• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Problema con HackTool32:Win32/KMS

    Hola Foro, estuve limpiando mi notebook con varios de los programas que ya me han pasado aquí en otras oportunidades. Esta vez el Windows Defender me detecta este problema: HackTool32:Win32/KMS, donde los elementos afectados son: ...

    1. #1
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Problema con HackTool32:Win32/KMS

      Hola Foro, estuve limpiando mi notebook con varios de los programas que ya me han pasado aquí en otras oportunidades. Esta vez el Windows Defender me detecta este problema: HackTool32:Win32/KMS, donde los elementos afectados son: C:\ProgramFiles\KMSpico\scripts\Unistall_Service.cmd. El WD me indica que pruebe limpiar esto sin conexión, lo hago, pero al reiniciar vuelve el mismo error.
      Espero puedan ayudarme a resolver el problema. Muchas gracias

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.351

      Re: Problema con HackTool32:Win32/KMS

      Hola Mariana_Margari

      KMSpico es un activador de Windows u Office ilegal, por lo tanto te lo van a detectar los antivirus, si lo has instalado tu, puedes ponerlo para que lo excluya de los análisis.

      Nos comentas.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Estimada Daniela, muchas gracias. Esta computadora la estuvo utilizando una persona para nada confiable y por eso estoy limpiando todo. Instaló en su momento un paquete office 2016 que ya desinstalé, pero creo que queda eso pendiente. Hay alguna forma de excluir esto de forma definitiva?
      Saludos!

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.351

      Re: Problema con HackTool32:Win32/KMS

      Hola Mariana

      Si ya desinstalaste el office pirata no lo vamos a excluir, vamos a eliminar todo lo que haya de tu equipo para que quede limpio, pero ya que estamos, vamos a revisar también si tiene alguna infección

      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C1].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      5) Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Pega los reportes.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Estimada Daniela, aquí pego los reportes:

      Malwarebytes’ Anti-Malware
      ---------------------------


      -Detalles del registro-
      Fecha del análisis: 6/12/17
      Hora del análisis: 13:08
      Archivo de registro: b625fa66-da9f-11e7-8823-0025b3662036.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.262
      Versión del paquete de actualización: 1.0.3424
      Licencia: Gratis

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x86
      Sistema de archivos: NTFS
      Usuario: Mariana-PC\Mariana

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 288718
      Amenazas detectadas: 0
      (No hay elementos maliciosos detectados)
      Amenazas en cuarentena: 0
      (No hay elementos maliciosos detectados)
      Tiempo transcurrido: 13 min, 38 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 0
      (No hay elementos maliciosos detectados)

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)


      Junkware Removal Tool
      ----------------------

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 10 Pro x86
      Ran by Mariana (Administrator) on 07/12/2017 at 19:13:03,66
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 0




      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 07/12/2017 at 19:16:36,13
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


      AdwCleaner | InfoSpyware
      -------------------------


      # AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 07 22:26:51 2017
      # Updated on 2017/29/11 by Malwarebytes
      # Database: 12-06-2017.1
      # Running on Windows 10 Pro (X86)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************



      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

    6. #6
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2017
      Ran by Mariana (administrator) on MARIANA-PC (07-12-2017 19:54:39)
      Running from C:\Users\Mariana\Desktop
      Loaded Profiles: Mariana (Available Profiles: Mariana & DefaultAppPool)
      Platform: Microsoft Windows 10 Pro Version 1703 15063.726 (X86) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Edge)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44016 2017-11-19] (Glarysoft Ltd)
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\Policies\Explorer: [NoSaveSettings] 0
      BootExecute: autocheck autochk *

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{e7c02fd6-2b11-4ae5-b30c-6633608a5e13}: [DhcpNameServer] 192.168.1.1 192.168.1.1

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-1418506859-552196481-275473616-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1418506859-552196481-275473616-1000 -> {57DD7001-9429-4674-87CB-23825EAD89DE} URL = hxxps://www.google.com/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1418506859-552196481-275473616-1000 -> {621950BB-8C1B-4802-BD45-A1935CD8E079} URL = hxxps://www.google.com/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-1418506859-552196481-275473616-1000 -> {7AB08AD7-B4A0-45FD-9FFA-84216472571D} URL = hxxps://www.google.com/search?q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-04] (Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-04] (Oracle Corporation)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

      FireFox:
      ========
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-04] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-04] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

      Chrome:
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> hxxp://www.google.com/
      CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mysearchresults.com/?c=3507&t=07"
      CHR Profile: C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default [2017-12-07]
      CHR Extension: (Presentaciones) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Flash Video Downloader) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-11-09]
      CHR Extension: (Documentos) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
      CHR Extension: (YouTube) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-24]
      CHR Extension: (Búsqueda de Google) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-11]
      CHR Extension: (Hojas*de*cálculo) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-24]
      CHR Extension: (AdBlock) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-06]
      CHR Extension: (Grammarly for Chrome) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-02]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-11]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
      CHR Extension: (Gmail) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
      CHR Extension: (Chrome Media Router) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-07]
      CHR HKU\S-1-5-21-1418506859-552196481-275473616-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
      R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [36648 2016-09-19] (Windows (R) Win 7 DDK provider)
      S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-25] (Macrovision Europe Ltd.) [File not signed]
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-19] (Microsoft Corporation)
      S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [279256 2017-12-06] (Microsoft Corporation) <==== ATTENTION
      R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [86544 2017-12-06] (Microsoft Corporation) <==== ATTENTION

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2017-03-18] (Broadcom Corporation)
      S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-05-11] (Glarysoft Ltd)
      R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2017-12-06] (Malwarebytes)
      R1 MpKsl25bf57d3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7227D5D7-29C1-4093-AAA1-450EFE0AED68}\MpKsl25bf57d3.sys [49504 2017-12-06] (Microsoft Corporation)
      R1 MpKsle8beb556; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9796055C-2ECC-4446-BE02-0F5B7A754355}\MpKsle8beb556.sys [49504 2017-12-06] (Microsoft Corporation)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 STHDA; C:\WINDOWS\System32\DRIVERS\stwrt.sys [408576 2009-07-13] (IDT, Inc.) [File not signed]
      S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38904 2017-12-06] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [238160 2017-12-06] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [93776 2017-12-06] (Microsoft Corporation)
      S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
      R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2017-03-18] (Marvell)
      U3 idsvc; no ImagePath

