• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Posible virus PUP.Optional.Funmoods (Solucionado)

    Muy buenas otra vez compañeros Vuelvo esta vez porque Malwarebytes me detecta esto constantemente y nose si es un virus, el caso es que ni este programa se desace de esto "PUP.Optional.Funmoods" puesto que al ...

          
    1. #1
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Atención Posible virus PUP.Optional.Funmoods (Solucionado)

      Muy buenas otra vez compañeros

      Vuelvo esta vez porque Malwarebytes me detecta esto constantemente y nose si es un virus, el caso es que ni este programa se desace de esto "PUP.Optional.Funmoods" puesto que al moverlo a cuarentena vuelve a salir una y otra vez; tengo el malwarebites caducada la versión de prueba ya (de otras veces).

      Os pego reporte:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 16/12/17
      Hora del análisis: 2:39
      Archivo de registro: 03e0f80a-e202-11e7-bfb5-002354a52458.json
      Administrador: Sí

      -Información del software-
      Versión: 3.2.2.2029
      Versión de los componentes: 1.0.212
      Versión del paquete de actualización: 1.0.3499
      Licencia: Caducado

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: DESKTOP-2BMHDI9\Alchemyst

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 318347
      Amenazas detectadas: 1
      Amenazas en cuarentena: 1
      Tiempo transcurrido: 1 min, 35 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 1
      PUP.Optional.Funmoods, C:\USERS\ALCHEMYST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Sustituido, [752], [455240],1.0.3499

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Posible virus PUP.Optional.Funmoods

      Hola zenmen

      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      Hay una nueva versión de Mslwarebytes, actualiza lo o descarga ka nueva.

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Re: Posible virus PUP.Optional.Funmoods

      Muy buenas Daniela

      Parece estar todo ok menos el Malwarebytes que me detecta el PUP.Optional.Funmoods una y otra vez y nose como desacerme de el.

      Te pego los reportes:

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 16/12/17
      Hora del análisis: 18:21
      Archivo de registro: 9630dea4-e285-11e7-9f6a-002354a52458.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.262
      Versión del paquete de actualización: 1.0.3502
      Licencia: Caducado

      -Información del sistema-
      SO: Windows 10 (Build 15063.726)
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: DESKTOP-2BMHDI9\Alchemyst

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 318402
      Amenazas detectadas: 2
      Amenazas en cuarentena: 2
      Tiempo transcurrido: 1 min, 19 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 0
      (No hay elementos maliciosos detectados)

      Valor del registro: 0
      (No hay elementos maliciosos detectados)

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 0
      (No hay elementos maliciosos detectados)

      Archivo: 2
      PUP.Optional.Funmoods, C:\USERS\ALCHEMYST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Sustituido, [752], [455240],1.0.3502
      PUP.Optional.Funmoods, C:\USERS\ALCHEMYST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Sustituido, [752], [455240],1.0.3502

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)


      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 10 Pro x64
      Ran by Alchemyst (Administrator) on 16/12/2017 at 18:34:12,57
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 0




      Registry: 0


      # AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 16 17:39:25 2017
      # Updated on 2017/29/11 by Malwarebytes
      # Database: 12-15-2017.1
      # Running on Windows 10 Pro (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      No malicious services found.

      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************



      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Posible virus PUP.Optional.Funmoods

      Hola

      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Re: Posible virus PUP.Optional.Funmoods

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Alchemyst (administrator) on DESKTOP-2BMHDI9 (20-12-2017 02:17:59)
      Running from C:\Users\Alchemyst\Desktop
      Loaded Profiles: Alchemyst (Available Profiles: Alchemyst)
      Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
      (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
      (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
      (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
      (Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
      (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
      (Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
      (f.lux Software LLC) C:\Users\Alchemyst\AppData\Local\FluxSoftware\Flux\flux.exe
      (Spotify Ltd) C:\Users\Alchemyst\AppData\Roaming\Spotify\SpotifyWebHelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
      () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
      (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
      HKLM\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [6467440 2017-06-23] (Crystal Rich Ltd)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
      HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
      HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17651320 2017-06-22] (Logitech Inc.)
      HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
      HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
      HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Run: [f.lux] => C:\Users\Alchemyst\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Run: [Spotify Web Helper] => C:\Users\Alchemyst\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-16] (Spotify Ltd)

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{7a741b3f-9fc8-42da-9377-747a36e079b0}: [DhcpNameServer] 80.58.61.250 80.58.61.254
      Tcpip\..\Interfaces\{d77a33f9-8ecb-42d2-b33c-d436d884f5f5}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{f851bc7b-8089-431f-b31a-17dcc6809c40}: [DhcpNameServer] 80.58.61.250 80.58.61.254

      Internet Explorer:
      ==================
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/?gws_rd=ssl
      SearchScopes: HKU\S-1-5-21-1650804611-1913954991-3436895043-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
      SearchScopes: HKU\S-1-5-21-1650804611-1913954991-3436895043-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
      BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
      Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

      FireFox:
      ========
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-11-12] [Legacy] [not signed]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-05] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-05] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

      Chrome:
      =======
      CHR HomePage: Default -> hxxp://google.es/
      CHR StartupUrls: Default -> "hxxp://google.es/"
      CHR Profile: C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Presentaciones) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-23]
      CHR Extension: (Web Developer) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-03]
      CHR Extension: (YouTube) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-23]
      CHR Extension: (Dropbox para Gmail) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-06-23]
      CHR Extension: (Adobe Acrobat) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-12]
      CHR Extension: (Hojas de cálculo) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-23]
      CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-12-19]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]
      CHR Extension: (Gmail) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
      S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-23] (Dropbox, Inc.)
      S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-23] (Dropbox, Inc.)
      R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
      S3 GalaxyClientService; F:\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
      R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-06-22] (Logitech Inc.)
      R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-12-05] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-12-05] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-12-05] (NVIDIA Corporation)
      S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-12-12] (Overwolf LTD)
      R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
      R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1666416 2015-04-28] (Crystal Rich Ltd)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
      R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET)
      R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
      R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [159480 2015-03-10] (ESET)
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
      R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-06-22] (Logitech Inc.)
      R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-16] (Malwarebytes)
      R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
      R0 mv61xx; C:\WINDOWS\System32\drivers\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
      R0 mv64xx; C:\WINDOWS\System32\drivers\mv64xx.sys [322088 2009-01-29] (Marvell Semiconductor, Inc.)
      R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c68c1eb90f6d242e\nvlddmkm.sys [17025992 2017-12-06] (NVIDIA Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-12-05] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-14] (NVIDIA Corporation)
      R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
      S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
      R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
      R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
      S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
      R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2017-03-18] (Marvell)

