• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 23

    Virus de la doble tilde

    Originalmente publicado por @JonathanM Hola Ejecuta nuevamente DelFix , nos traes el reporte y nos debes indicar como va todo tras los paso... Saludos No soy adivino amigo mio Saludos...

    1. #11
      Moderador
      Avatar de @JonathanM
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      11.752

      Re: Virus de la doble tilde

      Cita Originalmente publicado por @JonathanM Ver Mensaje
      Hola

      Ejecuta nuevamente DelFix, nos traes el reporte y nos debes indicar como va todo tras los paso...



      Saludos
      No soy adivino amigo mio

      Saludos
      <¡D3vIL!>

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    2. #12
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      perdon! Pues tras pasar el delfix, otra vez me pasa el problema del acento, que era algo que parecia solucionado :( ejemplo: cami´´on :(

    3. #13
      Moderador
      Avatar de @JonathanM
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      11.752

      Re: Virus de la doble tilde

      Hola

      Realiza lo siguiente:


      • Segun tu sistema operativo, descarga en el escritorio Farbar Recovery Scan Tool:
        1. FRST.exe - 32 Bits
        2. FRST64.exe - 64 Bits
      • Doble clic sobre la herramienta (FRST64.exe o FRST.exe) para ejecutarla.
        • Haga clic en Yes/Si para aceptar los términos de uso.
        • Haga clic en Scan y espera paciente a que este termine.

      *NOTA* Los reportes FRST.txt & Addition.txt quedaran guardados en donde la herramienta fue ejecutada, no los elimine.

      Para terminar solamente copie y pegue el contenido del archivo FRST.txt y Addition.txt en su siguiente respuesta.





      Saludos
      <¡D3vIL!>

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #14
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      Tengo que dividir el first en dos partes porque es muy largo:


      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2017
      Ran by USUARIO (administrator) on USUARIO-PC (29-11-2017 18:26:46)
      Running from C:\Users\USUARIO\Desktop
      Loaded Profiles: USUARIO (Available Profiles: USUARIO)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
      () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
      (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Spotify Ltd) C:\Users\USUARIO\AppData\Roaming\Spotify\SpotifyWebHelper.exe
      (SplitmediaLabs) C:\Program Files (x86)\SplitmediaLabs\321.show\321.show.exe
      (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
      (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
      (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
      (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
      () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (SplitmediaLabs Philippines Inc.) C:\Program Files (x86)\SplitmediaLabs\321.show\jre\bin\javaw.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
      (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Innovative Digital Technologies) C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\ace_engine.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Innovative Digital Technologies) C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\ace_engine.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\ace_update.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      "Path" (%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\ProgramData\Oracle\Java\javapath;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile -> %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\ProgramData\Oracle\Java\javapath;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile) <==== Repaired successfully
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
      HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
      HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-29] (Intel Corporation)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
      HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2015-05-27] (CyberLink Corp.)
      HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [461048 2014-03-03] (IVT Corporation)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-20] (SUPERAntiSpyware)
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-11-09] (Nota Inc.)
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Run: [Spotify Web Helper] => C:\Users\USUARIO\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-20] (Spotify Ltd)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\321.show.lnk [2017-10-06]
      ShortcutTarget: 321.show.lnk -> C:\Program Files (x86)\SplitmediaLabs\321.show\321.show.exe (SplitmediaLabs)
      Startup: C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2016-10-14]
      ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy\User: Restriction <==== ATTENTION

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{37C3F190-C9DC-4222-B35C-E7FB4A22EAB0}: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{4D3BDAC6-68E0-4B9C-A86A-E669F5A3A142}: [DhcpNameServer] 193.22.119.22 217.18.237.74
      Tcpip\..\Interfaces\{5133647C-70D2-4002-9919-FF5FC621D173}: [DhcpNameServer] 87.216.1.65 87.216.1.66
      Tcpip\..\Interfaces\{67CCDEF9-BCFE-44CB-8188-A282F7692156}: [DhcpNameServer] 192.168.0.100
      Tcpip\..\Interfaces\{81F76765-E78D-44B5-B5C6-CBDA9A13B1BA}: [DhcpNameServer] 193.22.119.22 217.18.237.74
      Tcpip\..\Interfaces\{BCBF6E1E-0A2E-4BBD-919D-329BE7B2DC00}: [DhcpNameServer] 193.22.119.22 217.18.237.74

      Internet Explorer:
      ==================
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
      BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
      BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
      BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
      Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
      Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

      FireFox:
      ========
      FF DefaultProfile: bs5nwj9m.default
      FF ProfilePath: C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\bs5nwj9m.default [2017-11-29]
      FF Extension: (Tails Download and Verify) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\bs5nwj9m.default\Extensions\[email protected] [2017-01-30] [Lagacy]
      FF Extension: (Video DownloadHelper) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\bs5nwj9m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-19]
      FF Extension: (Adblock Plus) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\bs5nwj9m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
      FF Extension: (Bitdefender QuickScan) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\bs5nwj9m.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-22] [Lagacy]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-05-27] [Lagacy] [not signed]
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected]
      FF Extension: (BlueSoleil Extension) - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\[email protected] [2017-06-13] [Lagacy] [not signed]
      FF HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\USUARIO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
      FF Extension: (__MSG_extName__) - C:\Users\USUARIO\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-11-09]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-2056879219-1812261096-1528344004-1000: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\USUARIO\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-31] (Innovative Digital Technologies)
      FF Plugin HKU\S-1-5-21-2056879219-1812261096-1528344004-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-21] ()

      Chrome:
      =======
      CHR Profile: C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default [2017-11-29]
      CHR Extension: (Presentaciones) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-09]
      CHR Extension: (YouTube) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-09]
      CHR Extension: (Hojas*de*cálculo) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-10]
      CHR Extension: (Ace Script) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-10-09]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-09]
      CHR Extension: (Gmail) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-09]
      CHR Extension: (Chrome Media Router) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]
      CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-03-03]
      CHR HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
      R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
      R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3214216 2014-03-11] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2014-03-03] (IVT Corporation)
      R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2014-03-03] (IVT Corporation)
      S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
      S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-11] (NVIDIA Corporation)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-25] (Electronic Arts)
      S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-25] (Electronic Arts)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-09-01] ()
      R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-07-13] (PostgreSQL Global Development Group) [File not signed]
      S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\RpcAgentSrv.exe [135728 2017-09-11] (SiSoftware) [File not signed]
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2017-08-16] (TeamViewer GmbH)
      R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
      S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
      S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
      R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
      R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
      R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43616 2014-02-19] (IVT Corporation.)
      R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
      R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
      S3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [487704 2014-03-11] (Intel Corporation)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
      R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
      R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25440 2013-11-18] (IVT Corporation.)
      R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
      S3 l6SonicPortVX; C:\Windows\System32\Drivers\l6SonicPortVX.sys [271872 2015-07-24] (Line 6)
      S3 l6SonicPortVX_AvsFilter; C:\Windows\System32\DRIVERS\l6SonicPortVX_AvsFilter.sys [102912 2015-07-24] (Line 6)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-27] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-11-29] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-11-29] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-29] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-11-29] (Malwarebytes)
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
      S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
      R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
      S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-02-02] (Wondershare)
      R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
      R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-05-27] (CyberLink Corp.)
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      S1 MpKsl55c286fe; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F65E686A-FB33-4DA6-BFD5-CE2D0F25AA0B}\MpKsl55c286fe.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    5. #15
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      segunda parte del FRST.txt