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-07 19:54 - 2017-12-07 19:55 - 000013765 _____ C:\Users\Mariana\Desktop\FRST.txt
      2017-12-07 19:54 - 2017-12-07 19:54 - 000000000 ____D C:\Users\Mariana\Desktop\FRST-OlderVersion
      2017-12-07 19:49 - 2017-12-07 19:49 - 000013696 _____ C:\Users\Mariana\Desktop\cc_20171207_194923.reg
      2017-12-07 19:47 - 2017-12-07 19:47 - 000001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-12-07 19:39 - 2017-12-07 19:39 - 010427120 _____ (Piriform Ltd) C:\Users\Mariana\Downloads\ccsetup536.exe
      2017-12-07 19:19 - 2017-12-07 19:26 - 000000000 ____D C:\AdwCleaner
      2017-12-07 19:19 - 2017-12-07 19:19 - 008261584 _____ (Malwarebytes) C:\Users\Mariana\Downloads\AdwCleaner.exe
      2017-12-07 19:16 - 2017-12-07 19:16 - 000000548 _____ C:\Users\Mariana\Desktop\JRT.txt
      2017-12-07 19:11 - 2017-12-07 19:12 - 001790024 _____ (Malwarebytes) C:\Users\Mariana\Downloads\JRT.exe
      2017-12-07 19:11 - 2017-12-07 19:11 - 000001565 _____ C:\Users\Mariana\Desktop\mbam.txt
      2017-12-06 22:20 - 2017-12-06 23:48 - 735551488 ____R C:\Users\Mariana\Downloads\Una.Serie.de.Eventos.Desarfotunados.Dvdrip.Audio.Latino.avi
      2017-12-06 21:45 - 2017-12-06 22:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
      2017-12-06 13:06 - 2017-12-06 13:55 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
      2017-12-06 13:05 - 2017-12-06 13:05 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-12-06 13:05 - 2017-12-06 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-12-06 13:05 - 2017-12-06 13:05 - 000000000 ____D C:\Program Files\Malwarebytes
      2017-12-06 13:05 - 2017-11-29 09:11 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
      2017-12-06 13:03 - 2017-12-06 13:04 - 083316440 _____ (Malwarebytes ) C:\Users\Mariana\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe
      2017-12-03 12:14 - 2017-12-03 12:14 - 000090110 ____T C:\WINDOWS\mnd3DEC.diagerr.mdmp
      2017-12-03 12:04 - 2017-12-03 12:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
      2017-12-03 12:03 - 2017-12-03 12:03 - 000030299 _____ C:\ProgramData\agent.uninstall.1512313380.bdinstall.bin
      2017-12-03 11:37 - 2017-12-03 11:37 - 000000000 ____D C:\ProgramData\Bitdefender
      2017-12-03 11:26 - 2017-12-03 11:26 - 000000000 ____D C:\Users\Mariana\AppData\Roaming\QuickScan
      2017-12-03 11:12 - 2017-12-03 11:12 - 000047860 _____ C:\ProgramData\agent.1512310320.bdinstall.bin
      2017-12-03 11:12 - 2017-12-03 11:12 - 000000000 ____D C:\ProgramData\Bitdefender Agent
      2017-12-03 11:10 - 2017-12-03 11:11 - 009932672 _____ C:\Users\Mariana\Downloads\bitdefender_online.exe
      2017-12-03 10:23 - 2017-12-03 10:23 - 000092266 ____T C:\WINDOWS\mndAF81.diagerr.mdmp
      2017-12-03 09:02 - 2017-12-03 09:11 - 000037004 _____ C:\Users\Mariana\Downloads\Addition.txt
      2017-12-03 09:00 - 2017-12-07 19:54 - 000000000 ____D C:\FRST
      2017-12-03 09:00 - 2017-12-03 09:11 - 000040287 _____ C:\Users\Mariana\Downloads\FRST.txt
      2017-12-03 08:59 - 2017-12-07 19:54 - 001751040 _____ (Farbar) C:\Users\Mariana\Desktop\FRST.exe
      2017-12-03 08:43 - 2017-12-03 08:43 - 000000000 ____D C:\Program Files\CCleaner
      2017-12-03 07:42 - 2017-12-03 07:43 - 000163431 _____ C:\Users\Mariana\Downloads\IniRem (1).zip
      2017-12-02 17:05 - 2017-12-02 17:06 - 006974584 _____ (ESET spol. s r.o.) C:\Users\Mariana\Downloads\ESETOnlineScanner_ESL.exe
      2017-12-02 16:06 - 2017-12-02 16:07 - 078346672 _____ (Malwarebytes ) C:\Users\Mariana\Downloads\mb3-setup-35891.35891-3.3.1.2183.exe
      2017-12-02 15:18 - 2017-12-02 15:18 - 000000000 ____D C:\Users\Mariana\AppData\Local\CrashRpt
      2017-12-02 14:12 - 2017-12-02 14:12 - 000002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-02 14:12 - 2017-12-02 14:12 - 000002276 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-30 12:43 - 2015-01-02 12:35 - 733626368 _____ C:\Users\Mariana\Desktop\El viaje de Chihiro.avi
      2017-11-28 11:31 - 2017-11-28 11:31 - 001587787 _____ C:\Users\Mariana\Downloads\Cv Elias Mansilla Cdad. Autónoma de Buenos Aires ver.4 copy.pdf
      2017-11-25 17:33 - 2017-12-03 13:02 - 000817221 _____ C:\Users\Mariana\Desktop\ETICA-AMATORIA-DEL-DESEO-LIBERTARIO-Y-LAS-AFECTACIONES-LIBRES-Y-ALEGRES-Ludditas-Sexxxuales.pdf
      2017-11-25 17:31 - 2017-11-25 17:32 - 000858870 _____ C:\Users\Mariana\Downloads\ETICA-AMATORIA-DEL-DESEO-LIBERTARIO-Y-LAS-AFECTACIONES-LIBRES-Y-ALEGRES-Ludditas-Sexxxuales.pdf
      2017-11-24 17:02 - 2017-11-25 16:52 - 000000000 ____D C:\Users\Mariana\AppData\Roaming\TeamViewer
      2017-11-24 17:01 - 2017-11-25 16:52 - 000000000 ____D C:\Program Files\TeamViewer
      2017-11-17 14:19 - 2017-11-17 15:35 - 1587609600 _____ C:\Users\Mariana\Downloads\ubuntu-16.04.3-desktop-amd64.iso
      2017-11-17 14:17 - 2017-11-17 15:34 - 1501102080 _____ C:\Users\Mariana\Downloads\ubuntu-17.10-desktop-amd64.iso
      2017-11-17 14:08 - 2017-11-17 14:08 - 000093580 _____ C:\Users\Mariana\Downloads\6768-19113-1-PB (1).pdf
      2017-11-17 01:52 - 2017-11-17 01:56 - 001689007 _____ C:\Users\Mariana\Downloads\5818-15341-1-PB.pdf
      2017-11-16 23:05 - 2017-11-16 23:41 - 687334109 _____ C:\Users\Mariana\Downloads\2017-20171117T015126Z-006.zip
      2017-11-16 23:01 - 2017-11-17 00:12 - 2059514710 _____ C:\Users\Mariana\Downloads\2017-20171117T015126Z-001.zip
      2017-11-16 22:57 - 2017-11-16 22:57 - 000093580 _____ C:\Users\Mariana\Downloads\6768-19113-1-PB.pdf
      2017-11-16 22:31 - 2017-11-16 22:31 - 000697615 _____ C:\Users\Mariana\Downloads\OK dubet-por-que-preferimos-la-desigualdad.pdf
      2017-11-16 22:29 - 2017-11-16 22:29 - 000697615 _____ C:\Users\Mariana\Desktop\dubet-por-que-preferimos-la-desigualdad.pdf
      2017-11-15 23:05 - 2017-11-02 01:46 - 000075672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
      2017-11-15 23:05 - 2017-11-02 01:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2017-11-15 23:05 - 2017-11-02 01:28 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
      2017-11-15 23:05 - 2017-11-02 01:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
      2017-11-15 23:05 - 2017-11-02 01:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
      2017-11-15 23:05 - 2017-11-02 01:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
      2017-11-15 23:05 - 2017-11-02 01:24 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
      2017-11-15 23:05 - 2017-11-02 01:21 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
      2017-11-15 23:05 - 2017-10-15 12:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2017-11-15 23:04 - 2017-11-02 02:04 - 001240728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
      2017-11-15 23:04 - 2017-11-02 01:45 - 000023840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      2017-11-15 23:04 - 2017-11-02 01:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2017-11-15 23:04 - 2017-11-02 01:27 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
      2017-11-15 23:04 - 2017-11-02 01:27 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
      2017-11-15 23:04 - 2017-11-02 01:27 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
      2017-11-15 23:04 - 2017-11-02 01:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
      2017-11-15 23:04 - 2017-11-02 01:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
      2017-11-15 23:04 - 2017-11-02 01:27 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
      2017-11-15 23:04 - 2017-11-02 01:26 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
      2017-11-15 23:04 - 2017-11-02 01:25 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
      2017-11-15 23:04 - 2017-11-02 01:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2017-11-15 23:04 - 2017-11-02 01:24 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
      2017-11-15 23:04 - 2017-11-02 01:23 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2017-11-15 23:04 - 2017-11-02 01:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
      2017-11-15 23:04 - 2017-11-02 01:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
      2017-11-15 23:04 - 2017-11-02 01:22 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
      2017-11-15 23:04 - 2017-11-02 01:21 - 002125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2017-11-15 23:04 - 2017-11-02 01:21 - 001832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2017-11-15 23:04 - 2017-11-02 01:21 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2017-11-15 23:04 - 2017-11-02 01:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
      2017-11-15 23:04 - 2017-11-02 01:21 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
      2017-11-15 23:04 - 2017-11-02 01:20 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
      2017-11-15 23:04 - 2017-10-15 11:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
      2017-11-15 23:04 - 2017-10-15 11:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
      2017-11-15 23:03 - 2017-11-02 01:50 - 005863320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2017-11-15 23:03 - 2017-11-02 01:45 - 000597912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2017-11-15 23:03 - 2017-11-02 01:45 - 000480152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
      2017-11-15 23:03 - 2017-11-02 01:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
      2017-11-15 23:03 - 2017-11-02 01:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2017-11-15 23:03 - 2017-11-02 01:30 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