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-20 02:17 - 2017-12-20 02:18 - 000021306 _____ C:\Users\Alchemyst\Desktop\FRST.txt
      2017-12-20 02:17 - 2017-12-20 02:17 - 000000000 ____D C:\Users\Alchemyst\Desktop\FRST-OlderVersion
      2017-12-20 02:17 - 2017-12-20 02:17 - 000000000 ____D C:\FRST
      2017-12-17 05:16 - 2017-12-17 05:16 - 000029283 _____ C:\Users\Alchemyst\Downloads\CaminoPalomaHDR1,40gb.torrent
      2017-12-16 22:13 - 2017-12-20 02:17 - 002392064 _____ (Farbar) C:\Users\Alchemyst\Desktop\FRST64.exe
      2017-12-16 18:42 - 2017-12-20 01:51 - 000004228 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F0A7BA08-FA1E-4C5E-BF08-DAC5BD81E83F}
      2017-12-16 18:37 - 2017-12-16 18:39 - 000000000 ____D C:\AdwCleaner
      2017-12-16 18:37 - 2017-12-16 18:37 - 000002074 _____ C:\Users\Alchemyst\Desktop\dfsfds.txt
      2017-12-16 18:36 - 2017-12-16 18:36 - 008187336 _____ (Malwarebytes) C:\Users\Alchemyst\Downloads\AdwCleaner.exe
      2017-12-16 18:36 - 2017-12-16 18:36 - 000000550 _____ C:\Users\Alchemyst\Desktop\JRT.txt
      2017-12-16 18:33 - 2017-12-16 18:33 - 001790024 _____ (Malwarebytes) C:\Users\Alchemyst\Downloads\JRT.exe
      2017-12-16 18:17 - 2017-12-16 18:17 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
      2017-12-16 18:17 - 2017-12-16 18:17 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2017-12-16 18:17 - 2017-12-16 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2017-12-16 18:17 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
      2017-12-16 18:16 - 2017-12-16 18:16 - 083316440 _____ (Malwarebytes ) C:\Users\Alchemyst\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
      2017-12-16 18:16 - 2017-12-16 18:16 - 000000000 ____D C:\ProgramData\MB3CoreBackup
      2017-12-16 02:20 - 2017-12-16 02:20 - 000004624 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-15 17:44 - 2017-12-15 17:46 - 226626759 _____ C:\Users\Alchemyst\Downloads\backup-12.15.2017_17-39-15_eskikgqc.tar.gz
      2017-12-15 14:31 - 2017-12-15 14:31 - 000007083 _____ C:\Users\Alchemyst\Downloads\htaccess_Backup_for_www.seduccionpractica.com.txt
      2017-12-15 11:13 - 2017-12-15 11:13 - 000000000 ___HD C:\$SysReset
      2017-12-15 11:03 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2017-12-15 11:03 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2017-12-15 11:03 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
      2017-12-15 11:03 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2017-12-15 11:03 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
      2017-12-15 11:03 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
      2017-12-15 11:03 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
      2017-12-15 11:03 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
      2017-12-15 11:03 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
      2017-12-15 11:03 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
      2017-12-15 11:03 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
      2017-12-15 11:03 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
      2017-12-15 11:03 - 2017-11-02 06:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
      2017-12-15 11:03 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
      2017-12-15 11:03 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
      2017-12-15 11:03 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
      2017-12-15 11:03 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
      2017-12-15 11:03 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
      2017-12-15 11:03 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
      2017-12-15 11:03 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
      2017-12-15 11:03 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
      2017-12-15 11:03 - 2017-11-02 05:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2017-12-15 11:03 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
      2017-12-15 11:03 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
      2017-12-15 11:03 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
      2017-12-15 11:03 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
      2017-12-15 11:03 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
      2017-12-15 11:03 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
      2017-12-15 11:03 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2017-12-15 11:03 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
      2017-12-15 11:03 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
      2017-12-15 11:03 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
      2017-12-15 11:03 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
      2017-12-15 11:03 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
      2017-12-15 11:03 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2017-12-15 11:03 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2017-12-15 11:03 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
      2017-12-15 11:03 - 2017-11-02 05:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2017-12-15 11:03 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
      2017-12-15 11:03 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2017-12-15 11:03 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
      2017-12-15 11:03 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
      2017-12-15 11:03 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
      2017-12-15 11:03 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2017-12-15 11:03 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
      2017-12-15 11:03 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
      2017-12-15 11:03 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
      2017-12-15 11:03 - 2017-11-02 05:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2017-12-15 11:03 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
      2017-12-15 11:03 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
      2017-12-15 11:03 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
      2017-12-15 11:03 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
      2017-12-15 11:03 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
      2017-12-15 11:03 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
      2017-12-15 11:03 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
      2017-12-15 11:03 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
      2017-12-15 11:03 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
      2017-12-15 11:03 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
      2017-12-15 11:03 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
      2017-12-15 11:03 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
      2017-12-15 11:03 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
      2017-12-15 11:03 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2017-12-15 11:03 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
      2017-12-15 11:03 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
      2017-12-15 11:03 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
      2017-12-15 11:03 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
      2017-12-15 11:03 - 2017-11-02 05:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2017-12-15 11:03 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
      2017-12-15 11:03 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
      2017-12-15 11:03 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
      2017-12-15 11:03 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
      2017-12-15 11:03 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
      2017-12-15 11:03 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2017-12-15 11:03 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
      2017-12-15 11:03 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
      2017-12-15 11:03 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
      2017-12-15 11:03 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
      2017-12-15 11:03 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2017-12-15 11:03 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2017-12-15 11:03 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
      2017-12-15 11:03 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
      2017-12-15 11:03 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
      2017-12-15 11:03 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
      2017-12-15 11:03 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
      2017-12-15 11:03 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
      2017-12-15 11:03 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
      2017-12-15 11:03 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
      2017-12-15 11:03 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
      2017-12-15 11:03 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
      2017-12-15 11:03 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
      2017-12-15 11:03 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2017-12-15 11:03 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
      2017-12-15 11:03 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
      2017-12-15 11:03 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
      2017-12-15 11:02 - 2017-11-02 06:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
      2017-12-15 11:02 - 2017-11-02 06:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
      2017-12-15 11:02 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
      2017-12-15 11:02 - 2017-11-02 06:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
      2017-12-15 11:02 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
      2017-12-15 11:02 - 2017-11-02 06:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
      2017-12-15 11:02 - 2017-11-02 06:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
      2017-12-15 11:02 - 2017-11-02 06:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2017-12-15 11:02 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
      2017-12-15 11:02 - 2017-11-02 06:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
      2017-12-15 11:02 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
      2017-12-15 11:02 - 2017-11-02 06:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
      2017-12-15 11:02 - 2017-11-02 06:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
      2017-12-15 11:02 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2017-12-15 11:02 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
      2017-12-15 11:02 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2017-12-15 11:02 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2017-12-15 11:02 - 2017-11-02 06:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2017-12-15 11:02 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
      2017-12-15 11:02 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
      2017-12-15 11:02 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
      2017-12-15 11:02 - 2017-11-02 06:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2017-12-15 11:02 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2017-12-15 11:02 - 2017-11-02 05:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2017-12-15 11:02 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
      2017-12-15 11:02 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
      2017-12-15 11:02 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
      2017-12-15 11:02 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
      2017-12-15 11:02 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
      2017-12-15 11:02 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
      2017-12-15 11:02 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
      2017-12-15 11:02 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
      2017-12-15 11:02 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
      2017-12-15 11:02 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
      2017-12-15 11:02 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
      2017-12-15 11:02 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2017-12-15 11:02 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
      2017-12-15 11:02 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
      2017-12-15 11:02 - 2017-11-02 05:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
      2017-12-15 11:02 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
      2017-12-15 11:02 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
      2017-12-15 11:02 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
      2017-12-15 11:02 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
      2017-12-15 11:02 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
      2017-12-15 11:02 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
      2017-12-15 11:02 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
      2017-12-15 11:02 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
      2017-12-15 11:02 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
      2017-12-15 11:02 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
      2017-12-15 11:02 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
      2017-12-15 11:02 - 2017-11-02 05:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
      2017-12-15 11:02 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
      2017-12-15 11:02 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
      2017-12-15 11:02 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
      2017-12-15 11:02 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2017-12-15 11:02 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
      2017-12-15 11:02 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
      2017-12-15 11:02 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
      2017-12-15 11:02 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
      2017-12-15 11:02 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
      2017-12-15 11:02 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation)