      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-29 18:26 - 2017-11-29 18:26 - 000029991 _____ C:\Users\USUARIO\Desktop\FRST.txt
      2017-11-29 18:26 - 2017-11-29 18:26 - 000000000 ____D C:\FRST
      2017-11-29 18:25 - 2017-11-29 18:25 - 002391552 _____ (Farbar) C:\Users\USUARIO\Desktop\FRST64.exe
      2017-11-28 18:27 - 2017-11-28 18:27 - 064762984 _____ C:\Users\USUARIO\Downloads\PT-Install-v4.15.exe
      2017-11-27 19:31 - 2017-11-29 18:24 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2017-11-27 19:31 - 2017-11-29 18:24 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2017-11-27 19:31 - 2017-11-29 18:24 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2017-11-27 19:31 - 2017-11-29 18:24 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-11-27 19:31 - 2017-11-27 19:31 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2017-11-26 18:26 - 2017-11-26 18:37 - 000002001 _____ C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.es.lnk
      2017-11-26 18:26 - 2017-11-26 18:37 - 000001977 _____ C:\Users\USUARIO\Desktop\888poker.es.lnk
      2017-11-26 18:26 - 2017-11-26 18:37 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\InstallShield Installation Information
      2017-11-26 18:26 - 2017-11-26 18:37 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\888poker.es
      2017-11-26 18:26 - 2017-11-26 18:36 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Downloaded Installations
      2017-11-26 18:24 - 2017-11-26 18:26 - 000000000 ____D C:\Users\USUARIO\Documents\PokerInstallerLogs
      2017-11-26 13:05 - 2017-11-26 13:13 - 000000304 _____ C:\Users\USUARIO\Desktop\Icmizer - 1 .appref-ms
      2017-11-26 13:05 - 2017-11-26 13:13 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Valentin Kuzub
      2017-11-26 13:05 - 2017-11-26 13:05 - 000000000 ____D C:\Users\USUARIO\AppData\Local\IsolatedStorage
      2017-11-26 12:53 - 2017-11-26 12:53 - 000002028 _____ C:\Users\Public\Desktop\Poker Copilot.lnk
      2017-11-26 12:53 - 2017-11-26 12:53 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Barbary Software
      2017-11-26 12:53 - 2017-11-26 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker Copilot
      2017-11-26 12:52 - 2017-11-26 12:53 - 000000000 ____D C:\Program Files (x86)\Poker Copilot
      2017-11-26 12:51 - 2017-11-26 12:51 - 064209832 _____ (Barbary Software) C:\Users\USUARIO\Downloads\pokercopilot_windows_6_08_build_4908.exe
      2017-11-25 14:16 - 2017-11-25 14:16 - 000000000 ____D C:\Users\USUARIO\AppData\LocalLow\HB Studios Multimedia Ltd_
      2017-11-24 22:07 - 2017-11-24 22:07 - 000000016 _____ C:\ProgramData\mntemp
      2017-11-23 19:10 - 2017-11-23 19:23 - 000000000 ____D C:\Windows\erdnt
      2017-11-23 19:07 - 2017-11-23 19:07 - 005129760 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-11-22 22:26 - 2017-11-24 22:04 - 000000979 _____ C:\DelFix.txt
      2017-11-22 20:47 - 2017-11-22 20:47 - 000113712 _____ C:\Users\USUARIO\AppData\Local\GDIPFONTCACHEV1.DAT
      2017-11-22 20:40 - 2017-11-22 20:42 - 000009608 _____ C:\DT-kill.txt
      2017-11-22 20:38 - 2017-11-22 20:38 - 000437837 _____ C:\Users\USUARIO\Downloads\DT-kill.exe
      2017-11-22 20:38 - 2017-11-22 20:38 - 000437837 _____ C:\Users\USUARIO\Downloads\DT-kill (2).exe
      2017-11-22 20:38 - 2017-11-22 20:38 - 000437837 _____ C:\Users\USUARIO\Downloads\DT-kill (1).exe
      2017-11-22 20:38 - 2017-11-22 20:38 - 000000000 ____D C:\_DT-Kill
      2017-11-22 20:30 - 2017-11-22 20:30 - 078346672 _____ (Malwarebytes ) C:\Users\USUARIO\Downloads\mb3-setup-35891.35891-3.3.1.2183.exe
      2017-11-22 20:30 - 2017-11-22 20:30 - 000001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-11-22 20:30 - 2017-11-22 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-11-22 20:30 - 2017-11-22 20:30 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-11-22 20:30 - 2017-11-22 20:30 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-11-22 20:30 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-11-21 22:08 - 2017-11-21 22:08 - 000000978 _____ C:\Users\USUARIO\Desktop\casino - Acceso directo.lnk
      2017-11-21 21:27 - 2017-11-21 21:27 - 000000000 ____D C:\Users\USUARIO\.PokerClient
      2017-11-21 20:26 - 2017-11-21 21:27 - 000000000 ____D C:\Users\USUARIO\AppData\Local\PokerClient
      2017-11-21 20:24 - 2017-11-21 20:24 - 000221208 _____ (Playtech) C:\Users\USUARIO\Downloads\SetupPoker.exe
      2017-11-20 13:29 - 2017-11-20 13:29 - 000004936 _____ C:\ProgramData\kmytnfun.aqy
      2017-11-20 13:28 - 2017-11-20 13:28 - 000000587 _____ C:\Users\Public\Desktop\Flopzilla.lnk
      2017-11-20 13:28 - 2017-11-20 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flopzilla
      2017-11-20 13:26 - 2017-11-20 13:26 - 028937216 _____ C:\Users\USUARIO\Downloads\FlopzillaInstall.msi
      2017-11-20 11:41 - 2017-10-18 03:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-20 11:41 - 2017-10-18 03:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-20 11:41 - 2017-10-15 23:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-20 11:41 - 2017-10-04 14:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-20 11:41 - 2017-10-04 14:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-20 11:31 - 2017-10-18 08:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-11-20 11:31 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-11-20 11:31 - 2017-10-18 03:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-20 11:31 - 2017-10-18 03:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-20 11:31 - 2017-10-17 00:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-20 11:31 - 2017-10-16 23:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-11-20 11:31 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2017-11-20 11:31 - 2017-10-14 09:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-11-20 11:31 - 2017-10-14 09:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-11-20 11:31 - 2017-10-14 09:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-11-20 11:31 - 2017-10-14 09:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-11-20 11:31 - 2017-10-14 09:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-11-20 11:31 - 2017-10-14 09:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-11-20 11:31 - 2017-10-14 09:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-11-20 11:31 - 2017-10-14 09:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-11-20 11:31 - 2017-10-14 09:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-11-20 11:31 - 2017-10-14 09:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-11-20 11:31 - 2017-10-14 09:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-11-20 11:31 - 2017-10-14 09:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-11-20 11:31 - 2017-10-14 09:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-11-20 11:31 - 2017-10-14 09:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-11-20 11:31 - 2017-10-14 09:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-11-20 11:31 - 2017-10-14 09:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-11-20 11:31 - 2017-10-14 09:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-11-20 11:31 - 2017-10-14 08:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-11-20 11:31 - 2017-10-14 08:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-11-20 11:31 - 2017-10-14 08:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-11-20 11:31 - 2017-10-14 08:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-11-20 11:31 - 2017-10-14 08:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-11-20 11:31 - 2017-10-14 08:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-11-20 11:31 - 2017-10-14 08:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-11-20 11:31 - 2017-10-14 08:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-11-20 11:31 - 2017-10-14 08:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-11-20 11:31 - 2017-10-14 08:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-11-20 11:31 - 2017-10-14 08:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-11-20 11:31 - 2017-10-14 08:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-11-20 11:31 - 2017-10-14 08:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-11-20 11:31 - 2017-10-14 08:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-11-20 11:31 - 2017-10-14 08:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-11-20 11:31 - 2017-10-14 08:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-11-20 11:31 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-11-20 11:31 - 2017-10-14 08:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-11-20 11:31 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-11-20 11:31 - 2017-10-14 07:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-11-20 11:31 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-11-20 11:31 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-11-20 11:31 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-11-20 11:31 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-11-20 11:31 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-11-20 11:31 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-11-20 11:31 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-11-20 11:31 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-11-20 11:31 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-11-20 11:31 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-11-20 11:31 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-11-20 11:31 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-11-20 11:31 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-11-20 11:31 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-11-20 11:31 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-11-20 11:31 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-11-20 11:31 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-11-20 11:31 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-11-20 11:31 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-11-20 11:31 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-11-20 11:31 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-11-20 11:31 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-11-20 11:31 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-11-20 11:31 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-11-20 11:31 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-11-20 11:31 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-11-20 11:31 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-11-20 11:31 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-11-20 11:31 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-11-20 11:31 - 2017-10-12 01:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-20 11:31 - 2017-10-12 01:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-20 11:31 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-20 11:31 - 2017-10-12 01:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-20 11:31 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2017-11-20 11:31 - 2017-10-12 01:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-20 11:31 - 2017-10-12 01:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-20 11:31 - 2017-10-12 01:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-20 11:31 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
      2017-11-20 11:31 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2017-11-20 11:31 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2017-11-20 11:31 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
      2017-11-20 11:31 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
      2017-11-20 11:31 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
      2017-11-20 11:31 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
      2017-11-20 11:31 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
      2017-11-20 11:31 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
      2017-11-20 11:31 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
      2017-11-20 11:31 - 2017-10-12 01:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-20 11:31 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-20 11:31 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-11-29 18:25 - 2017-06-13 18:22 - 000006508 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
      2017-11-29 18:25 - 2017-06-13 18:22 - 000000102 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
      2017-11-29 18:25 - 2016-08-29 17:18 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
      2017-11-29 18:25 - 2016-05-31 20:04 - 000000000 ____D C:\Program Files (x86)\Steam
      2017-11-29 18:25 - 2016-04-28 20:37 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\.ACEStream
      2017-11-29 18:25 - 2014-03-14 14:12 - 000001496 _____ C:\Windows\SysWOW64\bscs.ini
      2017-11-29 18:24 - 2016-01-22 23:51 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-11-29 18:24 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-28 23:25 - 2017-06-13 18:29 - 000000285 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
      2017-11-28 23:23 - 2016-04-28 20:38 - 000000000 ____D C:\_acestream_cache_
      2017-11-28 23:17 - 2016-01-28 20:18 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Skype
      2017-11-28 22:02 - 2016-01-28 20:00 - 000000000 ____D C:\Users\USUARIO\AppData\Local\PokerStars.ES
      2017-11-28 18:34 - 2009-07-14 05:45 - 000027312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-28 18:34 - 2009-07-14 05:45 - 000027312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-28 18:32 - 2010-11-21 08:09 - 000752410 _____ C:\Windows\system32\perfh00A.dat
      2017-11-28 18:32 - 2010-11-21 08:09 - 000160950 _____ C:\Windows\system32\perfc00A.dat
      2017-11-28 18:32 - 2009-07-14 06:13 - 001690530 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-28 18:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
      2017-11-28 18:28 - 2016-01-28 19:55 - 000000000 ____D C:\Users\USUARIO\AppData\Local\PokerTracker 4
      2017-11-28 18:28 - 2016-01-28 19:54 - 000001086 _____ C:\Users\USUARIO\Desktop\PokerTracker 4.lnk
      2017-11-26 21:50 - 2016-01-28 20:03 - 000000000 ____D C:\Users\USUARIO\Documents\888poker.es
      2017-11-26 18:26 - 2016-01-28 20:03 - 000000000 ____D C:\Program Files (x86)\888poker.es
      2017-11-26 16:53 - 2016-05-31 20:09 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      2017-11-26 16:19 - 2016-08-21 19:54 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Ubisoft Game Launcher
      2017-11-26 14:19 - 2016-08-21 20:02 - 000281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
      2017-11-26 14:19 - 2016-08-21 19:54 - 000281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
      2017-11-26 13:48 - 2016-05-22 19:04 - 000000000 ____D C:\Users\USUARIO\AppData\Local\CrashDumps
      2017-11-26 13:13 - 2017-06-14 21:30 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Deployment
      2017-11-26 10:56 - 2016-06-12 13:27 - 000000000 ____D C:\Users\USUARIO\Documents\My Games
      2017-11-24 17:53 - 2016-11-19 10:32 - 000000000 ____D C:\Users\USUARIO\AppData\LocalLow\Mozilla
      2017-11-23 19:24 - 2017-06-14 21:30 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Apps\2.0
      2017-11-23 19:24 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
      2017-11-23 19:21 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
      2017-11-23 19:20 - 2009-07-14 03:34 - 108527616 _____ C:\Windows\system32\config\software.bak
      2017-11-23 19:20 - 2009-07-14 03:34 - 046137344 _____ C:\Windows\system32\config\components.bak
      2017-11-23 19:20 - 2009-07-14 03:34 - 032505856 _____ C:\Windows\system32\config\system.bak
      2017-11-23 19:20 - 2009-07-14 03:34 - 001572864 _____ C:\Windows\system32\config\default.bak
      2017-11-23 19:20 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\security.bak
      2017-11-23 19:20 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\sam.bak
      2017-11-22 20:45 - 2015-07-06 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
      2017-11-21 21:27 - 2013-04-10 16:15 - 000000000 ____D C:\Users\USUARIO
      2017-11-21 20:35 - 2016-01-28 20:01 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Spotify
      2017-11-21 19:06 - 2016-01-28 20:01 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Spotify
      2017-11-20 21:32 - 2010-11-21 04:27 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2017-11-20 14:05 - 2017-05-04 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
      2017-11-20 14:03 - 2016-01-31 15:07 - 000000000 ____D C:\ProgramData\SplitMediaLabs
      2017-11-20 13:46 - 2017-09-29 22:18 - 000001087 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
      2017-11-20 12:11 - 2015-05-27 11:21 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-20 11:49 - 2013-10-17 16:19 - 001664180 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2017-11-20 11:46 - 2013-10-17 11:52 - 000000000 ____D C:\Windows\system32\MRT
      2017-11-20 11:41 - 2017-10-12 13:25 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-11-20 11:41 - 2013-04-10 13:53 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-11-20 11:34 - 2015-07-06 16:19 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2017-11-20 11:33 - 2009-07-14 03:34 - 000000478 _____ C:\Windows\win.ini
      2017-11-20 11:25 - 2017-04-20 17:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-11-20 11:25 - 2016-01-28 19:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-11-19 22:58 - 2016-01-28 19:41 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Mozilla
      2017-11-17 14:37 - 2017-10-09 17:53 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-11-17 14:37 - 2017-10-09 17:53 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-11-16 19:10 - 2015-05-27 15:17 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-11-16 19:10 - 2015-05-27 15:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-11-16 19:08 - 2017-10-09 17:53 - 000002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 19:08 - 2017-10-09 17:53 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-14 13:40 - 2015-05-27 15:39 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-14 13:40 - 2015-05-27 15:39 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-14 13:40 - 2015-05-27 15:39 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-14 13:40 - 2013-10-17 12:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-11-14 13:40 - 2013-10-17 12:33 - 000000000 ____D C:\Windows\system32\Macromed
      2017-11-13 12:05 - 2017-05-18 22:22 - 000003420 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
      2017-11-13 12:05 - 2017-05-18 22:22 - 000003294 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
      2017-11-13 12:05 - 2017-05-18 22:22 - 000000000 ____D C:\Program Files (x86)\Gyazo