      2017-11-15 23:03 - 2017-11-02 01:28 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
      2017-11-15 23:03 - 2017-11-02 01:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
      2017-11-15 23:03 - 2017-11-02 01:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
      2017-11-15 23:03 - 2017-11-02 01:26 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
      2017-11-15 23:03 - 2017-11-02 01:25 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
      2017-11-15 23:03 - 2017-11-02 01:25 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
      2017-11-15 23:03 - 2017-11-02 01:25 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
      2017-11-15 23:03 - 2017-11-02 01:24 - 003447808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
      2017-11-15 23:03 - 2017-11-02 01:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
      2017-11-15 23:03 - 2017-11-02 01:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
      2017-11-15 23:03 - 2017-11-02 01:23 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
      2017-11-15 23:03 - 2017-11-02 01:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2017-11-15 23:03 - 2017-11-02 01:22 - 002156544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
      2017-11-15 23:03 - 2017-11-02 01:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2017-11-15 23:03 - 2017-11-02 01:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
      2017-11-15 23:03 - 2017-10-15 12:03 - 000078744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
      2017-11-15 23:03 - 2017-10-15 11:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
      2017-11-15 23:03 - 2017-10-15 11:45 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
      2017-11-15 23:03 - 2017-10-15 11:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
      2017-11-15 23:03 - 2017-10-15 11:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2017-11-15 23:03 - 2017-10-15 11:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
      2017-11-15 23:02 - 2017-11-02 02:03 - 000364440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
      2017-11-15 23:02 - 2017-11-02 02:03 - 000030616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
      2017-11-15 23:02 - 2017-11-02 01:50 - 001853800 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2017-11-15 23:02 - 2017-11-02 01:49 - 001972120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
      2017-11-15 23:02 - 2017-11-02 01:48 - 000962456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2017-11-15 23:02 - 2017-11-02 01:46 - 002024344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2017-11-15 23:02 - 2017-11-02 01:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2017-11-15 23:02 - 2017-11-02 01:45 - 000510384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2017-11-15 23:02 - 2017-11-02 01:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
      2017-11-15 23:02 - 2017-11-02 01:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
      2017-11-15 23:02 - 2017-11-02 01:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
      2017-11-15 23:02 - 2017-11-02 01:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
      2017-11-15 23:02 - 2017-11-02 01:38 - 000033176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
      2017-11-15 23:02 - 2017-11-02 01:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2017-11-15 23:02 - 2017-11-02 01:30 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
      2017-11-15 23:02 - 2017-11-02 01:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
      2017-11-15 23:02 - 2017-11-02 01:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
      2017-11-15 23:02 - 2017-11-02 01:30 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
      2017-11-15 23:02 - 2017-11-02 01:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2017-11-15 23:02 - 2017-11-02 01:28 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
      2017-11-15 23:02 - 2017-11-02 01:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
      2017-11-15 23:02 - 2017-11-02 01:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
      2017-11-15 23:02 - 2017-11-02 01:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2017-11-15 23:02 - 2017-11-02 01:25 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
      2017-11-15 23:02 - 2017-11-02 01:24 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
      2017-11-15 23:02 - 2017-11-02 01:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
      2017-11-15 23:02 - 2017-11-02 01:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
      2017-11-15 23:02 - 2017-11-02 01:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
      2017-11-15 23:02 - 2017-11-02 01:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2017-11-15 23:02 - 2017-11-02 01:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
      2017-11-15 23:02 - 2017-11-02 01:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
      2017-11-15 23:02 - 2017-11-02 01:22 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
      2017-11-15 23:02 - 2017-11-02 01:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
      2017-11-15 23:02 - 2017-11-02 01:16 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
      2017-11-15 23:02 - 2017-10-25 04:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
      2017-11-15 23:02 - 2017-10-15 12:06 - 000582552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2017-11-15 23:02 - 2017-10-15 12:06 - 000341912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2017-11-15 23:02 - 2017-10-15 11:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
      2017-11-15 23:02 - 2017-10-15 11:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
      2017-11-15 23:02 - 2017-10-15 11:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
      2017-11-15 23:01 - 2017-11-02 02:05 - 000518040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
      2017-11-15 23:01 - 2017-11-02 02:05 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
      2017-11-15 23:01 - 2017-11-02 02:04 - 001927064 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
      2017-11-15 23:01 - 2017-11-02 02:04 - 001330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
      2017-11-15 23:01 - 2017-11-02 02:04 - 000550296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
      2017-11-15 23:01 - 2017-11-02 02:04 - 000312216 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
      2017-11-15 23:01 - 2017-11-02 02:04 - 000158616 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
      2017-11-15 23:01 - 2017-11-02 02:03 - 000497048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
      2017-11-15 23:01 - 2017-11-02 01:57 - 000060312 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
      2017-11-15 23:01 - 2017-11-02 01:47 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
      2017-11-15 23:01 - 2017-11-02 01:46 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2017-11-15 23:01 - 2017-11-02 01:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
      2017-11-15 23:01 - 2017-11-02 01:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
      2017-11-15 23:01 - 2017-11-02 01:24 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
      2017-11-15 23:01 - 2017-11-02 01:23 - 002373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2017-11-15 23:01 - 2017-11-02 01:23 - 001513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2017-11-15 23:01 - 2017-11-02 01:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
      2017-11-15 23:01 - 2017-10-15 12:10 - 000790816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
      2017-11-15 23:01 - 2017-10-15 12:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
      2017-11-15 23:01 - 2017-10-15 11:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
      2017-11-15 23:00 - 2017-11-02 02:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
      2017-11-15 23:00 - 2017-11-02 01:41 - 000410520 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
      2017-11-15 23:00 - 2017-11-02 01:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2017-11-15 23:00 - 2017-10-15 12:08 - 000698376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2017-11-15 23:00 - 2017-10-15 12:05 - 000777392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
      2017-11-14 23:44 - 2017-11-14 23:45 - 000000000 ____D C:\Users\Mariana\Desktop\capu
      2017-11-12 20:42 - 2017-11-13 00:52 - 1378467840 ____R C:\Users\Mariana\Downloads\(1982) E.T. El Extraterrestre (E.T. The Extra-Terrestrial) Dual Spanish-English (DVDRip XviD Ac3) by FranLopez.avi
      2017-11-12 15:21 - 2017-11-12 16:11 - 000000000 ____D C:\Users\Mariana\Downloads\Cazafantasmas (2016) EXTENDED 1080p
      2017-11-10 17:49 - 2017-12-03 06:28 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
      2017-11-10 00:20 - 2017-11-10 00:20 - 000000000 ____D C:\Users\Mariana\Documents\Custom Office Templates
      2017-11-10 00:19 - 2017-11-10 00:19 - 000000000 ____D C:\Users\Mariana\AppData\LocalLow\Temp
      2017-11-09 23:11 - 2017-11-09 23:11 - 000000000 ____D C:\Users\Mariana\AppData\Local\DBG
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\Program Files\KMSpico
      2017-11-09 22:25 - 2010-12-05 23:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
      2017-11-09 17:50 - 2017-11-09 17:50 - 000000000 ____D C:\WINDOWS\PCHEALTH
      2017-11-09 17:00 - 2017-11-09 17:35 - 000000000 ____D C:\Random System