    6. #6
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Re: Posible virus PUP.Optional.Funmoods

      C:\WINDOWS\system32\AppXDeploymentServer.dll
      2017-12-15 11:02 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2017-12-15 11:02 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
      2017-12-15 11:02 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
      2017-12-15 11:02 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
      2017-12-15 11:02 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2017-12-15 11:02 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
      2017-12-15 11:02 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
      2017-12-15 11:02 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2017-12-15 11:02 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2017-12-15 11:02 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2017-12-15 11:02 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
      2017-12-15 11:02 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2017-12-15 11:02 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
      2017-12-15 11:02 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
      2017-12-15 11:02 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
      2017-12-15 11:02 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
      2017-12-15 11:02 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
      2017-12-15 11:02 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
      2017-12-15 11:02 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
      2017-12-15 11:02 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
      2017-12-15 11:02 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
      2017-12-15 11:02 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2017-12-15 11:02 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
      2017-12-15 11:02 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
      2017-12-15 11:02 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
      2017-12-12 09:32 - 2017-12-16 07:18 - 000000000 ____D C:\Users\Alchemyst\Desktop\sp site 12-12-17
      2017-12-12 00:30 - 2017-12-19 16:43 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Ubisoft Game Launcher
      2017-12-12 00:30 - 2017-12-12 00:30 - 000000657 _____ C:\Users\Alchemyst\Desktop\Uplay.lnk
      2017-12-12 00:30 - 2017-12-12 00:30 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
      2017-12-11 21:10 - 2017-12-11 21:10 - 072456096 _____ (Ubisoft) C:\Users\Alchemyst\Downloads\UplayInstaller.exe
      2017-12-11 16:23 - 2017-12-11 16:23 - 000016398 _____ C:\Users\Alchemyst\Downloads\knightfall-temporada-1-hdtv-720p-cap-101-ac3-5-1-espaa-a-ol-castellano.torrent
      2017-12-11 04:25 - 2017-12-11 04:25 - 000000000 ____D C:\Program Files (x86)\VulkanRT
      2017-12-11 04:25 - 2017-12-05 20:36 - 000137200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
      2017-12-11 04:25 - 2017-09-14 00:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
      2017-12-11 04:25 - 2017-09-14 00:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
      2017-12-11 04:25 - 2017-09-14 00:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
      2017-12-11 04:25 - 2017-09-14 00:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
      2017-12-11 04:22 - 2017-12-05 22:17 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 035156368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 029379568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 023267096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 019040512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 013867840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 011782096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 003817400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 003615032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001989944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438859.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001674736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438859.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001102368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001044664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001038496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000982888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000885496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000794576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000741224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000599536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
      2017-12-11 04:22 - 2017-12-05 22:17 - 000506680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
      2017-12-11 04:12 - 2017-12-11 04:13 - 461820848 _____ (NVIDIA Corporation) C:\Users\Alchemyst\Downloads\388.59-desktop-win10-64bit-international-whql.exe
      2017-12-09 16:20 - 2017-12-15 13:29 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\FileZilla
      2017-12-09 16:20 - 2017-12-15 13:27 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\FileZilla
      2017-12-09 16:20 - 2017-12-09 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
      2017-12-08 22:44 - 2017-12-08 22:44 - 000000000 ____D C:\Users\Alchemyst\Downloads\Telegram Desktop
      2017-12-08 02:00 - 2017-12-08 02:00 - 000423978 _____ C:\Users\Alchemyst\Downloads\Plantilla modelo -A-.pdf
      2017-12-08 02:00 - 2017-12-08 02:00 - 000421266 _____ C:\Users\Alchemyst\Downloads\Plantilla modelo -B-.pdf
      2017-12-07 22:29 - 2017-12-07 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
      2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
      2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
      2017-12-01 15:36 - 2017-12-01 15:36 - 002563470 _____ C:\Users\Alchemyst\Downloads\PodersinLimitesAnthonyRobins.pdf
      2017-12-01 15:36 - 2017-12-01 15:36 - 000117774 _____ C:\Users\Alchemyst\Downloads\ElsecretodelaProsperidadMarkFischer.pdf
      2017-12-01 15:35 - 2017-12-01 15:35 - 000588007 _____ C:\Users\Alchemyst\Downloads\ElpoderdelpensamientopositivoNormanVincentPeale.pdf
      2017-12-01 05:07 - 2017-12-01 05:08 - 000000000 ____D C:\Users\Alchemyst\Desktop\RSD
      2017-11-27 19:52 - 2017-11-27 20:15 - 000000000 ____D C:\Users\Alchemyst\Desktop\CNP 2017
      2017-11-27 12:51 - 2017-11-27 12:51 - 000003664 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
      2017-11-25 06:53 - 2017-11-25 06:53 - 000917521 _____ C:\Users\Alchemyst\Downloads\10100230DasCambiadhbitos_cambiadvida545.pdf
      2017-11-24 22:57 - 2017-12-17 02:43 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\UnrealEngine
      2017-11-24 22:57 - 2017-11-24 22:57 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\TslGame
      2017-11-24 20:44 - 2017-11-24 20:44 - 000000222 _____ C:\Users\Alchemyst\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
      2017-11-22 18:12 - 2017-11-22 18:12 - 184739130 _____ C:\Users\Alchemyst\Downloads\Manual_consolidacion_2017-Vol1-Temas1-7.pdf
      2017-11-22 18:12 - 2017-11-22 18:12 - 000263293 _____ C:\Users\Alchemyst\Downloads\BASES-GENERALES-2.pdf
      2017-11-22 00:54 - 2017-12-11 19:54 - 000596388 _____ C:\Users\Alchemyst\Desktop\Titosss.xlsx