      ==================== Files in the root of some directories =======

      2016-07-15 23:50 - 2016-07-23 23:43 - 000000098 _____ () C:\Users\USUARIO\AppData\Roaming\LauncherSettings_live.cfg
      2017-04-21 19:02 - 2017-04-21 19:02 - 000000132 _____ () C:\Users\USUARIO\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
      2016-12-30 11:17 - 2017-06-28 21:19 - 000000132 _____ () C:\Users\USUARIO\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
      2017-10-01 16:17 - 2017-10-02 22:53 - 016576512 _____ () C:\Users\USUARIO\AppData\Roaming\Sandra.mdb
      2016-07-15 23:36 - 2016-07-15 23:36 - 000000039 _____ () C:\Users\USUARIO\AppData\Roaming\TheHunterSettings_steam_live.cfg
      2017-02-09 21:34 - 2017-06-06 21:12 - 000001456 _____ () C:\Users\USUARIO\AppData\Local\Adobe Guardar para Web 13.0 Prefs

      Some files in TEMP:
      ====================
      2017-11-02 12:07 - 2017-11-02 12:07 - 000656025 _____ (Random-Logic) C:\Users\USUARIO\AppData\Local\Temp\installer.exe
      2017-11-24 08:47 - 2017-11-24 08:47 - 000019008 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libNativeApi_x86.dll
      2017-11-24 08:47 - 2017-11-24 08:47 - 000079872 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libopenh264api_x86.dll
      2017-10-30 14:39 - 2017-10-30 14:39 - 119579224 _____ (888) C:\Users\USUARIO\AppData\Local\Temp\setup.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-19 19:02

      ==================== End of FRST.txt ============================

    6. #16
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      El addition.txt tambien lo tengo que separar en dos partes:

      parte 1:

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
      Ran by USUARIO (29-11-2017 18:27:09)
      Running from C:\Users\USUARIO\Desktop
      Windows 7 Professional Service Pack 1 (X64) (2013-04-10 15:15:00)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-2056879219-1812261096-1528344004-500 - Administrator - Disabled)
      HomeGroupUser$ (S-1-5-21-2056879219-1812261096-1528344004-1002 - Limited - Enabled)
      Invitado (S-1-5-21-2056879219-1812261096-1528344004-501 - Limited - Disabled)
      USUARIO (S-1-5-21-2056879219-1812261096-1528344004-1000 - Administrator - Enabled) => C:\Users\USUARIO

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
      AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      321.show (HKLM-x32\...\{934EBE18-32C3-4A7C-A58D-CE56CC3F0C23}) (Version: 0.105.1707.2101 - SplitmediaLabs) Hidden
      321.show (HKLM-x32\...\321.show 0.105.1707.2101) (Version: 0.105.1707.2101 - SplitmediaLabs)
      3Planesoft Screensaver Manager 1.1 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.1 - 3Planesoft)
      888poker.es (HKLM-x32\...\{B6AA7D3A-8133-4A81-A19D-8AE46D595790}) (Version: 7.4.00018 - 888) Hidden
      888poker.es (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\InstallShield_{B6AA7D3A-8133-4A81-A19D-8AE46D595790}) (Version: 7.4.00018 - 888)
      Ace Stream Media 3.1.2 (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\AceStream) (Version: 3.1.2 - Ace Stream Media) <==== ATTENTION
      Actualización de NVIDIA 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation) Hidden
      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
      Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
      Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
      Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
      Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
      Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
      Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
      AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1886, 14.02.2017 - AIMP DevTeam)
      Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
      bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
      BlueSoleil 10.0.474.2 (HKLM\...\{3CDA8A01-00C4-4C24-920C-6ADFCE832F44}) (Version: 10.0.474.2 - IVT Corporation)
      CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
      Casino Barcelona Poker (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Casino Barcelona Poker) (Version: - )
      CasinoBarcelona.es (HKLM-x32\...\CasinoBarcelona.es ) (Version: - Spanish Poker Network)
      CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
      Contenido adicional Vita 2 (HKLM\...\{2EFDC3A2-913A-423F-874F-07B83E053680}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Coral Clock 3D Screensaver 1.0 (HKLM-x32\...\Coral Clock 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
      Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
      CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.1727.58 - CyberLink Corp.)
      EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
      Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
      Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
      Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version: - Ubisoft)
      Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Flag 3D Screensaver 1.0 (HKLM-x32\...\Flag 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
      Flopzilla (HKLM-x32\...\{6E77C0C0-2681-489D-BB38-0B9C2DD249F4}) (Version: 1.8.4 - Flopzilla)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Gyazo 3.3.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
      Icmizer - 1 (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\bcfaecc00feb2640) (Version: 2.9.7.7 - Valentin Kuzub)
      ICMIZER (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\3bdab96fd86f8c26) (Version: 2.9.6.0 - ICMIZER)
      Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
      Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
      Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
      Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
      Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
      Line 6 Driver2 SonicPortVX v1.76 Uninstaller (HKLM-x32\...\Line 6 Driver2 SonicPortVX Uninstaller) (Version: - Line 6)
      MAGIX Common Components 1 (x64) (HKLM\...\{7A34DAE4-9053-4811-AAD3-BBD4D82C2AFA}) (Version: 1.8.0.0 - MAGIX Software GmbH)
      MAGIX Contenido y Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
      MAGIX Speed burnR (HKLM\...\{C9A5A433-7EE1-4E19-9CC5-42E9A07C7130}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
      MAGIX Speed burnR (HKLM-x32\...\MX.{C9A5A433-7EE1-4E19-9CC5-42E9A07C7130}) (Version: 7.0.1.27 - MAGIX Software GmbH)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.281 - Electronic Arts)
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
      Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
      Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
      Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
      Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
      Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{449EFED6-5F86-4428-8EB2-3DA1F6E67CE4}) (Version: 1.20.146.0 - Microsoft)
      Mixxx 2.0.0 (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
      Mozilla Firefox 57.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 57.0 (x64 es-ES)) (Version: 57.0 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
      MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
      MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
      Nero BurningROM 2015 (HKLM-x32\...\{0F450417-F5B1-4D9C-B93B-4DC81F3EA954}) (Version: 16.0.01600 - Nero AG)
      Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
      NVIDIA Controlador de 3D Vision 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
      NVIDIA Controlador de audio HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
      NVIDIA Controlador de gráficos 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
      NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
      NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
      NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
      OpenAL (HKLM-x32\...\OpenAL) (Version: - )
      Origin (HKLM-x32\...\Origin) (Version: 10.4.12.59996 - Electronic Arts, Inc.)
      Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Panel de control de NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
      ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
      Poker Copilot 6.08 (HKLM-x32\...\4318-8431-7919-3424) (Version: 6.08 - Barbary Software)
      PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
      PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es)
      PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
      Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
      Popcorn Time Offical versión 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION
      PostgreSQL 9.3 (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
      Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden
      Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version: - Ubisoft)
      PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
      PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
      RAMMon V1.0 (HKLM\...\{D0E36B69-687C-43B3-93BA-5E4B6E531023}_is1) (Version: 1.0 - PassMark Software)
      Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
      Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
      SiSoftware Sandra Lite Platinum.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 24.41.2017.9 - SiSoftware)
      Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
      Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
      Snaz versión 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
      Software de cámara Web Logitech (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
      Software para dispositivos de chipset Intel® (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel(R) Corporation) Hidden
      SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - SopCast - Free P2P internet TV | live football, NBA, cricket)
      Spotify (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\Spotify) (Version: 1.0.65.320.gac7a8e02 - Spotify AB)
      StarsHelper (HKLM-x32\...\StarsHelper) (Version: - )
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Steep (HKLM-x32\...\Uplay Install 3279) (Version: - Ubisoft)
      StreamLabels 0.2.6 (only current user) (HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.2.6 - Streamlabs)
      SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
      TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.80697 - TeamViewer)
      The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
      The Lost Watch 3D Screensaver 1.0 (HKLM-x32\...\The Lost Watch 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version: - Microsoft)
      Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
      Vita 2 (HKLM\...\{E5EB37EB-EAD8-4FE1-A97D-FA3EE82B83DC}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Accordion (HKLM\...\{40827AF8-0203-4CE0-AE1B-529234112D12}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Choir (HKLM\...\{31D5B6A7-057F-4413-B108-6C20B73B685F}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Church Organ (HKLM\...\{01D3F0B7-AC58-4C5F-A6D2-FA8D0CAAD362}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Cinematic Soundscapes (HKLM\...\{3A0AFBA2-E1B1-4BFC-AD62-DED5B6DCC85E}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Cinematic Synth (HKLM\...\{D14C5DB3-9386-4053-A3F5-2B87C73D06B0}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Concert Grand (HKLM\...\{12E945F1-FD2E-492D-A71E-B595EBD5F710}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Drum Engine (HKLM\...\{B20B3483-C5AB-4F61-B239-6EEC75ED6931}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Folk (HKLM\...\{E2E7D496-B231-4710-8ABB-47077EF94627}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Jazz Drums (HKLM\...\{28E0B331-CA17-402C-869A-9AF20C799FA4}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Lead Synth (HKLM\...\{F6A21E70-827C-4714-B165-A904247D7C4E}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Pop Drums (HKLM\...\{5BA76428-34F5-40D4-A516-8E1F38FB21A5}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Rock Drums (HKLM\...\{985C1548-CD59-4C15-9CE9-42A4B5DB9208}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vita Soundtrack Percussion (HKLM\...\{1EC99213-78E2-40DE-A723-22C0C64DAEDB}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
      Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
      Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
      Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
      WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
      XSplit Broadcaster (HKLM-x32\...\{5D63976A-2845-40FF-B03D-E15C7FAAE3C6}) (Version: 3.1.1709.1535 - SplitmediaLabs)
      XSplit Broadcaster PTR (HKLM-x32\...\{D1A897AA-112E-4CCE-A978-6A129DB46104}) (Version: 3.0.1705.1801 - SplitmediaLabs)
      XSplit Gamecaster (HKLM-x32\...\{50897F9B-53B3-4E80-998D-C54A2FC43840}) (Version: 3.1.1708.2941 - SplitmediaLabs)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
      ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\aimp\System\aimp_menu64.dll [2017-02-17] (AIMP DevTeam)
      ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
      ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => D:\aimp\System\aimp_menu64.dll [2017-02-17] (AIMP DevTeam)
      ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
      ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0503E53F-EEB1-415F-AA9C-F5E5CB274EFE} - System32\Tasks\CleanUpAppData => C:\Program Files (x86)\SplitmediaLabs\321.show\Installer\CleanUpAppData.exe [2017-07-21] (Microsoft)
      Task: {253D5925-1C51-4C7D-B967-1DACB4F94BD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-09] (Google Inc.)
      Task: {313A0589-0296-42F8-8BAC-3C1312AB0083} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-11] (NVIDIA Corporation)
      Task: {43E83309-F583-40C6-A3EC-98F6E800035C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
      Task: {4C387B2A-87F5-4159-A41B-69E67246EF31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
      Task: {4D86A9E3-22C9-45D9-9261-21FC8B877D5E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
      Task: {573C4414-23B2-4960-93AD-30F3883381BE} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
      Task: {5C644647-1CEF-4FD6-A81E-434D2F2A31D4} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
      Task: {687BCB34-BFC7-43A6-AF60-E3994EA43944} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-09] (Google Inc.)
      Task: {70438941-141A-4376-97AD-CCF6723F905C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
      Task: {7C0FC66E-7CEB-47D1-B344-42A1D763BB82} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {8E03DE03-1A45-4863-9F1A-882A03843211} - \AutoPico Daily Restart -> No File <==== ATTENTION
      Task: {96C2196C-7E62-406A-B680-C330637EFD45} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
      Task: {A498CE0C-D01D-4827-9162-06F148EAF3C2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
      Task: {A9BE32F3-C74D-4BF6-A8E1-C368E347CFCA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-11] (NVIDIA Corporation)
      Task: {AA0F17E4-ADB5-42DE-842B-E1A42F8408C5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
      Task: {AE78E0B8-1B56-4C59-A0EB-5EA80F7E0D94} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
      Task: {C0E61B52-63E0-4535-8AB6-39E71BB971B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
      Task: {C1BA93AF-7275-41C4-9BFC-28858BCF987A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
      Task: {CCFE66B3-CFD4-48D2-A9E1-4CDB2CE32704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
      Task: {DB390039-102C-4EA8-822B-5FF9C2259628} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-08-29] ()
      Task: {F77D5C93-06A6-4F8B-9A9E-A36ED3C7EECC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2016-01-22 23:51 - 2017-09-16 18:34 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000028920 _____ () C:\Windows\System32\BsTrace.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000017144 _____ () C:\Windows\system32\BsHelpCSps.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000074488 _____ () C:\Windows\system32\BlueSoleilCSps.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000019704 _____ () C:\Windows\system32\BsMobileCSps.dll
      2015-02-12 13:58 - 2014-01-28 04:16 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
      2017-04-11 17:42 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
      2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
      2016-08-21 19:54 - 2017-09-01 16:55 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
      2016-01-28 19:57 - 2015-07-13 08:07 - 000179200 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
      2016-01-28 19:58 - 2014-02-05 10:16 - 001336832 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
      2017-11-22 20:30 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-11-22 20:30 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-11-16 19:08 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
      2017-11-16 19:08 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
      2015-11-10 07:54 - 2015-11-10 07:54 - 000027000 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\ace_update.exe
      2015-02-12 13:58 - 2017-11-29 18:24 - 000036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
      2015-02-12 13:58 - 2014-01-28 04:16 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
      2016-05-31 20:04 - 2017-09-09 20:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
      2016-05-31 20:04 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
      2016-05-31 20:04 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
      2016-05-31 20:04 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
      2016-05-31 20:04 - 2017-10-31 04:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
      2016-05-31 20:04 - 2016-01-27 08:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
      2016-05-31 20:04 - 2016-01-27 08:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
      2016-05-31 20:04 - 2016-01-27 08:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
      2016-05-31 20:04 - 2016-01-27 08:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
      2016-05-31 20:04 - 2016-01-27 08:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
      2016-05-31 20:04 - 2017-10-31 04:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
      2016-05-31 20:04 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000358136 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
      2010-05-13 15:30 - 2010-05-13 15:30 - 000028730 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll
      2014-03-03 09:56 - 2014-03-03 09:56 - 000031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll
      2014-03-03 09:56 - 2014-03-03 09:56 - 000797432 _____ () C:\Windows\SysWow64\BlueSoleilCSps.dll
      2014-03-03 09:58 - 2014-03-03 09:58 - 000244472 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
      2014-03-03 09:58 - 2014-03-03 09:58 - 000068344 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\ExtraLib.dll
      2014-03-03 09:58 - 2014-03-03 09:58 - 000048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\cscvt.dll
      2014-03-03 09:56 - 2014-03-03 09:56 - 000016632 _____ () C:\Windows\SysWOW64\BsMobileCSps.dll
      2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
      2012-09-23 19:44 - 2012-09-23 19:44 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
      2016-12-13 18:47 - 2017-08-16 23:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
      2017-06-09 13:11 - 2017-09-07 03:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
      2016-05-31 20:04 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
      2015-09-16 18:12 - 2015-05-27 09:30 - 000867256 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
      2015-09-16 18:12 - 2013-12-10 12:31 - 000074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
      2015-09-16 18:12 - 2013-12-10 12:31 - 000285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
      2015-09-16 18:12 - 2013-12-10 12:31 - 000040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
      2015-09-16 18:12 - 2013-12-10 12:31 - 000721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
      2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
      2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
      2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
      2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
      2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
      2014-03-03 09:57 - 2014-03-03 09:57 - 000162040 _____ () C:\Windows\system32\BsProfilefunc.dll
      2014-03-03 09:58 - 2014-03-03 09:58 - 000129784 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
      2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
      2017-07-21 11:54 - 2017-07-21 11:54 - 006016512 _____ () C:\Program Files (x86)\SplitmediaLabs\321.show\jre\bin\server\jvm.dll
      2017-11-24 08:47 - 2017-11-24 08:47 - 000019008 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libNativeApi_x86.dll
      2017-07-21 11:54 - 2017-07-21 11:54 - 000476672 _____ () C:\Program Files (x86)\SplitmediaLabs\321.show\jre\bin\freetype.dll
      2017-11-24 08:47 - 2017-11-24 08:47 - 000079872 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libopenh264api_x86.dll
      2017-04-11 17:42 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
      2015-12-18 01:27 - 2017-10-04 16:56 - 000340480 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
      2011-06-12 14:09 - 2017-08-30 11:23 - 000046592 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
      2011-06-12 14:09 - 2017-08-30 11:23 - 001410048 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 001016832 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
      2015-04-16 13:27 - 2015-04-16 13:27 - 000018944 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
      2017-02-20 01:32 - 2017-08-30 11:23 - 000136704 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_elementtree.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000136704 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
      2015-11-07 13:14 - 2015-11-07 13:14 - 002977792 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
      2012-02-07 17:37 - 2012-02-07 17:37 - 000167424 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
      2012-02-07 17:35 - 2012-02-07 17:35 - 000110080 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
      2012-02-07 17:36 - 2012-02-07 17:36 - 000035840 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
      2014-01-23 12:37 - 2014-01-23 12:37 - 000036352 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
      2012-02-07 17:37 - 2012-02-07 17:37 - 000098816 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
      2012-02-07 17:38 - 2012-02-07 17:38 - 000358912 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
      2012-02-07 17:36 - 2012-02-07 17:36 - 000111616 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
      2012-02-07 17:36 - 2012-02-07 17:36 - 000024064 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
      2015-04-16 13:27 - 2015-04-16 13:27 - 002386432 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
      2015-12-18 01:24 - 2017-10-04 16:56 - 003189760 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
      2013-12-21 14:20 - 2013-12-21 14:20 - 000053248 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000091648 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
      2013-12-21 14:20 - 2013-12-21 14:20 - 000040448 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000010240 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\select.pyd
      2011-01-18 22:56 - 2011-01-18 22:56 - 000334336 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
      2011-02-13 16:02 - 2011-02-13 16:02 - 000031232 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
      2015-12-18 01:46 - 2017-10-04 16:56 - 005688832 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000050688 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_sqlite3.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000551424 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\sqlite3.dll
      2016-06-05 00:29 - 2016-05-19 00:37 - 000014848 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\netifaces.pyd
      2010-10-10 23:23 - 2010-10-10 23:23 - 000723968 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
      2013-01-29 17:20 - 2013-01-29 17:20 - 000082944 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
      2011-07-15 20:37 - 2011-07-15 20:37 - 000981504 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000746496 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000670720 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000966144 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000674816 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
      2011-06-12 14:06 - 2017-08-30 11:23 - 000687104 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
      2015-12-17 22:19 - 2017-10-04 16:56 - 000273000 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
      2015-04-16 13:29 - 2015-04-16 13:29 - 000112142 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
      2015-04-16 13:29 - 2015-04-16 13:29 - 000061952 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
      2017-02-20 01:32 - 2017-08-30 11:23 - 000027648 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\_multiprocessing.pyd
      2013-01-29 17:20 - 2013-01-29 17:20 - 000066048 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
      2016-12-11 03:15 - 2017-10-04 16:56 - 000318976 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.jsplayer.pyd
      2016-12-11 03:15 - 2016-10-20 11:34 - 000350720 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pyvlc.pyd
      2015-08-06 13:30 - 2017-01-31 12:29 - 000165216 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\player\libtsplayer.dll
      2015-08-06 13:30 - 2017-01-31 12:29 - 001968480 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\player\libtsplayercore.dll
      2011-06-12 14:09 - 2011-06-12 14:09 - 000038400 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
      2011-06-12 14:09 - 2011-06-12 14:09 - 000720896 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
      2011-07-15 20:37 - 2011-07-15 20:37 - 000981504 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000746496 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000670720 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000966144 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
      2011-07-15 20:38 - 2011-07-15 20:38 - 000674816 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
      2011-06-12 14:06 - 2011-06-12 14:06 - 000287232 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
      2011-01-18 22:56 - 2011-01-18 22:56 - 000334336 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
      2011-06-12 14:06 - 2011-06-12 14:06 - 000011776 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\select.pyd
      2011-06-12 14:06 - 2011-06-12 14:06 - 000152576 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
      2012-02-07 17:37 - 2012-02-07 17:37 - 000098816 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
      2012-02-07 17:35 - 2012-02-07 17:35 - 000110080 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
      2012-02-07 17:38 - 2012-02-07 17:38 - 000358912 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
      2012-02-07 17:36 - 2012-02-07 17:36 - 000111616 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
      2012-02-07 17:36 - 2012-02-07 17:36 - 000024064 _____ () C:\Users\USUARIO\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
      2014-04-29 16:23 - 2014-04-29 16:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Users\USUARIO:Heroes & Generals [38]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-14 03:34 - 2017-11-23 19:21 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 localhost