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-07 19:48 - 2015-01-07 23:17 - 000000000 ____D C:\Users\Mariana\AppData\Roaming\uTorrent
      2017-12-07 19:47 - 2017-03-18 15:21 - 000000000 ____D C:\WINDOWS\INF
      2017-12-07 18:42 - 2017-10-12 22:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-12-07 12:16 - 2013-11-01 20:33 - 000000000 ____D C:\Users\Mariana\AppData\Roaming\vlc
      2017-12-07 11:04 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-12-06 22:23 - 2017-03-18 15:23 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-06 13:54 - 2017-10-12 22:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-06 13:54 - 2017-03-18 03:02 - 000786432 _____ C:\WINDOWS\system32\config\BBI
      2017-12-06 13:05 - 2014-07-27 12:02 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-12-04 12:14 - 2017-10-12 19:30 - 000000000 ___DC C:\WINDOWS\Panther
      2017-12-04 12:10 - 2017-03-18 03:02 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2017-12-04 11:50 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\Registration
      2017-12-04 11:48 - 2017-09-30 11:51 - 000000000 ___HD C:\$WINDOWS.~BT
      2017-12-04 11:47 - 2017-10-12 22:47 - 000013338 _____ C:\WINDOWS\diagwrn.xml
      2017-12-04 11:47 - 2017-10-12 22:47 - 000013338 _____ C:\WINDOWS\diagerr.xml
      2017-12-03 15:54 - 2017-03-18 15:23 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
      2017-12-03 15:53 - 2016-09-24 00:08 - 000000000 ____D C:\Program Files\Common Files\AV
      2017-12-03 15:33 - 2015-07-10 03:59 - 000000000 ____D C:\Users\Default.migrated
      2017-12-03 14:12 - 2017-07-23 17:30 - 000000000 ____D C:\Users\Mariana\Desktop\Imágenes
      2017-12-03 14:12 - 2015-01-30 07:13 - 000000000 ____D C:\Users\Mariana\Desktop\limpieza
      2017-12-03 08:58 - 2014-06-21 10:18 - 000000501 _____ C:\DelFix.txt
      2017-12-03 08:43 - 2014-06-16 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-12-03 08:33 - 2017-07-21 07:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
      2017-12-03 08:05 - 2014-09-10 23:24 - 000000000 ____D C:\Program Files\Glary Utilities 5
      2017-12-02 22:44 - 2014-07-19 10:28 - 000000000 __SHD C:\Users\Mariana\AppData\LocalLow\EmieUserList
      2017-12-02 22:43 - 2014-06-17 20:28 - 000000000 __SHD C:\Users\Mariana\AppData\Local\EmieUserList
      2017-12-02 22:43 - 2014-06-17 20:28 - 000000000 __SHD C:\Users\Mariana\AppData\Local\EmieSiteList
      2017-12-02 22:42 - 2014-07-19 10:28 - 000000000 __SHD C:\Users\Mariana\AppData\LocalLow\EmieSiteList
      2017-12-02 21:21 - 2013-10-25 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecs for Windows 7 Pack
      2017-12-02 21:16 - 2017-03-18 15:23 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2017-12-02 21:16 - 2017-03-18 15:23 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2017-12-02 21:16 - 2014-08-19 00:40 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
      2017-12-02 21:16 - 2013-10-25 13:02 - 000000000 ____D C:\Program Files\Microsoft Office
      2017-12-02 21:13 - 2017-03-18 15:23 - 000000000 ____D C:\Program Files\Common Files\System
      2017-12-02 21:13 - 2015-07-10 10:30 - 000000000 ____D C:\WINDOWS\ShellNew
      2017-12-02 21:13 - 2009-07-13 23:04 - 000000387 _____ C:\WINDOWS\win.ini
      2017-12-02 21:11 - 2014-09-10 23:24 - 000000000 ____D C:\Users\Mariana\AppData\Roaming\GlarySoft
      2017-12-02 20:51 - 2014-11-13 09:31 - 000000000 ____D C:\Users\Mariana\AppData\Local\ESET
      2017-12-02 16:41 - 2017-10-12 22:07 - 002521088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-02 16:41 - 2017-03-19 05:20 - 001144822 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-12-02 16:41 - 2017-03-19 05:20 - 000266828 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-12-02 16:34 - 2017-10-12 22:08 - 000000000 ____D C:\Users\Mariana
      2017-12-02 14:30 - 2014-06-05 18:52 - 000000000 ____D C:\WINDOWS\system32\MRT
      2017-12-02 14:18 - 2017-10-11 08:30 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
      2017-12-02 14:18 - 2014-06-05 18:52 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2017-12-02 14:11 - 2013-10-25 17:05 - 000000000 ____D C:\Program Files\Google
      2017-11-26 16:29 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\system32\NDF
      2017-11-24 17:29 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\rescache
      2017-11-21 12:10 - 2013-10-26 12:06 - 000450720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
      2017-11-20 10:18 - 2014-06-17 20:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
      2017-11-20 10:15 - 2014-09-10 23:24 - 000001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
      2017-11-20 10:15 - 2014-09-10 23:24 - 000001107 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
      2017-11-17 03:57 - 2017-10-09 14:25 - 000000000 ____D C:\Users\Mariana\Documents\Nueva carpeta
      2017-11-16 09:12 - 2014-01-02 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
      2017-11-16 01:04 - 2015-08-03 16:54 - 000000000 __RHD C:\Users\Public\AccountPictures
      2017-11-16 00:59 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\system32\appraiser
      2017-11-16 00:59 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
      2017-11-16 00:59 - 2017-03-18 15:23 - 000000000 ____D C:\WINDOWS\Provisioning
      2017-11-16 00:59 - 2017-03-18 15:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2017-11-16 00:49 - 2017-03-18 15:14 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-11-14 23:34 - 2017-05-04 11:23 - 000000000 ____D C:\Program Files\iPod
      2017-11-14 23:29 - 2017-10-25 11:45 - 000000000 ____D C:\Users\Mariana\Desktop\PELIS
      2017-11-14 23:27 - 2017-09-28 18:37 - 000000000 ____D C:\Program Files\rempl
      2017-11-12 15:37 - 2015-08-03 16:54 - 000000000 ____D C:\Users\Mariana\AppData\Local\Packages
      2017-11-09 17:48 - 2013-10-25 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