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-12-20 02:16 - 2017-06-23 14:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2017-12-20 02:00 - 2017-06-23 15:46 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Adobe
      2017-12-20 01:48 - 2017-06-23 17:38 - 000000000 ____D C:\Program Files (x86)\Steam
      2017-12-20 01:48 - 2017-06-23 15:28 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\USBSafelyRemove
      2017-12-20 01:48 - 2017-06-23 15:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-19 19:04 - 2017-09-27 11:32 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\WhatsApp
      2017-12-19 19:04 - 2017-06-23 15:10 - 000000000 ____D C:\Users\Alchemyst
      2017-12-19 19:02 - 2017-06-23 16:09 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Battle.net
      2017-12-19 18:40 - 2017-10-06 22:18 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Telegram Desktop
      2017-12-19 18:40 - 2017-06-23 17:16 - 000031916 _____ C:\Users\Alchemyst\Desktop\Recordatorum.kdb
      2017-12-19 15:28 - 2017-06-23 16:10 - 000000000 ____D C:\Program Files (x86)\Blizzard App
      2017-12-19 15:13 - 2017-06-23 17:35 - 000002593 _____ C:\Users\Alchemyst\Desktop\Hearthstone Deck Tracker.lnk
      2017-12-19 15:13 - 2017-06-23 17:35 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
      2017-12-19 15:13 - 2017-06-23 17:35 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\SquirrelTemp
      2017-12-19 15:13 - 2017-06-23 17:35 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\HearthstoneDeckTracker
      2017-12-19 15:03 - 2017-05-23 22:42 - 000000000 ____D C:\Overwatch
      2017-12-19 13:43 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
      2017-12-19 13:35 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
      2017-12-17 05:59 - 2017-06-23 15:26 - 000000000 ___RD C:\Users\Alchemyst\Desktop\Accesos directos
      2017-12-17 05:58 - 2017-06-23 16:30 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\vlc
      2017-12-17 05:42 - 2017-06-23 18:48 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\uTorrent
      2017-12-17 03:08 - 2017-06-28 00:28 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Spotify
      2017-12-17 03:08 - 2017-06-28 00:27 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Spotify
      2017-12-17 02:34 - 2017-07-07 14:10 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      2017-12-16 18:40 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
      2017-12-16 18:17 - 2017-06-23 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
      2017-12-16 05:55 - 2017-11-17 17:47 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-16 02:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-16 02:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-16 01:41 - 2017-06-23 17:57 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Overwolf
      2017-12-16 01:30 - 2017-07-20 01:33 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\HearthSim
      2017-12-15 16:41 - 2017-06-23 15:12 - 002805680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-15 16:41 - 2017-03-20 06:11 - 001340910 _____ C:\WINDOWS\system32\perfh00A.dat
      2017-12-15 16:41 - 2017-03-20 06:11 - 000320952 _____ C:\WINDOWS\system32\perfc00A.dat
      2017-12-15 16:35 - 2017-06-23 14:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-15 16:34 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
      2017-12-15 16:31 - 2017-06-23 15:13 - 000000000 __RHD C:\Users\Public\AccountPictures
      2017-12-15 16:31 - 2017-06-23 14:58 - 004959952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-12-15 16:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
      2017-12-15 16:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
      2017-12-15 16:29 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
      2017-12-15 16:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2017-12-15 16:29 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
      2017-12-15 13:59 - 2017-06-23 17:58 - 000000000 ____D C:\Program Files (x86)\Overwolf
      2017-12-15 13:50 - 2015-09-02 23:01 - 000000000 ____D C:\Heroes of the Storm
      2017-12-15 11:11 - 2017-07-28 22:06 - 000000000 ____D C:\WINDOWS\system32\MRT
      2017-12-15 11:10 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-15 11:07 - 2017-11-12 18:49 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
      2017-12-15 11:07 - 2017-07-28 22:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2017-12-15 11:07 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
      2017-12-15 10:44 - 2017-06-23 16:58 - 000003470 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
      2017-12-12 14:35 - 2017-06-23 15:13 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\Packages
      2017-12-11 04:27 - 2017-06-23 15:12 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
      2017-12-11 04:26 - 2017-06-23 16:47 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 16:47 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-12-11 04:26 - 2017-06-23 15:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2017-12-11 04:26 - 2017-06-23 15:12 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2017-12-11 04:25 - 2017-06-23 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      2017-12-11 03:41 - 2017-06-23 15:16 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-11 03:41 - 2017-06-23 15:16 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-08 06:07 - 2017-07-30 14:03 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\CrashDumps
      2017-12-08 00:07 - 2015-09-03 01:14 - 000000000 ____D C:\Hearthstone
      2017-12-07 22:29 - 2017-06-23 20:33 - 000000000 ____D C:\Program Files (x86)\Dropbox
      2017-12-07 22:10 - 2015-09-06 13:54 - 000000000 ____D C:\StarCraft II
      2017-12-07 16:39 - 2017-11-04 02:13 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\ElevatedDiagnostics
      2017-12-07 03:36 - 2017-09-27 11:32 - 000002285 _____ C:\Users\Alchemyst\Desktop\WhatsApp.lnk
      2017-12-07 03:36 - 2017-09-27 11:32 - 000000000 ____D C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
      2017-12-07 03:36 - 2017-09-27 11:32 - 000000000 ____D C:\Users\Alchemyst\AppData\Local\WhatsApp
      2017-12-05 22:17 - 2017-06-23 22:40 - 000186304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
      2017-12-05 22:17 - 2017-06-23 22:40 - 000152512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
      2017-12-05 22:17 - 2017-06-23 16:47 - 002404800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
      2017-12-05 22:17 - 2017-06-23 16:47 - 002070976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
      2017-12-05 22:17 - 2017-06-23 16:47 - 001309120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
      2017-12-05 22:17 - 2017-06-23 16:47 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
      2017-12-05 22:17 - 2017-06-23 16:44 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
      2017-12-05 22:17 - 2017-06-23 15:12 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
      2017-12-05 22:17 - 2017-05-19 16:47 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
      2017-12-05 22:17 - 2017-05-19 13:22 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
      2017-12-05 20:32 - 2017-06-23 15:12 - 005966696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 000607304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
      2017-12-05 20:32 - 2017-06-23 15:12 - 000082744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
      2017-12-01 15:20 - 2017-06-23 23:08 - 000002180 _____ C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
      2017-11-29 21:36 - 2017-06-23 20:36 - 000000000 ____D C:\Program Files\Defraggler
      2017-11-29 01:12 - 2017-06-23 20:35 - 000000000 ___RD C:\Users\Alchemyst\Dropbox
      2017-11-27 12:51 - 2017-11-04 01:42 - 000001257 _____ C:\DelFix.txt
      2017-11-25 13:40 - 2017-06-23 15:12 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin

      ==================== Files in the root of some directories =======

      2013-10-14 03:44 - 2013-10-14 03:44 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
      2017-08-18 19:29 - 2017-10-31 15:16 - 000001456 _____ () C:\Users\Alchemyst\AppData\Local\Adobe Guardar para Web 12.0 Prefs
      2017-07-02 17:00 - 2017-07-02 17:24 - 000465408 _____ (Dirección General de la Policía) C:\Users\Alchemyst\AppData\Local\DNIeService.exe

      Some files in TEMP:
      ====================
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000000 _____ () C:\Users\Alchemyst\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000016 _____ () C:\Users\Alchemyst\AppData\Local\Temp\21e674addc1d437eb77a231a358d9c2c.dll

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-12-12 15:09

      ==================== End of FRST.txt ============================




      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
      Ran by Alchemyst (20-12-2017 02:18:36)
      Running from C:\Users\Alchemyst\Desktop
      Windows 10 Pro Version 1703 15063.726 (X64) (2017-06-23 14:06:46)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-1650804611-1913954991-3436895043-500 - Administrator - Disabled)
      Alchemyst (S-1-5-21-1650804611-1913954991-3436895043-1001 - Administrator - Enabled) => C:\Users\Alchemyst
      DefaultAccount (S-1-5-21-1650804611-1913954991-3436895043-503 - Limited - Disabled)
      Invitado (S-1-5-21-1650804611-1913954991-3436895043-501 - Limited - Disabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{A5B6B786-2D6F-4B75-940F-42B32D01D146}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{042190ED-F17C-4A8D-95D8-87A37B4095BD}) (Version: - ) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}) (Version: - ) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}) (Version: - Microsoft) Hidden
      Actualización de NVIDIA 31.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.0.1.0 - NVIDIA Corporation) Hidden
      Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.01 - Adobe Systems)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
      Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
      Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
      Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
      Aplicación de Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      Apple Application Support (32 bits) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
      Apple Application Support (64 bits) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
      Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
      Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
      Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
      calibre 64bit (HKLM\...\{833153C0-7E32-4708-A0D8-24099CEF8F3E}) (Version: 3.10.0 - Kovid Goyal)
      Call of Duty: WWII (HKLM\...\Y2FsbG9mZHV0eXd3aWk_is1) (Version: 1 - )
      CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
      Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
      Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
      Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
      ESET NOD32 Antivirus (HKLM\...\{A2E9DF19-4BDC-44FD-8643-17EF2829E565}) (Version: 8.0.312.3 - ESET, spol s r. o.)
      f.lux (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Flux) (Version: - f.lux Software LLC)
      FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
      GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Grabador de Pantalla Pro de Apowersoft V2.0.1 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.0.1 - APOWERSOFT LIMITED)
      Gwent (HKLM-x32\...\1971477531_is1) (Version: 0.9.10 public beta - GOG.com)
      Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
      Hearthstone Deck Tracker (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\HearthstoneDeckTracker) (Version: 1.5.10 - HearthSim)
      Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
      iTunes (HKLM\...\{8251BA2E-05A9-441D-BC6D-B3A3B3E133F4}) (Version: 12.7.0.166 - Apple Inc.)
      Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      KeePass Password Safe 1.33 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.33 - Dominik Reichl)
      Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.100 - Logitech Inc.)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
      Microsoft OneDrive (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Middle Earth Shadow of War (HKLM-x32\...\Middle Earth Shadow of War_is1) (Version: - )
      MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
      MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
      Nero 7 Ultra Edition (HKLM-x32\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711034}) (Version: 7.03.1151 - Nero AG)
      NVIDIA Controlador de 3D Vision 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
      NVIDIA Controlador de audio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
      NVIDIA Controlador de gráficos 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
      NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
      NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
      NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
      Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
      Overwolf (HKLM-x32\...\Overwolf) (Version: 0.108.210.0 - Overwolf Ltd.)
      Panel de control de NVIDIA 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.59 - NVIDIA Corporation) Hidden
      PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
      RAPID Mode (HKLM\...\{4B94C023-022A-4271-A1D6-744ABE74D220}) (Version: 1.0.0.97 - Samsung Electronics Co., Ltd.) Hidden
      RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
      Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
      Spotify (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\Spotify) (Version: 1.0.69.336.g7edcc575 - Spotify AB)
      StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Telegram Desktop version 1.2.1 (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.1 - Telegram Messenger LLP)
      The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
      UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version: - )
      Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version: - Microsoft)
      Uplay (HKLM-x32\...\Uplay) (Version: 45.1 - Ubisoft)
      USB Safely Remove 5.3 (HKLM-x32\...\USB Safely Remove_is1) (Version: - SafelyRemove.com)
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
      Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
      WhatsApp (HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\...\WhatsApp) (Version: 0.2.7315 - WhatsApp)
      WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
      Xilisoft Editar Vídeo 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
      Xilisoft Video Convertidor Ultimate (HKLM-x32\...\Xilisoft Video Convertidor Ultimate) (Version: 7.7.3.20131014 - Xilisoft)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
      ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
      ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
      ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers1-x32: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-01-28] (ESET)
      ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
      ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
      ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-01-28] (ESET)
      ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-05] (NVIDIA Corporation)
      ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
      ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
      ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-01-28] (ESET)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {084C0FB1-50D5-485D-B016-8D3BFEFA3C0D} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2017-10-31] (ESET)
      Task: {20E43CBA-2D27-4569-AE43-CD705511BE7B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
      Task: {29575870-B0A7-4BF8-A0DC-50B8C00BC4E4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-23] (Dropbox, Inc.)
      Task: {2B8BE619-63A1-42FC-A8F4-4CBC5F11A98D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-12-05] (NVIDIA Corporation)
      Task: {2E9627CD-2135-4AFF-863D-E900A705BFEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program