    7. #17
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      parte dos del addition.txt:

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 80.58.61.250 - 80.58.61.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\Services: AdobeARMservice => 2
      MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
      MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
      FirewallRules: [{211F8C9F-1323-407C-B6AB-761D021B3CD3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{62DD6238-F642-47FB-B025-9276EBD050CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{D1E217DC-C009-4E06-AE56-0CC9EE0E168D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{1177D42F-4621-4584-8098-EC84D255FE15}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{14A61855-FE51-40C7-9487-2915E5EF2A34}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
      FirewallRules: [{51B28E2B-C11D-43F4-879F-E5B3CEFD32A9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
      FirewallRules: [{B175D31D-D8A5-47CD-8F71-FACD10F09927}] => (Allow) LPort=7935
      FirewallRules: [{94503AFB-7F71-4AB0-8431-76D92CEDF21D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
      FirewallRules: [{2822F358-D42E-4FC2-91D0-3FA805864574}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
      FirewallRules: [{A12C03F4-52EA-4930-9A85-9581314B0691}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
      FirewallRules: [{641B8D7D-F50F-4666-BA2C-F748D184ACF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
      FirewallRules: [{6DC364F4-F406-49CE-BF73-A63154F9D02C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
      FirewallRules: [{B450B22E-35D7-4027-A0FC-99D6F38EC7AE}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe
      FirewallRules: [{60B9177B-058B-4451-9E2E-DE4C60879F74}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe
      FirewallRules: [{6A2667F7-C92D-4B51-8D32-BC0D08352DAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{A390BC0B-A4C1-4CCA-8F05-8834FE4BD811}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [TCP Query User{9E27CF8B-20CF-4D1C-9D4F-12AAC63862C1}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{12F3572D-FE33-415C-A07D-0152F275FD4C}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe
      FirewallRules: [{6A95914E-4770-4469-8607-A7D471EEAE46}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [TCP Query User{46A34892-BE69-470D-9815-C6CE82FAC50A}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
      FirewallRules: [UDP Query User{A237B05F-2C4F-4BF3-AED4-18F037470C19}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
      FirewallRules: [TCP Query User{65211D92-4C56-4EF5-8BE8-0DD7F0715BD3}C:\users\usuario\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\usuario\appdata\roaming\acestream\engine\ace_engine.exe
      FirewallRules: [UDP Query User{76479E61-CB27-4D3F-B8F1-3B8D44444278}C:\users\usuario\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\usuario\appdata\roaming\acestream\engine\ace_engine.exe
      FirewallRules: [TCP Query User{36DCF24A-E3CD-451A-B7D6-2D6E072E0608}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [UDP Query User{8CBEC24A-525A-4844-A589-84FD07263102}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [{B69612DB-8865-4A92-BBC9-3BFE7A01C917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{1A6F04B9-76C0-4084-AA85-DCD771F3E0CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{EAB9B5BD-1317-4F49-B456-010956790DB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
      FirewallRules: [{73E28AAD-F1F0-4284-92E8-FA3E350349D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
      FirewallRules: [{6831A4CD-227C-40C7-AB3C-0E9E0F45E9B1}] => (Allow) D:\Ciclismo\steamapps\common\Pro Cycling Manager 2014\PCM.exe
      FirewallRules: [{1533D532-6AA2-4BCE-A5FF-9DD8D40502E0}] => (Allow) D:\Ciclismo\steamapps\common\Pro Cycling Manager 2014\PCM.exe
      FirewallRules: [TCP Query User{E03B0E48-9BE2-46E3-BCCA-8B423B72EAF7}C:\users\usuario\appdata\roaming\acestream\player\ace_player.exe] => (Allow) C:\users\usuario\appdata\roaming\acestream\player\ace_player.exe
      FirewallRules: [UDP Query User{127B4FC8-E161-4CB4-9E3A-8A0B4140AF2A}C:\users\usuario\appdata\roaming\acestream\player\ace_player.exe] => (Allow) C:\users\usuario\appdata\roaming\acestream\player\ace_player.exe
      FirewallRules: [{CE5CC851-45A2-4800-9B60-6462C32A493F}] => (Allow) D:\Ciclismo\steamapps\common\Cities_Skylines\Cities.exe
      FirewallRules: [{FDA95800-A3F7-42BD-A9F6-FB04A67D5CEC}] => (Allow) D:\Ciclismo\steamapps\common\Cities_Skylines\Cities.exe
      FirewallRules: [{AAC752D8-162C-4C84-9E47-E39A72344E59}] => (Allow) D:\Ciclismo\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
      FirewallRules: [{913320BA-B9AC-4E2A-9B45-29BAAF0E9EAB}] => (Allow) D:\Ciclismo\steamapps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
      FirewallRules: [{895CF235-947F-4A4F-9D24-F470187C7259}] => (Allow) D:\Ciclismo\steamapps\common\MXGP\MXGP.exe
      FirewallRules: [{82AF4D9F-A840-4F8A-9DCC-B5D7E1DE1C8C}] => (Allow) D:\Ciclismo\steamapps\common\MXGP\MXGP.exe
      FirewallRules: [{CD61D2FD-DD24-4EA8-8DFB-ED018A4E7192}] => (Allow) D:\Ciclismo\steamapps\common\pCars\pCARS64.exe
      FirewallRules: [{29BB26BF-EFC0-4C26-A427-4191227C5C7E}] => (Allow) D:\Ciclismo\steamapps\common\pCars\pCARS64.exe
      FirewallRules: [{8EB9CDD1-1CBD-465A-98F1-81261F03B4CF}] => (Allow) D:\Ciclismo\steamapps\common\Rugby 15\Rugby15.exe
      FirewallRules: [{25D7F70D-34EF-42C9-8B4C-640E208AF81E}] => (Allow) D:\Ciclismo\steamapps\common\Rugby 15\Rugby15.exe
      FirewallRules: [TCP Query User{0588A41B-38FD-44DD-8FEB-154490047389}D:\ciclismo\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\ciclismo\steamapps\common\war thunder\win64\aces.exe
      FirewallRules: [UDP Query User{3112FD8F-05E8-4A3B-B3E6-F893F839C4B6}D:\ciclismo\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\ciclismo\steamapps\common\war thunder\win64\aces.exe
      FirewallRules: [{37A1DA44-09A5-4F79-BD4F-F30C822C0115}] => (Allow) D:\Ciclismo\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
      FirewallRules: [{43398846-E0EC-49CF-8B46-D76642E9D8E7}] => (Allow) D:\Ciclismo\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
      FirewallRules: [{2E7041EB-B8CA-40FE-BB54-A48CB8ABC5FC}] => (Allow) D:\Ciclismo\steamapps\common\Company of Heroes\RelicCOH.exe
      FirewallRules: [{726CC0E4-31A9-4A2B-B460-6F9DD923872B}] => (Allow) D:\Ciclismo\steamapps\common\Company of Heroes\RelicCOH.exe
      FirewallRules: [{1A4A7FF0-B009-4B69-96B5-E5C75C73FFF8}] => (Allow) D:\Ciclismo\steamapps\common\NBA 2K16\NBA2K16.exe
      FirewallRules: [{A9679E35-BDB6-454B-947B-19883385052F}] => (Allow) D:\Ciclismo\steamapps\common\NBA 2K16\NBA2K16.exe
      FirewallRules: [{348924D7-C9A6-49CB-A5DE-E63DD3911E25}] => (Allow) D:\Ciclismo\steamapps\common\Wintergames\applauncher.exe
      FirewallRules: [{3E820785-3B1D-4625-BB52-7C8AA42C078B}] => (Allow) D:\Ciclismo\steamapps\common\Wintergames\applauncher.exe
      FirewallRules: [{F92656BC-D253-45B7-9104-E3C3CFA98DDF}] => (Allow) D:\Ciclismo\steamapps\common\London 2012\london2012.exe
      FirewallRules: [{A1C0FFDF-99EE-4D4C-889F-CECD21CBC8E0}] => (Allow) D:\Ciclismo\steamapps\common\London 2012\london2012.exe
      FirewallRules: [{331CA996-F6A0-4C1C-BAF6-ED43D5861649}] => (Allow) D:\Ciclismo\steamapps\common\M.U.D. TV\MudTV.exe
      FirewallRules: [{F7B225FD-3D64-43AB-9B09-1968C90F74E8}] => (Allow) D:\Ciclismo\steamapps\common\M.U.D. TV\MudTV.exe
      FirewallRules: [{AAEADC77-2822-41B0-93D5-20A6AF2B2A25}] => (Allow) D:\Ciclismo\steamapps\common\Tropico 5\Tropico5Steam.exe
      FirewallRules: [{20FD6963-00CD-475B-A5B0-E4CC72A4F4F2}] => (Allow) D:\Ciclismo\steamapps\common\Tropico 5\Tropico5Steam.exe
      FirewallRules: [{AAC21FD6-CABC-41A0-AD82-FD0DB6D4936C}] => (Allow) D:\Ciclismo\steamapps\common\Premium Pool\PremiumPool.exe
      FirewallRules: [{1020BDAB-29FB-451E-B2F6-45F1F8811E80}] => (Allow) D:\Ciclismo\steamapps\common\Premium Pool\PremiumPool.exe
      FirewallRules: [{EB683B69-3D2F-4F83-AD99-81ABC03AF096}] => (Allow) D:\Ciclismo\steamapps\common\DepthHunter2\dh2.exe
      FirewallRules: [{8B595945-25CE-47D5-B391-4C2098A4A9BE}] => (Allow) D:\Ciclismo\steamapps\common\DepthHunter2\dh2.exe
      FirewallRules: [{0BDC9846-9839-4EAD-B089-19D0E990FABA}] => (Allow) D:\Ciclismo\steamapps\common\Call of Duty Black Ops II\t6sp.exe
      FirewallRules: [{00816236-4DDD-49D2-B901-D8607655220D}] => (Allow) D:\Ciclismo\steamapps\common\Call of Duty Black Ops II\t6sp.exe
      FirewallRules: [{70740804-B509-49B1-975A-CD3BA5351C69}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\farcry3.exe
      FirewallRules: [{8364E917-81D0-4B3F-8210-3E683D702F62}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\farcry3.exe
      FirewallRules: [{7FABA5D9-9C44-4BDE-B6EE-8B096CCF40D4}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
      FirewallRules: [{8BE83E7A-8A29-4D3A-822B-246A1BD8B654}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
      FirewallRules: [{397C555A-4CC3-498C-B69F-E72E1FA79BC5}] => (Allow) D:\Ciclismo\steamapps\common\Firefighters 2014\Firefighters2014-x64.exe
      FirewallRules: [{17918091-1807-4D62-9425-559A4AE8D3D9}] => (Allow) D:\Ciclismo\steamapps\common\Firefighters 2014\Firefighters2014-x64.exe
      FirewallRules: [{ADB899A7-4A12-4EE8-A80D-EF310CB1F908}] => (Allow) D:\Far cry 4\Far Cry 4\bin\FarCry4.exe
      FirewallRules: [{F355B224-BE6D-4335-B8E5-1CCCCBEC5906}] => (Allow) D:\Far cry 4\Far Cry 4\bin\FarCry4.exe
      FirewallRules: [{300AB7A3-CD74-4E98-931C-4BF9ED8BEA29}] => (Allow) D:\Far cry 4\Far Cry 4\bin\IGE_WPF64.exe
      FirewallRules: [{508AC681-7D8E-4D5A-8F15-C93D636E1549}] => (Allow) D:\Far cry 4\Far Cry 4\bin\IGE_WPF64.exe
      FirewallRules: [{A6D13AB4-D0F0-47F4-B5CB-8424EF1C1BF8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
      FirewallRules: [{6C5762DE-E106-422E-B8E8-AC23BA3DB024}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