      ==================== Files in the root of some directories =======

      2015-06-02 23:48 - 2015-06-02 23:48 - 000000037 ___SH () C:\Users\Mariana\AppData\Local\20986331705021ca58edc424.96250074
      2014-06-05 21:15 - 2014-06-05 21:15 - 000000000 _____ () C:\Users\Mariana\AppData\Local\AtStart.txt
      2014-06-05 21:15 - 2014-06-05 21:15 - 000000000 _____ () C:\Users\Mariana\AppData\Local\DSwitch.txt
      2014-06-05 21:15 - 2014-06-05 21:15 - 000000000 _____ () C:\Users\Mariana\AppData\Local\QSwitch.txt

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-11-30 12:58

      ==================== End of FRST.txt ============================

    7. #7
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2017
      Ran by Mariana (07-12-2017 19:56:15)
      Running from C:\Users\Mariana\Desktop
      Microsoft Windows 10 Pro Version 1703 15063.726 (X86) (2017-10-13 01:51:47)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1418506859-552196481-275473616-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1418506859-552196481-275473616-503 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-1418506859-552196481-275473616-1002 - Limited - Enabled)
      Invitado (S-1-5-21-1418506859-552196481-275473616-501 - Limited - Disabled)
      Mariana (S-1-5-21-1418506859-552196481-275473616-1000 - Administrator - Enabled) => C:\Users\Mariana

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
      Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
      Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
      Adobe Photoshop CS3 (HKLM\...\Adobe_53a35a181eeb50486a0e091bd67ae62) (Version: 10.0 - Adobe Systems Incorporated)
      Apple Application Support (32 bits) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
      Asistente para actualización a Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
      Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
      CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
      Compresor WinRAR (HKLM\...\WinRAR archiver) (Version: - )
      CorelDRAW Graphics Suite X4 - Capture (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF012}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Content (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF016}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Draw (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Filters (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF017}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - FontNav (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF019}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics SUite X4 - ICA (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - IPM (HKLM\...\{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang BR (HKLM\...\{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang DE (HKLM\...\{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang EN (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF100}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang ES (HKLM\...\{D2827848-7D2A-4547-9AD1-C965FB3E6344}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang FR (HKLM\...\{9D306690-3173-42CD-94C6-9EF9318AF24B}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang IT (HKLM\...\{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - Lang NL (HKLM\...\{A6C27FFF-75EF-4B5B-A64E-F9E128994908}) (Version: 14.0 - Uw bedrijfsnaam) Hidden
      CorelDRAW Graphics Suite X4 - PP (HKLM\...\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 - VBA (HKLM\...\{BF439B41-0252-48DE-8B8B-0430CB26A181}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW Graphics Suite X4 (HKLM\...\{44A27085-0616-4181-A0C3-81C7ECA17F73}) (Version: 14.0 - Corel Corporation) Hidden
      CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
      CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: 1.0 - Corel Corporation) Hidden
      CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
      Glary Utilities 5.88 (HKLM\...\Glary Utilities 5) (Version: 5.88.0.109 - Glarysoft Ltd)
      Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
      HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
      HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.5 - Sonix)
      IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6222.0 - IDT)
      Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
      Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      Letasoft Sound Booster version 1.1 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
      LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
      Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
      MKVToolNix 7.0.0 (32bit) (HKLM\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
      MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      PDF Settings (HKLM\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
      QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
      Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
      SoulseekQt (HKLM\...\SoulseekQt) (Version: - )
      swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)
      System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
      UDD Ciencias 1.0 (HKLM\...\UDD) (Version: 1.0 - ECBI2)
      UpdateAssistant (HKLM\...\{F9D14939-1792-44AB-8C53-F208534C2548}) (Version: 1.2.0.0 - Microsoft Corporation) Hidden
      VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
      ContextMenuHandlers1: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-05-22] ()
      ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
      ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
      ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-05-22] ()
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2007-05-22] ()

