 - 000003570 _____ C:\WINDOWS\System32\Tasks\cHDAJGJbOYi
      2017-11-20 19:21 - 2017-11-25 23:10 - 000003366 _____ C:\WINDOWS\System32\Tasks\rsOkCewuS
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001080 _____ C:\Users\win\AppData\Local\pTecJzkATUFO
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000001055 _____ C:\Users\win\AppData\Local\lWAltt
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000069 _____ C:\Users\win\AppData\Local\wTFJtbGtq
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT.bat
      2017-11-20 19:21 - 2017-11-20 19:21 - 000000063 _____ C:\Users\win\AppData\Local\SScHOOGMrT
      2017-11-21 22:50 - 2016-12-31 00:30 - 000000000 ____D C:\Users\win\AppData\Roaming\IObit
      Task: {13811002-26EB-4D03-9503-163C8A741C56} - System32\Tasks\rsOkCewuS => C:\Users\win\AppData\Local\SScHOOGMrT.bat [2017-11-20] () <==== ATTENTION
      Task: {90D3B25E-E2B9-4DCC-8A7B-8FBD89DA18A8} - System32\Tasks\cHDAJGJbOYi => C:\Users\win\AppData\Local\wTFJtbGtq.bat [2017-11-20] () <==== ATTENTION
      Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
      Shortcut: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
      C:\Users\win\AppData\Local\SScHOOGMrT.bat
      C:\Users\win\AppData\Local\wTFJtbGtq.bat


      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
      C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
      C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      C:\WINDOWS\system32\GroupPolicy\User => moved successfully
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} => key removed successfully
      HKLM\Software\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910} => key not found
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key removed successfully
      HKLM\Software\Classes\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
      HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key removed successfully
      HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
      HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
      Chrome StartupUrls => removed successfully
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
      C:\WINDOWS\System32\Tasks\cHDAJGJbOYi => moved successfully
      C:\WINDOWS\System32\Tasks\rsOkCewuS => moved successfully
      C:\Users\win\AppData\Local\pTecJzkATUFO.bat => moved successfully
      C:\Users\win\AppData\Local\pTecJzkATUFO => moved successfully
      C:\Users\win\AppData\Local\lWAltt.bat => moved successfully
      C:\Users\win\AppData\Local\lWAltt => moved successfully
      C:\Users\win\AppData\Local\wTFJtbGtq.bat => moved successfully
      C:\Users\win\AppData\Local\wTFJtbGtq => moved successfully
      C:\Users\win\AppData\Local\SScHOOGMrT.bat => moved successfully
      C:\Users\win\AppData\Local\SScHOOGMrT => moved successfully
      C:\Users\win\AppData\Roaming\IObit => moved successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13811002-26EB-4D03-9503-163C8A741C56} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13811002-26EB-4D03-9503-163C8A741C56} => key removed successfully
      C:\WINDOWS\System32\Tasks\rsOkCewuS => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rsOkCewuS => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90D3B25E-E2B9-4DCC-8A7B-8FBD89DA18A8} => key removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90D3B25E-E2B9-4DCC-8A7B-8FBD89DA18A8} => key removed successfully
      C:\WINDOWS\System32\Tasks\cHDAJGJbOYi => not found.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cHDAJGJbOYi => key removed successfully
      C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk => moved successfully
      C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk => moved successfully
      "C:\Users\win\AppData\Local\SScHOOGMrT.bat" => not found.
      "C:\Users\win\AppData\Local\wTFJtbGtq.bat" => not found.
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1956748682-4056117983-1636861691-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en VPN - VPN Client mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet VPN - VPN Client:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Ethernet:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : ::2cd7:32b9:45a1:bf02
      Direcci¢n IPv6 temporal. . . . . . : ::6119:9866:9825:61a6
      V¡nculo: direcci¢n IPv6 local. . . : fe80::2cd7:32b9:45a1:bf02%11
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.8
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.0.1

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      Direcci¢n IPv6 . . . . . . . . . . : 2001:0:5ef5:79fd:2884:2ae2:3610:aade
      V¡nculo: direcci¢n IPv6 local. . . : fe80::2884:2ae2:3610:aade%14
      Puerta de enlace predeterminada . . . . . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      {86578531-B60C-4E21-B24E-C476C9EDF951} canceled.
      {75FD4255-FCB3-4270-967B-FC6C4EA25B38} canceled.
      {1A77449F-D462-4294-B80E-95E78B1B20E7} canceled.
      3 out of 3 jobs canceled.

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 7364608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38374577 B
      Java, Flash, Steam htmlcache => 176933703 B
      Windows/system/drivers => 9970009 B
      Edge => 2044532 B
      Chrome => 412261184 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 6656 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 0 B
      LocalService => 1680 B
      NetworkService => 14390 B
      win => 257289081 B

      RecycleBin => 0 B
      EmptyTemp: => 862.4 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 18:26:39 ====

    10. #20
      muf
      muf está offline
      Colaborador Avatar de muf
      Registrado
      jun 2011
      Ubicación
      Antofagasta
      Mensajes
      4.448

      Re: Necesito identificar este exe.

      Hola de nuevo CrossZar

      Ahora, nos quedaría eliminar las herramientas utilizadas:



      • Descarga >> DelFix
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca todas las casillas.


      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), revisa que se hayan eliminado las herramientas utilizadas.



      El DelFix no eliminará el Malwarebytes Anti-Malware, pero, te recomendamos dejarlo instalado para que realices análisis de vez en cuando.

      Otra cosa ¿Tienes algún antivirus instalado? El Windows Defender es una protección muy básica y puede que se le escape algunas cosas, así que aquí te cito algunos que puedes instalar:




      Ambos son muy buenos y cualquiera de ellos irá bien, eso sí, solo debes instalar un único antivirus para evitar problemas en el PC.

      Nos comentas como sigue el PC hasta el momento.

      Saludos
      muf
      *** Solo sé que nada sé ***

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.