      FirewallRules: [{B77CDF50-9E61-41BE-B146-E423264B1127}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
      FirewallRules: [{51979B20-BE7B-46AE-AC07-34F59A3918AF}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
      FirewallRules: [{B6193580-E61A-480F-A976-06024802A10F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
      FirewallRules: [{C61E1937-EE51-44A4-A29F-A046839E8DA8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
      FirewallRules: [{9CFEA7CD-167B-4A52-80F5-F220E7AF2506}] => (Allow) D:\Ciclismo\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
      FirewallRules: [{498F082F-2090-40BF-AD59-90E098B42A77}] => (Allow) D:\Ciclismo\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
      FirewallRules: [{3A046C6D-87A0-4332-994E-7AB551B57601}] => (Allow) D:\Ciclismo\steamapps\common\DiRT Showdown\showdown.exe
      FirewallRules: [{CF5DD57A-7E99-4B5D-A63B-ED70C179088C}] => (Allow) D:\Ciclismo\steamapps\common\DiRT Showdown\showdown.exe
      FirewallRules: [{0FE78089-5767-4A09-A377-2F834D160D74}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
      FirewallRules: [{4958AD6A-7561-41BB-9E3A-369A07737E28}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe
      FirewallRules: [{8181BF87-F655-4CA0-B081-49DCE68BF12E}] => (Allow) D:\Ciclismo\steamapps\common\FlatOut2\FlatOut2.exe
      FirewallRules: [{6131348C-B4E8-41D9-9FEF-DDF3DD32E1C4}] => (Allow) D:\Ciclismo\steamapps\common\FlatOut2\FlatOut2.exe
      FirewallRules: [{B343C2C0-714B-45EC-A034-850D0742BBF0}] => (Allow) D:\Ciclismo\steamapps\common\HTR_Plus_High_Tech_Racing\HTR_Plus.exe
      FirewallRules: [{5AF3DC07-C7B5-4CEE-91C5-6C607DA85FC2}] => (Allow) D:\Ciclismo\steamapps\common\HTR_Plus_High_Tech_Racing\HTR_Plus.exe
      FirewallRules: [{7015B0E1-B54C-4E4C-87E1-01BC4E2C98A1}] => (Allow) D:\Ciclismo\steamapps\common\Insane2\i2.exe
      FirewallRules: [{C749E681-077E-4C46-A8C7-ADD8A64C25EF}] => (Allow) D:\Ciclismo\steamapps\common\Insane2\i2.exe
      FirewallRules: [{92D741E8-7E3A-4720-AAD0-E42C9D1A57B9}] => (Allow) D:\Ciclismo\steamapps\common\Monster Truck Destruction\MTD.exe
      FirewallRules: [{7EB861ED-85EB-491E-AC0A-C750DB3244E8}] => (Allow) D:\Ciclismo\steamapps\common\Monster Truck Destruction\MTD.exe
      FirewallRules: [{288F0170-8F2D-4CCE-AA4F-FFD1B2057C6A}] => (Allow) D:\Ciclismo\steamapps\common\RidingClubChampionships\rcc.exe
      FirewallRules: [{6E7A9474-9F35-4D59-A626-8520B949532D}] => (Allow) D:\Ciclismo\steamapps\common\RidingClubChampionships\rcc.exe
      FirewallRules: [{58C73991-85EC-4D3F-9A7D-E479FD8939CA}] => (Allow) D:\Ciclismo\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
      FirewallRules: [{17FC7C76-5B98-4816-B201-E7DECC38C3D8}] => (Allow) D:\Ciclismo\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
      FirewallRules: [TCP Query User{DE8B529A-04A4-4C56-A7BA-2EF94D481AE7}D:\ciclismo\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) D:\ciclismo\steamapps\common\sniper elite 3\bin\sniperelite3.exe
      FirewallRules: [UDP Query User{A6124C9B-A741-429C-8057-EF928C95E30F}D:\ciclismo\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) D:\ciclismo\steamapps\common\sniper elite 3\bin\sniperelite3.exe
      FirewallRules: [{CE1BF08C-1588-44DC-B19D-4CC6DDE7BFDD}] => (Allow) D:\Ciclismo\steamapps\common\WWE2K16\WWE2K16.exe
      FirewallRules: [{17646614-3698-4EC8-A510-064DB5D96F1C}] => (Allow) D:\Ciclismo\steamapps\common\WWE2K16\WWE2K16.exe
      FirewallRules: [{132CB88E-B96F-4810-B341-A33F096AC465}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
      FirewallRules: [{3BF46AD9-B1DA-4D18-BDAA-25F5067F632E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
      FirewallRules: [{1010643E-4472-4CE9-8334-83D9ED0575D9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{0CBA1351-9AA9-4D0E-863F-D47F48528C04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{44931CF4-5368-439C-8C2B-C1CC22D0B36C}] => (Allow) D:\Prince of Persia\Prince of Persia Sands of Time\PrinceOfPersia.EXE
      FirewallRules: [{F133F64A-F57F-4A72-91FB-1C4DABB0D43E}] => (Allow) D:\Prince of Persia\Prince of Persia Sands of Time\PrinceOfPersia.EXE
      FirewallRules: [{4C480C15-F64F-4EE2-92AB-A66ED936FB73}] => (Allow) D:\Prince of Persia\Prince of Persia Sands of Time\POP.EXE
      FirewallRules: [{2246EEF5-3461-49A4-A9C4-A5F4105D97E1}] => (Allow) D:\Prince of Persia\Prince of Persia Sands of Time\POP.EXE
      FirewallRules: [{E85FD7E5-DE94-4B8A-980D-90223249C3EB}] => (Allow) D:\Ciclismo\steamapps\common\MAGIX\Samplitude Music Studio Steam Edition\MusicStudio_x64.exe
      FirewallRules: [{713223A5-E08A-4CC4-ACB6-12DDB231677E}] => (Allow) D:\Ciclismo\steamapps\common\MAGIX\Samplitude Music Studio Steam Edition\MusicStudio_x64.exe
      FirewallRules: [{C7F1FFB8-9C46-47BF-976F-3C50687146DB}] => (Allow) D:\Ciclismo\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
      FirewallRules: [{3991FF08-F310-4961-97A3-6783D3CC8FBB}] => (Allow) D:\Ciclismo\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
      FirewallRules: [{E48B66F6-48E0-4E2E-ABC8-B2F37E76D933}] => (Allow) D:\Far Cry Primal\bin\FCPrimal.exe
      FirewallRules: [{FC0BD23A-DAA9-480F-A9A0-512FAA487F80}] => (Allow) D:\Ciclismo\steamapps\common\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
      FirewallRules: [{CFBD0C11-18CE-4FC9-AF7F-7120A4CBB82E}] => (Allow) D:\Ciclismo\steamapps\common\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
      FirewallRules: [{D7A16F58-5E26-475E-B816-B5E511944720}] => (Allow) D:\Ciclismo\steamapps\common\MX vs ATV Reflex\MXReflex.exe
      FirewallRules: [{37B26EC3-6285-4E6A-BE9F-65A58918CE76}] => (Allow) D:\Ciclismo\steamapps\common\MX vs ATV Reflex\MXReflex.exe
      FirewallRules: [{1F1117A7-9F3F-4CCA-9D3F-81EFE6E2D93B}] => (Allow) D:\Ciclismo\steamapps\common\MX vs ATV Reflex\MXSettings.exe
      FirewallRules: [{20339F7B-A11C-4FA8-A629-33CBE67EF509}] => (Allow) D:\Ciclismo\steamapps\common\MX vs ATV Reflex\MXSettings.exe
      FirewallRules: [{F279A898-4229-4692-90B4-8B9A065909CE}] => (Allow) D:\Ciclismo\steamapps\common\GRID Autosport\GRIDAutosport.exe
      FirewallRules: [{8C565BE4-B5B9-4F3B-912A-CA5A67A7D189}] => (Allow) D:\Ciclismo\steamapps\common\GRID Autosport\GRIDAutosport.exe
      FirewallRules: [TCP Query User{44F42D2F-6713-4B2D-BE69-A44F2A7ECC8A}C:\users\usuario\downloads\anydesk.exe] => (Allow) C:\users\usuario\downloads\anydesk.exe
      FirewallRules: [UDP Query User{3ABDBD08-C84D-41EE-922E-3EC0B71BF999}C:\users\usuario\downloads\anydesk.exe] => (Allow) C:\users\usuario\downloads\anydesk.exe
      FirewallRules: [{A216130C-3D4F-46C4-BCBA-9F28C89360E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{186967E6-CDF1-4103-AD72-DC24F3E63F6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{EB4D6041-722E-4D10-8A95-B8C8D0270C38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{EC20E451-05C1-45AC-B772-5697C799EEB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{A00CAC74-2672-4689-B420-CC5426CC30DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
      FirewallRules: [{116F64D1-08B6-4647-A9C9-A882250E4766}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
      FirewallRules: [{90EACC18-138B-44EF-A301-DECE2B056BE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tony Hawk's Pro Skater HD\Binaries\Win32\THHDGame.exe
      FirewallRules: [{DEBFD1DA-6D3E-42AF-9D26-D9C217349A6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tony Hawk's Pro Skater HD\Binaries\Win32\THHDGame.exe
      FirewallRules: [{F21BCEA3-2D73-431E-B9E8-427DC11C5EF8}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster PTR\XSplit.Core.exe
      FirewallRules: [{73671511-02A9-4A64-9027-82E49415955C}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster PTR\XSplit.cam.exe
      FirewallRules: [{341DC4E1-15B1-4C4E-B08C-FD2C7C23DA3F}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster PTR\XSplit.Core.exe
      FirewallRules: [{D9C405D7-BF56-4711-AF62-ED0F654465B9}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster PTR\XSplit.cam.exe
      FirewallRules: [{ADE11AEB-9529-455D-AFBA-BF60E21CCE42}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{DC8540EA-17B5-4197-830D-E96679D4D47A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
      FirewallRules: [{53FCA6D3-FDF6-4567-9D89-0C83699BAE21}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{820639F0-5C8D-4842-A27F-C1591C38533E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
      FirewallRules: [{E7F41217-3B07-4360-A6FE-15B930D7440D}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      FirewallRules: [{E5D91B85-7102-4803-9414-968E1AA139AE}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      FirewallRules: [{96624786-0C6E-471E-B321-6C264F54A3F6}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      FirewallRules: [{FA5F17AB-6702-41E0-83C5-D9F9383F856D}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      FirewallRules: [{8597EE3E-F29D-4EB7-B8AA-F91F9F3D09FA}] => (Allow) D:\Ciclismo\steamapps\common\Luxor Mahjong\LuxorMahjong.exe
      FirewallRules: [{B3D59DD6-7C5E-4C7F-83F8-18BE5FD8B477}] => (Allow) D:\Ciclismo\steamapps\common\Luxor Mahjong\LuxorMahjong.exe
      FirewallRules: [{08ED2158-ED82-49BD-AEAF-29B067FD305F}] => (Allow) D:\Ciclismo\steamapps\common\Lapland Solitaire\LaplandSolitaire.exe
      FirewallRules: [{12CD2F4F-ACF9-424B-A8D0-6DE35C971C70}] => (Allow) D:\Ciclismo\steamapps\common\Lapland Solitaire\LaplandSolitaire.exe
      FirewallRules: [{7A93B1E7-56A9-4DB5-B58B-217E0AF5EF0E}] => (Allow) D:\Ciclismo\steamapps\common\Discovery! A Seek and Find Adventure\Discovery.exe
      FirewallRules: [{41FEBCAA-ABAF-48E3-B711-0C1A549EEC50}] => (Allow) D:\Ciclismo\steamapps\common\Discovery! A Seek and Find Adventure\Discovery.exe
      FirewallRules: [{578089AD-644D-4D4D-A4D5-D7D383DB1B61}] => (Allow) D:\Ciclismo\steamapps\common\Luxor HD\luxor_hd_x86.exe