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {018C4390-05B8-41C2-AA66-627257A00308} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
      Task: {0214F067-5034-4C43-AEFC-B6C6EBBCA810} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
      Task: {0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {18654858-BF25-4AB5-A22C-F8D395A74CA1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
      Task: {1ECCF2B3-A539-45F7-8698-9CE5FECAE8FB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {2049B32F-F796-44E5-BCF4-D47C84D44951} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {211BF5BD-0044-40ED-9492-6EF38FBCA677} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
      Task: {2A0D1EB1-D3B3-4304-B3B2-E960F87BE7B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
      Task: {2ADEAD01-E330-4E0C-9475-73F8D5367DC2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
      Task: {36A3AB7C-B37E-4376-A547-874B64D2DF4E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {3A145D16-0AA8-4EEA-9C4B-CF3E0B9A4C40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
      Task: {3A693085-594F-47B8-9E45-11B94C0BBAF9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {401B5C73-F569-4149-A8B1-261578BF13F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {415DF3D0-A980-4ECC-8BA3-2349CB7BCB23} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
      Task: {46AB3DA4-0632-4C4E-BA13-34CC4A826DC5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
      Task: {502127B3-7406-4ADB-8D39-1CC84F5E5145} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {54F788B8-A50B-4449-ABA0-ECA68B9E8879} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {569D1AFE-73FD-4786-938B-0E72A966943B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {5CE063DB-F451-43C6-BF6B-A8E52C22C029} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {5D8D440C-F79F-4095-9157-89A43106F335} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
      Task: {5FF00C40-1844-434C-B5CD-1EB84A924CC2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {631AAA0E-CA7E-474D-89FA-D4D62FBCB232} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {67CFB0B8-E976-4CA8-9D2E-8CDC875552EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {6FE5921C-1056-44D6-9C9F-847675BC7AF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {77BA8AA4-8CF8-45A3-AE1B-45F22CEEAF91} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
      Task: {7822B033-C604-4FCB-A2BA-7DEA73A41350} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {7B95232E-2CB2-446F-8ED7-F615A160EC80} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {868ABB92-BF45-4258-A0BE-C7B6753E1564} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
      Task: {873648F1-A354-4D74-A7A1-0BD79BFABFFC} - \{F4E77B3C-C80C-428B-A9CD-3962805A5DB3} -> No File <==== ATTENTION
      Task: {8B4AF0F6-073F-45D6-8F85-61867BEF3B3C} - \avast! Emergency Update -> No File <==== ATTENTION
      Task: {8DD3E2D6-F690-465C-83FD-F8AA2389D945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {92B2C76C-40ED-45BE-B5AA-418347FA6F44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
      Task: {95DD0938-E61F-4CF8-A463-E000D8B4687E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
      Task: {9C912F07-7FD9-4A68-881A-11862861964B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1418506859-552196481-275473616-1000UA1d0c317d28374e6 => C:\Users\Mariana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
      Task: {A17869A8-ED32-4D8B-8A5F-E12AAAE21741} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {A83B8237-872C-4085-AE67-115FF8AC6435} - \{769FDD49-0A1B-4E6E-B050-62E62A35B9D0} -> No File <==== ATTENTION
      Task: {A870331F-4A9C-4585-88C0-C587B601D2E9} - \{C6FA9DE8-A4A1-4047-8D94-EEE4EB6B6B20} -> No File <==== ATTENTION
      Task: {AB3A036A-3A21-484D-87FC-428F0EC1479A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {AE7A121B-18FB-49FB-AC80-E91A3F4F4385} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1418506859-552196481-275473616-1000Core => C:\Users\Mariana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
      Task: {BB7CCB40-F9E0-4BD3-B9F6-1451DF082C15} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
      Task: {C4B9024D-F191-425A-BA61-4772DEC8018A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {C5B1939C-1244-4122-B784-53AD0EF1BC0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {C69CE65B-3C7E-4E8D-ACB3-C5AD0205D65A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
      Task: {CD3CF7C0-3435-440E-815B-FB8D23214A41} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {D9514A48-95DD-440E-B845-056C5B784B4D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
      Task: {D95E03BA-B306-486D-B559-483746CF3F9D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {E211750B-B13E-4EFB-BFA1-DB70C1A68839} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
      Task: {E4F928B3-D5E3-4496-B410-ABDED75F7E5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
      Task: {E6553F56-51BC-4651-977B-797A3A6E89B6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
      Task: {EA6BC152-A6F8-4B88-B13C-E30293A7C296} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
      Task: {ECF2601C-D65E-4AF4-89AD-D81A5F092E2D} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2017-11-19] (Glarysoft Ltd)
      Task: {F6ED1693-7D46-4827-A61C-05FE1219E3B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
      Task: {FC14C7F4-804C-4847-B994-C02537F5B6B4} - \{8D9F9EC8-4303-40B4-B23A-380193386D8A} -> No File <==== ATTENTION
      Task: {FC8A96C9-040A-496B-8DC3-BC73A16B965E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2017-11-19] (Glarysoft Ltd)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1418506859-552196481-275473616-1000Core.job => C:\Users\Mariana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1418506859-552196481-275473616-1000UA1d0c317d28374e6.job => C:\Users\Mariana\AppData\Local\Dropbox\Update\DropboxUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2016-10-05 18:18 - 2016-10-05 18:18 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2017-03-18 15:19 - 2017-03-18 15:19 - 000116824 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
      2013-10-25 13:45 - 2007-05-22 09:59 - 000128512 _____ () C:\Program Files\WinRAR\rarext.dll
      2017-03-18 15:19 - 2017-03-19 05:22 - 001456128 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-12-02 14:12 - 2017-11-10 06:21 - 003075928 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
      2017-12-02 14:12 - 2017-11-10 06:21 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libegl.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\007guard.com -> install.007guard.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\008i.com -> 008i.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\008k.com -> 008k.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\00hq.com -> www.00hq.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\010402.com -> 010402.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\0190-dialers.com -> 0190-dialers.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\01i.info -> 01i.info
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\05p.com -> 05p.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\0calories.net -> 0calories.net
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\0cj.net -> 0cj.net
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\0scan.com -> 0scan.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\1-2005-search.com -> 1-2005-search.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
      IE restricted site: HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\1-se.com -> 1-se.com

      There are 11907 more sites.


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 23:04 - 2015-06-11 12:15 - 000000690 _____ C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1418506859-552196481-275473616-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mariana\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
      MSCONFIG\startupreg: Dropbox Update => "C:\Users\Mariana\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
      MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
      MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      HKLM\...\StartupApproved\Run: => "SynTPEnh"
      HKLM\...\StartupApproved\Run: => "iTunesHelper"
      HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
      HKLM\...\StartupApproved\Run: => "BCSSync"
      HKLM\...\StartupApproved\Run: => "QlbCtrl.exe"
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\...\StartupApproved\Run: => "GUDelayStartup"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{FF6C9B1C-BE63-413B-B8D9-7C94A696F7CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{B09F1B9E-68AA-496D-A23D-F78662D0A646}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{AB298400-267C-4848-9907-35C143A53DD5}] => (Allow) C:\Users\Mariana\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{888AEE77-884E-4945-A3D1-A55963CC4A25}] => (Allow) C:\Users\Mariana\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [UDP Query User{2428E3BA-71AE-41A0-8C71-A4659D9A5CB1}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
      FirewallRules: [TCP Query User{78F451BB-8AEB-4DA7-8193-47B015A067E9}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
      FirewallRules: [{CDA6670F-6EA4-41A3-BE3D-456C06BD6664}] => (Allow) C:\Users\Mariana\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{91966C09-230E-48BA-B0AF-C4F8A90BD6B0}] => (Allow) C:\Users\Mariana\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{BD9AD518-8433-440D-A323-45C7AE75FC7A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      ATTENTION: System Restore is disabled

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/07/2017 07:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: SecHealthUI.exe, versión: 10.0.15063.483, marca de tiempo: 0x595f2493
      Nombre del módulo con errores: CoreUIComponents.dll, versión: 10.0.15063.675, marca de tiempo: 0xeff5c322
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x0007c858
      Identificador del proceso con errores: 0x1f7c
      Hora de inicio de la aplicación con errores: 0x01d36fa86ed52904
      Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
      Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
      Identificador del informe: 1ecf7482-dfb5-47e9-927d-451da6b9db1e
      Nombre completo del paquete con errores: Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy
      Identificador de aplicación relativa del paquete con errores: SecHealthUI

      Error: (12/06/2017 01:56:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 15531

      Error: (12/06/2017 01:56:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 15531

      Error: (12/06/2017 01:56:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (12/06/2017 01:03:09 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
      Description: Producto: Adobe Acrobat Reader DC - Español - la actualización "Adobe Acrobat Reader DC
      (15.023.20070)" no se pudo instalar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127

      Error: (12/06/2017 01:03:07 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
      Description: Producto: Adobe Acrobat Reader DC - Español -- Error 1706. No se encuentra ningún paquete de instalación para el producto Adobe Acrobat Reader DC - Español. Vuelva a intentar la instalación utilizando una copia válida del paquete de instalación 'AcroRead.msi'.