    7. #7
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Re: Posible virus PUP.Optional.Funmoods

      Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-23] (Google Inc.)
      Task: {31047808-82BF-466B-9216-B456B5F7F89F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
      Task: {35B31ABD-0F5D-46A4-8924-8E930F605393} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-2BMHDI9-Alchemyst => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
      Task: {52467FD0-B618-4905-A14C-780633EE5B66} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
      Task: {52CB2822-87F0-4C1A-A3D3-B6E546AF976A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-12-05] (NVIDIA Corporation)
      Task: {61D82E23-27B1-4724-8369-A3B707FC9E76} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
      Task: {6AD326F9-3862-459E-9574-8F0A6495371A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-23] (Google Inc.)
      Task: {7C0F6416-F583-446F-8F09-7DEAFBFF5391} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-06-23] (Dropbox, Inc.)
      Task: {8520836D-FA0B-4F85-9693-81C1A83FDD5A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
      Task: {85B60CC0-AE6F-4058-A89C-18E7D62FECD8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-05] (NVIDIA Corporation)
      Task: {86B9B77C-66AF-44BE-A2AB-6CFE84C2BF93} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-12-12] (Overwolf LTD)
      Task: {8B467B00-CC7F-4D52-8FC7-7292B1DB428A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-05] (NVIDIA Corporation)
      Task: {AE163E2D-E4C7-495C-9134-960C819C2D96} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
      Task: {B27F8ABF-50BF-465D-8A85-2FF44340EBF9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-05] (NVIDIA Corporation)
      Task: {B47753A5-F3FA-4615-B94C-B9EB820705B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)
      Task: {B5587650-85FE-4EA0-9035-10BB19245478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
      Task: {F697B645-4A19-4069-B8A1-FD9A2C6E2645} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-12-05] (NVIDIA Corporation)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
      2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
      2017-12-16 18:17 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-06-23 16:47 - 2017-12-05 22:17 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
      2017-06-23 15:12 - 2017-12-05 20:32 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
      2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
      2017-11-06 20:32 - 2017-11-06 20:32 - 000076456 _____ () D:\FileZilla FTP Client\fzshellext_64.dll
      2017-03-18 21:59 - 2017-03-20 06:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2017-12-11 16:24 - 2017-12-11 16:24 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2017-12-11 16:24 - 2017-12-11 16:24 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-12-11 16:24 - 2017-12-11 16:24 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2017-12-11 16:24 - 2017-12-11 16:24 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
      2015-03-07 01:07 - 2015-03-07 01:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
      2017-06-22 00:43 - 2017-06-22 00:43 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
      2015-03-07 01:07 - 2015-03-07 01:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
      2017-06-22 00:43 - 2017-06-22 00:43 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
      2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () D:\Program Files\iTunes\zlib1.dll
      2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () D:\Program Files\iTunes\libxml2.dll
      2017-09-19 21:34 - 2014-04-14 11:41 - 000039192 _____ () C:\Program Files\CCleaner\branding.dll
      2017-09-07 17:12 - 2017-09-07 17:12 - 000077824 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2017-12-05 22:54 - 2017-12-05 22:55 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
      2017-12-12 14:35 - 2017-12-12 14:35 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
      2017-11-12 18:49 - 2017-11-12 18:50 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
      2017-11-12 18:49 - 2017-11-12 18:50 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
      2017-11-12 18:49 - 2017-11-12 18:50 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
      2017-11-12 18:46 - 2017-11-12 18:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
      2017-12-12 14:35 - 2017-12-12 14:35 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
      2017-12-11 03:41 - 2017-12-06 05:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
      2017-12-11 03:41 - 2017-12-06 05:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
      2017-06-23 16:47 - 2017-12-05 22:17 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
      2017-06-23 17:39 - 2017-11-29 06:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
      2017-06-23 17:39 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
      2017-06-23 17:39 - 2017-12-15 20:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
      2017-12-15 16:32 - 2017-11-04 02:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
      2017-12-15 16:32 - 2017-11-04 02:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
      2017-12-15 16:32 - 2017-11-04 02:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
      2017-12-15 16:32 - 2017-11-04 02:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
      2017-12-15 16:32 - 2017-11-04 02:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
      2017-06-23 17:39 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
      2017-06-23 17:39 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
      2017-06-23 17:39 - 2017-12-15 20:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
      2017-06-23 17:39 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
      2017-06-23 17:39 - 2017-09-07 03:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
      2017-06-23 17:39 - 2017-10-31 05:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
      2017-06-23 17:39 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
      2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
      2017-06-23 16:47 - 2017-12-05 22:17 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
      2017-11-06 20:31 - 2017-11-06 20:31 - 000073384 _____ () D:\FileZilla FTP Client\fzshellext.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2017-03-18 22:03 - 2017-11-12 00:20 - 000002569 _____ C:\WINDOWS\system32\Drivers\etc\hosts