      FirewallRules: [{5676A98F-FB62-4B63-8BB6-A12E4A783BAD}] => (Allow) D:\Ciclismo\steamapps\common\Luxor HD\luxor_hd_x86.exe
      FirewallRules: [{0FEBFDC0-7570-44D4-BE84-D4141A1577C5}] => (Allow) D:\Ciclismo\steamapps\common\Gardens Inc. 2 The Road to Fame\GardensInc2.exe
      FirewallRules: [{84D65181-EC58-4556-A262-EDD7EA60812E}] => (Allow) D:\Ciclismo\steamapps\common\Gardens Inc. 2 The Road to Fame\GardensInc2.exe
      FirewallRules: [{6100AD93-63FC-4314-85FC-1A7214ADBEFA}] => (Allow) D:\Ciclismo\steamapps\common\7 Wonders Magical Mystery Tour\7W4.exe
      FirewallRules: [{52594633-EE34-4A2F-8EFE-7ED053F0FAE9}] => (Allow) D:\Ciclismo\steamapps\common\7 Wonders Magical Mystery Tour\7W4.exe
      FirewallRules: [{C5622627-BE47-44E0-9DAC-6E458D4BFB7D}] => (Allow) D:\Ciclismo\steamapps\common\Luxor 2 HD\luxor_2_x86.exe
      FirewallRules: [{BFDF2736-6822-4971-AD61-8A1CF666A3CE}] => (Allow) D:\Ciclismo\steamapps\common\Luxor 2 HD\luxor_2_x86.exe
      FirewallRules: [{B4108316-64CE-4178-945F-6F48A3F42EB9}] => (Allow) D:\Ciclismo\steamapps\common\Luxor Amun Rising HD\luxor_ar_hd_x86.exe
      FirewallRules: [{53EA09EF-0AA0-4614-89C6-DFDDCFFF083D}] => (Allow) D:\Ciclismo\steamapps\common\Luxor Amun Rising HD\luxor_ar_hd_x86.exe
      FirewallRules: [{D69C8735-C130-483C-ADCE-44C45F7A6163}] => (Allow) D:\Ciclismo\steamapps\common\Subnautica\Subnautica.exe
      FirewallRules: [{D7749222-84AA-4D3C-9222-0A6DAF5595B8}] => (Allow) D:\Ciclismo\steamapps\common\Subnautica\Subnautica.exe
      FirewallRules: [{C2FDED77-59C7-4BCB-BE22-B3DCC5F300BC}] => (Allow) D:\Ciclismo\steamapps\common\Fallout 4\Fallout4Launcher.exe
      FirewallRules: [{B1E6F8C7-CF53-4448-9263-4BD57A2EFCD9}] => (Allow) D:\Ciclismo\steamapps\common\Fallout 4\Fallout4Launcher.exe
      FirewallRules: [{2098CD21-8F33-4878-AC3D-227293C18D5E}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
      FirewallRules: [{88EEA742-445A-4CEB-A38F-BFF8044FD834}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe
      FirewallRules: [{27D97DA0-5CB8-4512-8BEE-B56AC7D08163}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
      FirewallRules: [{ABEA8C2F-9040-4EB4-B392-DBAE35E3DE04}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe
      FirewallRules: [{06A056E0-D298-402D-A6DB-260FF2D12394}] => (Allow) D:\Ciclismo\steamapps\common\Just Cause 3\JustCause3.exe
      FirewallRules: [{2FAB3936-235E-4428-8992-6A8661377B19}] => (Allow) D:\Ciclismo\steamapps\common\Just Cause 3\JustCause3.exe
      FirewallRules: [{71BF21EF-630E-4733-88C2-0D50817A64D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{2B0FB7BC-BB4C-4CD9-B528-698B05EBA9DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{EE47B0E3-5E24-4B2E-AC52-56CB85B393F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{F9DB70FC-BB62-4521-BCE8-E1C98E905A02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{54817295-1CCE-4792-AD6E-BC04A6464D3B}] => (Allow) D:\Ciclismo\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
      FirewallRules: [{512B6B32-17DB-4AA5-8DF6-D196B7AF4887}] => (Allow) D:\Ciclismo\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
      FirewallRules: [{90A375E4-BA63-46D3-87AC-BCD8DE00F202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
      FirewallRules: [{86E5FC62-2E1A-460C-8E37-66E82D058CBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
      FirewallRules: [{30BA2616-0EE0-4E63-B80A-0A445FCE647C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
      FirewallRules: [{39FAB228-CFF6-4BE0-BD29-D94EB765E6CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
      FirewallRules: [{511DD927-4A25-47F5-A0F1-A5A6A9B910BB}] => (Allow) D:\Ciclismo\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
      FirewallRules: [{51D29800-6360-4509-B0FE-D26FE579B18D}] => (Allow) D:\Ciclismo\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
      FirewallRules: [{638F0CF3-CA3B-4CAE-BAB4-E51D73F2D9E2}] => (Allow) E:\juegos\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
      FirewallRules: [{3AAB66F0-48A1-4375-B969-E493A39C38CA}] => (Allow) E:\juegos\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
      FirewallRules: [{D226752E-D4A5-4D75-9E45-DE6ADBBFD3B4}] => (Allow) E:\juegos\steamapps\common\Half-Life 2\hl2.exe
      FirewallRules: [{FE65FDDE-3A4C-4964-A62B-B0FAF6A2F135}] => (Allow) E:\juegos\steamapps\common\Half-Life 2\hl2.exe
      FirewallRules: [{41D658B9-7478-4379-B14B-237EFED8BD66}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{263338F8-8997-4C88-BE96-829D05AA8A77}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
      FirewallRules: [{D87AFA3F-AEE7-41FA-A9A8-BE6E779AD4B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{28EBE9A6-5C35-465C-8EEB-995F213E1210}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
      FirewallRules: [{A58F7D72-8937-40AB-92ED-EE723934661A}] => (Allow) E:\juegos\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
      FirewallRules: [{F607B6D9-837C-455B-AB4B-F281BEC16AE8}] => (Allow) E:\juegos\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
      FirewallRules: [{177E98D6-5738-4AFA-BBE5-D8AE51FE084A}] => (Allow) E:\juegos\Steep\steep.exe
      FirewallRules: [{EFC40745-5ACA-46B2-8766-468D80348A90}] => (Allow) E:\juegos\steamapps\common\Material Girl\Game.exe
      FirewallRules: [{999990F2-8D24-46C4-AAD4-541BBF845F07}] => (Allow) E:\juegos\steamapps\common\Material Girl\Game.exe
      FirewallRules: [{7A4DAA56-5849-49A7-A604-84074F1F77A4}] => (Allow) E:\juegos\steamapps\common\PRO EVOLUTION SOCCER 2018\PES2018.exe
      FirewallRules: [{F360D326-3C47-4900-B8B9-074CD2D89DD4}] => (Allow) E:\juegos\steamapps\common\PRO EVOLUTION SOCCER 2018\PES2018.exe
      FirewallRules: [{762994E1-26A8-4552-83FD-C6E9A14EAED4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      FirewallRules: [{499F1E89-06F7-4E65-B49F-FD275B54B4A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      FirewallRules: [{6E8C854A-C85F-414E-A3FA-55C1359537DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [{22CD7A90-6334-4693-BBD1-7ED91F520D6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      FirewallRules: [{9832F90B-F517-4EE5-B53C-E4D7F43E7BB0}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\RpcAgentSrv.exe
      FirewallRules: [{405721A5-6002-42CD-836C-5CC04EC6E585}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\WNt600x64\RpcSandraSrv.exe
      FirewallRules: [{22023D6F-F0FE-4A76-A400-7427D2613BCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{FABCC712-4B47-4AE2-9F4E-835C44DFF84E}] => (Allow) E:\juegos\steamapps\common\Sniper Ghost Warrior 3\win_x64\SGW3.exe
      FirewallRules: [{6CBB855C-281D-4DD9-B9A1-CD30B82AFE5D}] => (Allow) E:\juegos\steamapps\common\Sniper Ghost Warrior 3\win_x64\SGW3.exe
      FirewallRules: [{8ABA33CF-098C-45CD-885F-010E8D828BBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{05D077C0-BF43-42C9-AF86-CC53F2572823}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
      FirewallRules: [{CCCFD9ED-EB50-450B-8B22-85A9FC60BC22}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
      FirewallRules: [{7BBDDC42-DA59-4028-B553-F4071CE41840}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
      FirewallRules: [{C0B638D9-093D-4FE5-808F-6B8697C9FEF2}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
      FirewallRules: [{BC22C9E9-E74B-477F-A68E-9BE307D23D30}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
      FirewallRules: [{9FC87493-0BC8-413B-A75B-263659027A1A}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
      FirewallRules: [{4B4499DB-4A36-4BB0-A9C4-7BF0161F8466}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
      FirewallRules: [{5E94241A-2E1F-40E8-B56B-973B7B810699}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
      FirewallRules: [{575565D7-9E0E-48E1-8E2F-9F647A550E11}] => (Allow) E:\juegos\steamapps\common\Homefront_The_Revolution\Bin64\Homefront2_Release.exe
      FirewallRules: [{F55F9D9C-CDD0-474D-880D-D1679DFCBF63}] => (Allow) E:\juegos\steamapps\common\Homefront_The_Revolution\Bin64\Homefront2_Release.exe
      FirewallRules: [{A97025F2-3315-43C5-907D-A1BF18F370A3}] => (Allow) E:\juegos\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
      FirewallRules: [{0889D8A4-EBD7-43FD-8B38-F421E518E986}] => (Allow) E:\juegos\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
      FirewallRules: [{CD81C618-1430-4B34-9E1F-F50353D38B53}] => (Allow) E:\juegos\steamapps\common\TheGolfClub2\golf.exe
      FirewallRules: [{C0114249-6408-44BD-B020-9CB1F073C784}] => (Allow) E:\juegos\steamapps\common\TheGolfClub2\golf.exe
      FirewallRules: [{BC1168C2-E904-40DB-9CF9-2E2A67BA9BE4}] => (Allow) E:\juegos\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
      FirewallRules: [{41F80DE7-DFA8-42CB-A08F-B19FFC4D1A8B}] => (Allow) E:\juegos\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
      FirewallRules: [{2E79D605-2092-44C0-BB21-FF19325FD3FC}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
      FirewallRules: [{57D77064-3F02-4AE1-AF2F-0E66894C6862}] => (Allow) D:\Ciclismo\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
      FirewallRules: [{C4F363C2-03AD-47B8-9D29-960EE2424B95}] => (Allow) E:\juegos\steamapps\common\WRC 5\WRC5.exe
      FirewallRules: [{8E28FD62-7E87-47C3-8484-2CC4F13448CC}] => (Allow) E:\juegos\steamapps\common\WRC 5\WRC5.exe
      FirewallRules: [TCP Query User{4A4C10D4-5746-401E-B9FC-13B71074C4D9}C:\program files (x86)\poker copilot\pokercopilot.exe] => (Allow) C:\program files (x86)\poker copilot\pokercopilot.exe
      FirewallRules: [UDP Query User{5574B5B7-B598-4C00-BF88-D99FFD1F5F2A}C:\program files (x86)\poker copilot\pokercopilot.exe] => (Allow) C:\program files (x86)\poker copilot\pokercopilot.exe
      FirewallRules: [{D7147BA1-EFCB-4972-9D45-6574C4AB15A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2018\PES2018.exe
      FirewallRules: [{8349F0F4-9C16-48F9-AB53-545995FF2237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PRO EVOLUTION SOCCER 2018\PES2018.exe