      Error: (12/04/2017 10:38:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 42023719

      Error: (12/04/2017 10:38:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 42023719

      Error: (12/04/2017 10:38:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (12/03/2017 03:50:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa explorer.exe, versión 10.0.15063.608, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

      Identificador de proceso: de8

      Hora de inicio: 01d36c6590fdb5a0

      Hora de finalización: 0

      Ruta de la aplicación: C:\Windows\explorer.exe

      Identificador de informe: 442b2930-5740-4276-b870-731bf1230f4a

      Nombre completo de paquete con errores:

      Identificador de aplicación relativa del paquete con errores:


      System errors:
      =============
      Error: (12/06/2017 01:56:16 PM) (Source: DCOM) (EventID: 10010) (User: Mariana-PC)
      Description: El servidor {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (12/06/2017 01:54:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio NetTcpActivator depende del servicio NetTcpPortSharing, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (12/06/2017 01:54:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.

      Error: (12/06/2017 01:26:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio NetTcpActivator depende del servicio NetTcpPortSharing, el cual no pudo iniciarse debido al siguiente error:
      No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

      Error: (12/06/2017 01:25:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
      Solicitud no compatible.

      Error: (12/06/2017 01:24:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
      Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024001e: Actualización de definición para Windows Defender Antivirus – KB2267602 (Definición 1.257.1463.0).

      Error: (12/06/2017 01:24:16 PM) (Source: DCOM) (EventID: 10010) (User: Mariana-PC)
      Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (12/06/2017 01:24:16 PM) (Source: DCOM) (EventID: 10010) (User: Mariana-PC)
      Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (12/06/2017 01:24:14 PM) (Source: DCOM) (EventID: 10010) (User: Mariana-PC)
      Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (12/06/2017 01:24:14 PM) (Source: DCOM) (EventID: 10010) (User: Mariana-PC)
      Description: El servidor {0002DF02-0000-0000-C000-000000000046} no se registró con DCOM dentro del tiempo de espera requerido.


      CodeIntegrity:
      ===================================
      Date: 2017-12-07 19:12:11.528
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-07 19:12:11.525
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-07 10:33:52.201
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-07 10:33:52.198
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-07 10:33:39.786
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-07 10:33:39.765
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-06 22:35:43.271
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-06 22:35:43.268
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-06 22:22:19.046
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-12-06 22:22:19.043
      Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


      ==================== Memory info ===========================

      Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz
      Percentage of memory in use: 43%
      Total physical RAM: 3063.3 MB
      Available physical RAM: 1719.35 MB
      Total Virtual: 6135.3 MB
      Available Virtual: 4609.29 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:72.34 GB) (Free:16.94 GB) NTFS
      Drive d: () (Fixed) (Total:75.81 GB) (Free:0.1 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7A3CFDCA)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=72.3 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=825 MB) - (Type=27)
      Partition 4: (Not Active) - (Size=75.8 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================


      Gracias y saludos!

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.351

      Re: Problema con HackTool32:Win32/KMS

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mysearchresults.com/?c=3507&t=07"
      U3 idsvc; no ImagePath
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\Program Files\KMSpico
      ContextMenuHandlers1: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      Task: {0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {401B5C73-F569-4149-A8B1-261578BF13F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {502127B3-7406-4ADB-8D39-1CC84F5E5145} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {54F788B8-A50B-4449-ABA0-ECA68B9E8879} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {569D1AFE-73FD-4786-938B-0E72A966943B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {6FE5921C-1056-44D6-9C9F-847675BC7AF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {7822B033-C604-4FCB-A2BA-7DEA73A41350} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {873648F1-A354-4D74-A7A1-0BD79BFABFFC} - \{F4E77B3C-C80C-428B-A9CD-3962805A5DB3} -> No File <==== ATTENTION
      Task: {8B4AF0F6-073F-45D6-8F85-61867BEF3B3C} - \avast! Emergency Update -> No File <==== ATTENTION
      Task: {8DD3E2D6-F690-465C-83FD-F8AA2389D945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {A83B8237-872C-4085-AE67-115FF8AC6435} - \{769FDD49-0A1B-4E6E-B050-62E62A35B9D0} -> No File <==== ATTENTION
      Task: {A870331F-4A9C-4585-88C0-C587B601D2E9} - \{C6FA9DE8-A4A1-4047-8D94-EEE4EB6B6B20} -> No File <==== ATTENTION
      Task: {AB3A036A-3A21-484D-87FC-428F0EC1479A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {C5B1939C-1244-4122-B784-53AD0EF1BC0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {FC14C7F4-804C-4847-B994-C02537F5B6B4} - \{8D9F9EC8-4303-40B4-B23A-380193386D8A} -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119] 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Hola Daniela, el Windows Defender está funcionando correctamente. Te agradezco mucho.
      En modo seguro con conexiones de red no me pude conectar a ninguna red, creo que aparece en el informe. De todas maneras funcionó perfecto. Debajo pego el informe.

      Saludos y muchas gracias nuevamente,
      Mariana


      Fix result of Farbar Recovery Scan Tool (x86) Version: 11-12-2017
      Ran by Mariana (11-12-2017 18:36:57) Run:1
      Running from C:\Users\Mariana\Desktop
      Loaded Profiles: Mariana (Available Profiles: Mariana)
      Boot Mode: Safe Mode (with Networking)