      ==================== Restore Points =========================


      ==================== Faulty Device Manager Devices =============

      Name: MpKsl55c286fe
      Description: MpKsl55c286fe
      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
      Manufacturer:
      Service: MpKsl55c286fe
      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
      Devices stay in this state if they have been prepared for removal.
      After you remove the device, this error disappears.Remove the device, and this error should be resolved.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (11/29/2017 06:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/28/2017 06:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/28/2017 08:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/27/2017 07:31:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/26/2017 04:48:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (11/26/2017 01:47:40 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: SniperElite3.exe, versión: 0.0.0.0, marca de tiempo: 0x54865ae3
      Nombre del módulo con errores: Steam2.dll, versión: 2.0.2117.156, marca de tiempo: 0x52fd784f
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x001612f9
      Id. del proceso con errores: 0x908
      Hora de inicio de la aplicación con errores: 0x01d366b18653e27a
      Ruta de acceso de la aplicación con errores: D:\Ciclismo\steamapps\common\Sniper Elite 3\bin\SniperElite3.exe
      Ruta de acceso del módulo con errores: C:\Program Files (x86)\Steam\Steam2.dll
      Id. del informe: fcbae185-d2a7-11e7-b79f-001583e6f738

      Error: (11/26/2017 12:51:02 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: IAStorDataMgrSvc.exe, versión: 13.1.0.1058, marca de tiempo: 0x53642550
      Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.23915, marca de tiempo: 0x59b94abb
      Código de excepción: 0xe0434352
      Desplazamiento de errores: 0x0000c54f
      Id. del proceso con errores: 0x13f4
      Hora de inicio de la aplicación con errores: 0x01d366acd4ac80f8
      Ruta de acceso de la aplicación con errores: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      Ruta de acceso del módulo con errores: C:\Windows\syswow64\KERNELBASE.dll
      Id. del informe: 135384bc-d2a0-11e7-b79f-001583e6f738

      Error: (11/26/2017 12:51:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Aplicación: IAStorDataMgrSvc.exe
      Versión de Framework: v4.0.30319
      Descripción: el proceso terminó debido a una excepción no controlada.
      Información de la excepción: System.FormatException
      en System.Text.StringBuilder.AppendFormatHelper(System.IFormatProvider, System.String, System.ParamsArray)
      en System.String.FormatHelper(System.IFormatProvider, System.String, System.ParamsArray)
      en System.String.Format(System.IFormatProvider, System.String, System.Object[])
      en IAStorDataMgr.EventRelay.formatStrings(System.String, System.Object[])
      en IAStorDataMgr.EventRelay.translateEventType(IAStorUtil.Events.DiskEventArgs, IAStorUtil.LogLevel)
      en IAStorDataMgr.EventRelay.SDM_ComprehensiveHandler(System.Object, IAStorUtil.Events.ComprehensiveEventArgs)
      en IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
      en IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
      en IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
      en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
      en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
      en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
      en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
      en System.Threading.ThreadPoolWorkQueue.Dispatch()
      en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

      Error: (11/26/2017 12:51:02 PM) (Source: IAStorDataMgrSvc) (EventID: 7001) (User: )
      Description: Internal program error: missing resource string DM_1_0_7

      Error: (11/26/2017 12:49:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


      System errors:
      =============
      Error: (11/29/2017 06:24:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
      VBoxNetAdp

      Error: (11/29/2017 06:24:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Origin Web Helper Service no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/29/2017 06:24:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Origin Web Helper Service.

      Error: (11/28/2017 06:32:45 PM) (Source: volsnap) (EventID: 25) (User: )
      Description: Se eliminaron las instantáneas del volumen C: porque el almacenamiento de instantáneas no se completó a tiempo. Considere reducir la carga de E/S en el sistema o elija un volumen de almacenamiento de instantáneas del que no se esté haciendo una instantánea.

      Error: (11/28/2017 06:26:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
      VBoxNetAdp

      Error: (11/28/2017 06:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Origin Web Helper Service no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/28/2017 06:26:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Origin Web Helper Service.

      Error: (11/28/2017 08:12:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:
      VBoxNetAdp

      Error: (11/28/2017 08:12:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Origin Web Helper Service no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (11/28/2017 08:12:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Origin Web Helper Service.


      CodeIntegrity:
      ===================================
      Date: 2017-11-23 19:19:52.345
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

      Date: 2017-11-23 19:19:52.223
      Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
      Percentage of memory in use: 23%
      Total physical RAM: 16294.45 MB
      Available physical RAM: 12457 MB
      Total Virtual: 22388.63 MB
      Available Virtual: 14086.77 MB

      ==================== Drives ================================

      Drive c: (SIS WIN7) (Fixed) (Total:223.47 GB) (Free:15.63 GB) NTFS
      Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:297.65 GB) NTFS
      Drive e: (DATA2) (Fixed) (Total:1863.01 GB) (Free:1585.59 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 22CD995F)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (Size: 931.5 GB) (Disk ID: 73A6BC1F)
      Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 27404E43)
      Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    8. #18
      Moderador
      Avatar de @JonathanM
      Registrado
      may 2006
      Ubicación
      Chile
      Mensajes
      11.752

      Re: Virus de la doble tilde

      Hola


      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.





      • Ve a Inicio > Todos los programas > Accesorios > Bloc de notas.
        • Copia y pega el siguiente código dentro del Bloc de notas: (No copiar la palabra "Código:")
      Código:
      start
      CreateRestorePoint:
      CloseProcesses:
      Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
      Popcorn Time Offical versión 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION
      Files (x86)\Skype\Phone;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile) <==== Repaired successfully
      HKLM-x32\...\Run: [] => [X]
      GroupPolicy\User: Restriction <==== ATTENTION
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      FF DefaultProfile: bs5nwj9m.default
      CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-03-03]
      CHR HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-07-13] (PostgreSQL Global Development Group) [File not signed]
      S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\RpcAgentSrv.exe [135728 2017-09-11] (SiSoftware) [File not signed]
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      S1 MpKsl55c286fe; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F65E686A-FB33-4DA6-BFD5-CE2D0F25AA0B}\MpKsl55c286fe.sys [X]
      2017-11-02 12:07 - 2017-11-02 12:07 - 000656025 _____ (Random-Logic) C:\Users\USUARIO\AppData\Local\Temp\installer.exe
      2017-11-24 08:47 - 2017-11-24 08:47 - 000019008 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libNativeApi_x86.dll
      2017-11-24 08:47 - 2017-11-24 08:47 - 000079872 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libopenh264api_x86.dll
      2017-10-30 14:39 - 2017-10-30 14:39 - 119579224 _____ (888) C:\Users\USUARIO\AppData\Local\Temp\setup.exe
      FirewallRules: [TCP Query User{36DCF24A-E3CD-451A-B7D6-2D6E072E0608}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [UDP Query User{8CBEC24A-525A-4844-A589-84FD07263102}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [{A6D13AB4-D0F0-47F4-B5CB-8424EF1C1BF8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
      FirewallRules: [{6C5762DE-E106-422E-B8E8-AC23BA3DB024}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
      
      
      
      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      • Vas al menú Archivo > Guardar como > Escritorio > Guarda el archivo con el nombre Fixlist.txt
        • Ejecuta nuevamente FRST.exe o FRST64.exe y has clic en Fix
        • Terminando clic en Aceptar, se abrirá el archivo Fixlog.txt con los resultados.

      *NOTAS* Es muy importante que guardes el archivo Fixlist.txt en donde esta FRST. El archivo Fixlog.txt se guardara en donde FRST fue ejecutado.
      Para terminar copia y pega todo el contenido del archivo Fixlog.txt en tu siguiente respuesta.
      <¡D3vIL!>

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #19
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      Fix result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
      Ran by USUARIO (30-11-2017 18:26:23) Run:1
      Running from C:\Users\USUARIO\Desktop
      Loaded Profiles: USUARIO (Available Profiles: USUARIO)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      start
      CreateRestorePoint:
      CloseProcesses:
      Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
      Popcorn Time Offical versi�n 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION
      Files (x86)\Skype\Phone;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile) <==== Repaired successfully
      HKLM-x32\...\Run: [] => [X]
      GroupPolicy\User: Restriction <==== ATTENTION
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      FF DefaultProfile: bs5nwj9m.default
      CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2014-03-03]
      CHR HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-07-13] (PostgreSQL Global Development Group) [File not signed]
      S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite Platinum.SP2\RpcAgentSrv.exe [135728 2017-09-11] (SiSoftware) [File not signed]
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      S1 MpKsl55c286fe; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F65E686A-FB33-4DA6-BFD5-CE2D0F25AA0B}\MpKsl55c286fe.sys [X]
      2017-11-02 12:07 - 2017-11-02 12:07 - 000656025 _____ (Random-Logic) C:\Users\USUARIO\AppData\Local\Temp\installer.exe
      2017-11-24 08:47 - 2017-11-24 08:47 - 000019008 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libNativeApi_x86.dll
      2017-11-24 08:47 - 2017-11-24 08:47 - 000079872 _____ () C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libopenh264api_x86.dll
      2017-10-30 14:39 - 2017-10-30 14:39 - 119579224 _____ (888) C:\Users\USUARIO\AppData\Local\Temp\setup.exe
      FirewallRules: [TCP Query User{36DCF24A-E3CD-451A-B7D6-2D6E072E0608}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [UDP Query User{8CBEC24A-525A-4844-A589-84FD07263102}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
      FirewallRules: [{A6D13AB4-D0F0-47F4-B5CB-8424EF1C1BF8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
      FirewallRules: [{6C5762DE-E106-422E-B8E8-AC23BA3DB024}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe



      HOSTS:
      REMOVEPROXY:
      EMPTYTEMP:
      CMD: netsh winsock reset
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: bitsadmin /reset /allusers
      END
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION => Error: No automatic fix found for this entry.
      Popcorn Time Offical versi�n 0.8.0.4 (HKLM-x32\...\{8F38178C-CFE2-476C-9DC8-F4203C2395FF}_is1) (Version: 0.8.0.4 - Popcorn Time Offical) <==== ATTENTION => Error: No automatic fix found for this entry.
      Files (x86)\Skype\Phone;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile) <==== Repaired successfully => Error: No automatic fix found for this entry.
      HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
      C:\Windows\system32\GroupPolicy\User => moved successfully
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
      FF DefaultProfile: bs5nwj9m.default => Error: No automatic fix found for this entry.
      HKLM\SOFTWARE\Google\Chrome\Extensions\cocpghbdppojfnfpjhmlcfkljjjfpika => key removed successfully
      C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx => moved successfully
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key removed successfully
      HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
      HKLM\System\CurrentControlSet\Services\postgresql-x64-9.3 => key removed successfully
      postgresql-x64-9.3 => service removed successfully
      HKLM\System\CurrentControlSet\Services\SandraAgentSrv => key removed successfully
      SandraAgentSrv => service removed successfully
      HKLM\System\CurrentControlSet\Services\SwitchBoard => key removed successfully
      SwitchBoard => service removed successfully
      HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
      catchme => service removed successfully
      HKLM\System\CurrentControlSet\Services\MpKsl55c286fe => key removed successfully
      MpKsl55c286fe => service removed successfully
      C:\Users\USUARIO\AppData\Local\Temp\installer.exe => moved successfully
      C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libNativeApi_x86.dll => moved successfully
      C:\Users\USUARIO\AppData\Local\Temp\jscrcap_libopenh264api_x86.dll => moved successfully
      C:\Users\USUARIO\AppData\Local\Temp\setup.exe => moved successfully
      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{36DCF24A-E3CD-451A-B7D6-2D6E072E0608}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe => value removed successfully
      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8CBEC24A-525A-4844-A589-84FD07263102}C:\users\usuario\appdata\local\popcorn time offical\node-webkit\popcorn time.exe => value removed successfully
      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6D13AB4-D0F0-47F4-B5CB-8424EF1C1BF8} => value removed successfully
      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C5762DE-E106-422E-B8E8-AC23BA3DB024} => value removed successfully
      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      ========= RemoveProxy: =========

      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-2056879219-1812261096-1528344004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========


      ========= netsh winsock reset =========


      El cat*logo Winsock se restableci¢ correctamente.
      Debe reiniciar el equipo para completar el restablecimiento.


      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local 7 mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Conexi¢n de *rea local 7:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de Ethernet Conexi¢n de *rea local 5:

      Sufijo DNS espec¡fico para la conexi¢n. . : Home
      V¡nculo: direcci¢n IPv6 local. . . : fe80::98b:26c:b145:f94d%19
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de t£nel isatap.{4140595A-23E7-4CEA-94F8-8C22D21BE507}:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de t£nel isatap.Home:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . : Home

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0 [ 7.5.7601 ]
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      0 out of 0 jobs canceled.

      ========= End of CMD: =========


      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21583052 B
      Java, Flash, Steam htmlcache => 667336398 B
      Windows/system/drivers => 367788 B
      Edge => 0 B
      Chrome => 385006734 B
      Firefox => 58640572 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 66356 B
      systemprofile32 => 66088 B
      LocalService => 0 B
      NetworkService => 338892084 B
      USUARIO => 49494742 B

      RecycleBin => 121219196 B
      EmptyTemp: => 1.5 GB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 18:26:36 ====

    10. #20
      Usuario Avatar de vanway
      Registrado
      dic 2005
      Ubicación
      España
      Mensajes
      48

      Re: Virus de la doble tilde

      Comentar que despues de hacer esto me ha pasado una cosa que para mi es bastante grave:

      - Soy jugador de poker, y utilizo un programa con base de datos que me permite analizar diferentes estadisticas a tiempo real de los jugadores mientras juego. Despues de hacer esto ultimo, el programa (llamado Pokertracker 4) no me conecta con la base de datos y me da el siguiente error:



      La verdad es que esto para mi es un problema bastante gordo, a ver si me podeis ayudar.

      Gracias.

      PD: Lo del acento contin´´ua sin arreglarse.