      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
      FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mysearchresults.com/?c=3507&t=07"
      U3 idsvc; no ImagePath
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
      2017-11-09 22:25 - 2017-11-10 22:07 - 000000000 ____D C:\Program Files\KMSpico
      ContextMenuHandlers1: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => -> No File
      ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
      Task: {0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {401B5C73-F569-4149-A8B1-261578BF13F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      Task: {502127B3-7406-4ADB-8D39-1CC84F5E5145} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {54F788B8-A50B-4449-ABA0-ECA68B9E8879} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {569D1AFE-73FD-4786-938B-0E72A966943B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {6FE5921C-1056-44D6-9C9F-847675BC7AF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {7822B033-C604-4FCB-A2BA-7DEA73A41350} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {873648F1-A354-4D74-A7A1-0BD79BFABFFC} - \{F4E77B3C-C80C-428B-A9CD-3962805A5DB3} -> No File <==== ATTENTION
      Task: {8B4AF0F6-073F-45D6-8F85-61867BEF3B3C} - \avast! Emergency Update -> No File <==== ATTENTION
      Task: {8DD3E2D6-F690-465C-83FD-F8AA2389D945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {A83B8237-872C-4085-AE67-115FF8AC6435} - \{769FDD49-0A1B-4E6E-B050-62E62A35B9D0} -> No File <==== ATTENTION
      Task: {A870331F-4A9C-4585-88C0-C587B601D2E9} - \{C6FA9DE8-A4A1-4047-8D94-EEE4EB6B6B20} -> No File <==== ATTENTION
      Task: {AB3A036A-3A21-484D-87FC-428F0EC1479A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
      Task: {C5B1939C-1244-4122-B784-53AD0EF1BC0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {FC14C7F4-804C-4847-B994-C02537F5B6B4} - \{8D9F9EC8-4303-40B4-B23A-380193386D8A} -> No File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
      "HKLM\Software\Classes\PROTOCOLS\Handler\skype4com" => removed successfully.
      HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
      HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully.
      "Chrome StartupUrls" => removed successfully.
      "HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully.
      idsvc => service removed successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico => moved successfully
      C:\Program Files\KMSpico => moved successfully
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt" => removed successfully.
      HKLM\Software\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486} => not found
      "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully.
      HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
      "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully.
      HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{401B5C73-F569-4149-A8B1-261578BF13F9} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{401B5C73-F569-4149-A8B1-261578BF13F9} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{502127B3-7406-4ADB-8D39-1CC84F5E5145} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{502127B3-7406-4ADB-8D39-1CC84F5E5145} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F788B8-A50B-4449-ABA0-ECA68B9E8879} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F788B8-A50B-4449-ABA0-ECA68B9E8879} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{569D1AFE-73FD-4786-938B-0E72A966943B} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{569D1AFE-73FD-4786-938B-0E72A966943B} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FE5921C-1056-44D6-9C9F-847675BC7AF6} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FE5921C-1056-44D6-9C9F-847675BC7AF6} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7822B033-C604-4FCB-A2BA-7DEA73A41350} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7822B033-C604-4FCB-A2BA-7DEA73A41350} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{873648F1-A354-4D74-A7A1-0BD79BFABFFC} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{873648F1-A354-4D74-A7A1-0BD79BFABFFC} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4E77B3C-C80C-428B-A9CD-3962805A5DB3} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B4AF0F6-073F-45D6-8F85-61867BEF3B3C} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B4AF0F6-073F-45D6-8F85-61867BEF3B3C} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DD3E2D6-F690-465C-83FD-F8AA2389D945} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD3E2D6-F690-465C-83FD-F8AA2389D945} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A83B8237-872C-4085-AE67-115FF8AC6435} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A83B8237-872C-4085-AE67-115FF8AC6435} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{769FDD49-0A1B-4E6E-B050-62E62A35B9D0} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A870331F-4A9C-4585-88C0-C587B601D2E9} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A870331F-4A9C-4585-88C0-C587B601D2E9} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6FA9DE8-A4A1-4047-8D94-EEE4EB6B6B20} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB3A036A-3A21-484D-87FC-428F0EC1479A} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB3A036A-3A21-484D-87FC-428F0EC1479A} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5B1939C-1244-4122-B784-53AD0EF1BC0F} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B1939C-1244-4122-B784-53AD0EF1BC0F} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC14C7F4-804C-4847-B994-C02537F5B6B4} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC14C7F4-804C-4847-B994-C02537F5B6B4} => could not remove. Access Denied.
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D9F9EC8-4303-40B4-B23A-380193386D8A} => could not remove. Access Denied.
      C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Conexi¢n de red inal*mbrica mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local* 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Conexi¢n de *rea local mientras los medios
      est‚n desconectados.

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c
      El servicio no puede iniciarse en modo a prueba de errores



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
      HKU\S-1-5-21-1418506859-552196481-275473616-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


      ========= End of RemoveProxy: =========

      Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

      =========== EmptyTemp: ==========

      BITS transfer queue => 9199616 B
      DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69984045 B
      Java, Flash, Steam htmlcache => 1022 B
      Windows/system/drivers => 6397531 B
      Edge => 25996057 B
      Chrome => 270864967 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 39226 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      LocalService => 0 B
      NetworkService => 2666178 B
      Mariana => 62965508 B
      DefaultAppPool => 39226 B

      RecycleBin => 0 B
      EmptyTemp: => 427.4 MB temporary data Removed.

      ================================

      Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-12-2017 18:43:09)

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      Result of scheduled keys to remove after reboot:

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A52FBCB-5339-4A9B-B3F2-0C3558D887DF} => could not remove. ErrorCode1: 0x00000002
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A52FBCB-5339-4A9B-B3F2-0C3558D887DF}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B3E4EBA-FFEA-41A5-8289-E47050FAA7D2}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{401B5C73-F569-4149-A8B1-261578BF13F9}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{401B5C73-F569-4149-A8B1-261578BF13F9}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{502127B3-7406-4ADB-8D39-1CC84F5E5145}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{502127B3-7406-4ADB-8D39-1CC84F5E5145}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F788B8-A50B-4449-ABA0-ECA68B9E8879}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F788B8-A50B-4449-ABA0-ECA68B9E8879}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{569D1AFE-73FD-4786-938B-0E72A966943B}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{569D1AFE-73FD-4786-938B-0E72A966943B}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FE5921C-1056-44D6-9C9F-847675BC7AF6}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FE5921C-1056-44D6-9C9F-847675BC7AF6}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7822B033-C604-4FCB-A2BA-7DEA73A41350}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7822B033-C604-4FCB-A2BA-7DEA73A41350}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DC62C33-69B5-4FBA-ABAD-9DA716D0BC19}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{873648F1-A354-4D74-A7A1-0BD79BFABFFC}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{873648F1-A354-4D74-A7A1-0BD79BFABFFC}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4E77B3C-C80C-428B-A9CD-3962805A5DB3}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B4AF0F6-073F-45D6-8F85-61867BEF3B3C}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B4AF0F6-073F-45D6-8F85-61867BEF3B3C}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DD3E2D6-F690-465C-83FD-F8AA2389D945}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD3E2D6-F690-465C-83FD-F8AA2389D945}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A83B8237-872C-4085-AE67-115FF8AC6435}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A83B8237-872C-4085-AE67-115FF8AC6435}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{769FDD49-0A1B-4E6E-B050-62E62A35B9D0}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A870331F-4A9C-4585-88C0-C587B601D2E9}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A870331F-4A9C-4585-88C0-C587B601D2E9}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6FA9DE8-A4A1-4047-8D94-EEE4EB6B6B20}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB3A036A-3A21-484D-87FC-428F0EC1479A}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB3A036A-3A21-484D-87FC-428F0EC1479A}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5B1939C-1244-4122-B784-53AD0EF1BC0F}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B1939C-1244-4122-B784-53AD0EF1BC0F}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC14C7F4-804C-4847-B994-C02537F5B6B4}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC14C7F4-804C-4847-B994-C02537F5B6B4}" => removed successfully.
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D9F9EC8-4303-40B4-B23A-380193386D8A}" => removed successfully.

      ==== End of Fixlog 18:43:12 ====

    10. #10
      Usuario Avatar de Mariana_Margari
      Registrado
      sep 2012
      Ubicación
      Argentina
      Mensajes
      59

      Re: Problema con HackTool32:Win32/KMS

      Disculpá Daniela, como te decía el Windows Defender está funcionando. Pero recién veo que perdí todos los marcadores del navegador Chrome. Podría tener algo que ver con las acciones realizadas? Estoy buscando cómo recuperar eso. Espero dar con la solución... alguna sugerencia?

      Gracias de nuevo, saludos!

    Página 1 de 2 12 ÚltimoÚltimo