      127.0.0.1 activate.adobe.com
      127.0.0.1 practivate.adobe.com
      127.0.0.1 192.150.14.69
      127.0.0.1 192.150.18.101
      127.0.0.1 192.150.18.108
      127.0.0.1 192.150.22.40
      127.0.0.1 192.150.8.100
      127.0.0.1 192.150.8.118
      127.0.0.1 209-34-83-73.ood.opsource.net
      127.0.0.1 3dns-1.adobe.com
      127.0.0.1 3dns-2.adobe.com
      127.0.0.1 3dns-3.adobe.com
      127.0.0.1 3dns-4.adobe.com
      127.0.0.1 3dns.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 activate.wip.adobe.com
      127.0.0.1 activate.wip1.adobe.com
      127.0.0.1 activate.wip2.adobe.com
      127.0.0.1 activate.wip3.adobe.com
      127.0.0.1 activate.wip4.adobe.com
      127.0.0.1 adobe-dns-1.adobe.com
      127.0.0.1 adobe-dns-2.adobe.com
      127.0.0.1 adobe-dns-3.adobe.com
      127.0.0.1 adobe-dns-4.adobe.com
      127.0.0.1 adobe-dns.adobe.com
      127.0.0.1 adobe.activate.com
      127.0.0.1 adobeereg.com
      127.0.0.1 crl.verisign.net
      127.0.0.1 CRL.VERISIGN.NET.*

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alchemyst\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
      DNS Servers: 80.58.61.250 - 80.58.61.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==


      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [TCP Query User{F8628839-278B-4B56-96ED-C5E52482DA81}C:\hearthstone\hearthstone.exe] => (Allow) C:\hearthstone\hearthstone.exe
      FirewallRules: [UDP Query User{7758228D-1289-4AA9-8D85-D2516141448E}C:\hearthstone\hearthstone.exe] => (Allow) C:\hearthstone\hearthstone.exe
      FirewallRules: [{F3F2D420-2845-48B6-A6CB-B4886435826B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{57E85ED5-E019-4ADF-A816-FD6F5123D729}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{B883C857-C573-4960-A595-52C4A64A4A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{CE03EF63-0F16-4962-83DD-08C20601317C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{225A118C-0AEE-4BDF-81AD-7EE11EF4FE40}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{1F0C22CF-05AC-4230-94DC-2F8F5B24B2D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{1992AA26-4121-4FA8-97C2-6A8DED481A61}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{28635BB7-3BA0-404C-B87C-8FF7FABD1EA2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{393BAA2B-68E8-4AE8-AD18-63A9822AB031}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{9CEE060B-EDE4-4038-A860-76534E90A648}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{0C94D9C8-5784-43E7-9FAB-DA9B5C5F074E}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{8187DFDE-BE0B-4219-969C-663518D52757}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{A46AC262-8252-41D0-B79C-389755AB1ABE}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{C7888F64-14F3-4AFD-875F-C4F13B55C620}] => (Allow) C:\Users\Alchemyst\AppData\Roaming\uTorrent\uTorrent.exe
      FirewallRules: [{A46F4A87-634A-48C1-BA68-F0EE1E3F1A2D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{99971908-769D-40D3-B1DE-BC31A415FB95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
      FirewallRules: [{3E1D1640-5C41-4B5D-8A34-6235AA11B42A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [{DBA29096-CFBC-4F9D-A377-F47AFA3DB1DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      FirewallRules: [TCP Query User{88F3FECA-3731-4211-AAB1-E07C9275242E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
      FirewallRules: [UDP Query User{CAB369D2-8421-44AA-A6B8-801C1D9FFCD2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
      FirewallRules: [TCP Query User{3FB49430-05C4-423A-9534-415BB0064065}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
      FirewallRules: [UDP Query User{AAD90EE4-9B97-49A0-80FB-290E0A120F97}C:\program files (x86)\warcraft iii\warcraft iii.exe] => (Allow) C:\program files (x86)\warcraft iii\warcraft iii.exe
      FirewallRules: [TCP Query User{5620DC0E-2A72-4D70-AD43-D7F8897EA899}C:\users\alchemyst\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alchemyst\appdata\roaming\spotify\spotify.exe
      FirewallRules: [UDP Query User{92F1E8AE-5DE2-42CA-9441-62E96EBBAE44}C:\users\alchemyst\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alchemyst\appdata\roaming\spotify\spotify.exe
      FirewallRules: [TCP Query User{AFCC36BC-567B-40BE-A3E6-35527F8307AD}C:\overwatch\overwatch.exe] => (Allow) C:\overwatch\overwatch.exe
      FirewallRules: [UDP Query User{430E2979-D034-42DB-BB6F-B79796A54CBF}C:\overwatch\overwatch.exe] => (Allow) C:\overwatch\overwatch.exe
      FirewallRules: [{3783F076-1009-4310-B824-3CD1710DFEFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{8CFA024B-E741-425C-BA00-83D452F4547A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{A2A0A77A-8678-4443-AED6-F9CEB6A2F732}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{84D51F1F-F261-4AB8-8E18-4CED5BC2D53D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{2DD10105-438C-43E8-90EC-B98E0252781F}] => (Allow) D:\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
      FirewallRules: [{85B96598-64A8-411F-A4C2-EA57099A77BD}] => (Allow) D:\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
      FirewallRules: [TCP Query User{49E50CA9-C606-4F00-B0C7-2E514BCE793B}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
      FirewallRules: [UDP Query User{566D3954-ABEE-475B-B424-EC56EA298BE5}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
      FirewallRules: [TCP Query User{7A1CC085-96BA-403B-90E4-EBEF63F743B9}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
      FirewallRules: [UDP Query User{BD809714-BDD0-4411-B499-8D29B419D601}C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
      FirewallRules: [{B0BCD866-EBCB-4FEC-8EB0-A55A656FF880}] => (Allow) D:\Program Files\iTunes\iTunes.exe
      FirewallRules: [{AF8DDE84-8ACB-4497-A901-BEB290710496}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
      FirewallRules: [{3FF6D361-EE92-4E36-8C42-F608073D64E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
      FirewallRules: [{CB741F3F-8822-494F-B9A3-D34629506372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
      FirewallRules: [{B5EC2614-4529-4F5F-B6E7-BC68AD10C2BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
      FirewallRules: [TCP Query User{0B726CB8-80A6-4EA5-9BC3-EE729F7D5EB9}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
      FirewallRules: [UDP Query User{D020AB04-7985-48CF-A6EB-DE75D2827BB0}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
      FirewallRules: [{E1AC8A5F-0C1E-4C33-AF14-97162B162A7A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      FirewallRules: [{89966040-76F6-455D-BE8E-F97BB514ADBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{A47D3A73-0C40-4091-88E4-A701C1BFB7DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      FirewallRules: [{444DA459-3C51-4BAA-8F81-728F5099A1BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
      FirewallRules: [{652961B8-256C-4BC6-A6A7-925683A0779F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
      FirewallRules: [TCP Query User{5D120CE1-DBFF-46DD-900F-E0DFAEAEC768}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
      FirewallRules: [UDP Query User{6D141EF7-BB50-4292-BB5C-4522304D3AAD}C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe

      ==================== Restore Points =========================

      09-12-2017 15:58:52 Punto de control programado
      15-12-2017 11:04:17 Windows Update
      15-12-2017 11:04:43 Windows Update
      15-12-2017 11:14:48 A 15-12-17
      15-12-2017 16:33:45 megda despues de
      16-12-2017 18:34:12 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============

      Name: Dispositivo USB desconocido (Error de solicitud de descriptor de dispositivo)
      Description: Dispositivo USB desconocido (Error de solicitud de descriptor de dispositivo)
      Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
      Manufacturer: (Controladora de host USB estándar)
      Service:
      Problem: : Windows has stopped this device because it has reported problems. (Code 43)
      Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/19/2017 07:04:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledSPRetry 15438

      Error: (12/19/2017 07:04:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: m->NextScheduledEvent 15438

      Error: (12/19/2017 07:04:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
      Description: Task Scheduling Error: Continuously busy for more than a second

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "WmiApRpl" en el archivo DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1023) (User: )
      Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

      Error: (12/15/2017 01:58:20 PM) (Source: PerfNet) (EventID: 2004) (User: )
      Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "MSDTC" en el archivo DLL "C:\WINDOWS\system32\msdtcuiu.DLL". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "Lsa" en el archivo DLL "C:\Windows\System32\Secur32.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio "ESENT" en el archivo DLL "C:\WINDOWS\system32\esentprf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

      Error: (12/15/2017 01:58:20 PM) (Source: Perflib) (EventID: 1008) (User: )
      Description: Error del procedimiento de apertura para el servicio ".NETFramework" en el archivo DLL "C:\WINDOWS\system32\mscoree.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.


      System errors:
      =============
      Error: (12/19/2017 04:24:19 PM) (Source: bowser) (EventID: 8003) (User: )
      Description: El explorador maestro recibió una notificación del equipo NATALIA-PC
      que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{F851BC7B-8089-431F-B31A-17DCC6809C40}.
      El explorador maestro está detenido o se está forzando una elección.

      Error: (12/19/2017 04:18:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      y APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

      Error: (12/19/2017 03:34:46 PM) (Source: bowser) (EventID: 8003) (User: )
      Description: El explorador maestro recibió una notificación del equipo NATALIA-PC
      que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{F851BC7B-8089-431F-B31A-17DCC6809C40}.
      El explorador maestro está detenido o se está forzando una elección.

      Error: (12/19/2017 03:14:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BMHDI9)
      Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

      Error: (12/19/2017 0346 PM) (Source: bowser) (EventID: 8003) (User: )
      Description: El explorador maestro recibió una notificación del equipo NATALIA-PC
      que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{F851BC7B-8089-431F-B31A-17DCC6809C40}.
      El explorador maestro está detenido o se está forzando una elección.

      Error: (12/19/2017 01:34:44 PM) (Source: bowser) (EventID: 8003) (User: )
      Description: El explorador maestro recibió una notificación del equipo NATALIA-PC
      que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{F851BC7B-8089-431F-B31A-17DCC6809C40}.
      El explorador maestro está detenido o se está forzando una elección.

      Error: (12/16/2017 06:34:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio NVIDIA LocalSystem Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

      Error: (12/16/2017 06:34:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: El servicio NVIDIA Display Container LS terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

      Error: (12/16/2017 12:48:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio Steam Client Service no pudo iniciarse debido al siguiente error:
      El servicio no respondió a tiempo a la solicitud de inicio o de control.

      Error: (12/16/2017 12:48:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.


      CodeIntegrity:
      ===================================
      Date: 2017-12-16 06:01:08.248
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 06:01:08.243
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 06:01:08.237
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 06:01:08.231
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 06:01:08.226
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 05:53:10.448
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 05:53:10.443
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 05:53:10.438
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 05:53:10.433
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

      Date: 2017-12-16 05:48:10.454
      Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.108.210.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
      Percentage of memory in use: 16%
      Total physical RAM: 24567.08 MB
      Available physical RAM: 20588.25 MB
      Total Virtual: 28151.08 MB
      Available Virtual: 23932.09 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:465.32 GB) (Free:189.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
      Drive d: () (Fixed) (Total:931.51 GB) (Free:164.85 GB) NTFS
      Drive f: (Velociraptor) (Fixed) (Total:279.46 GB) (Free:36.45 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (Size: 465.8 GB) (Disk ID: 778BA3F8)
      Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 1284E56D)
      Partition 1: (Active) - (Size=279.5 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 33224DD0)
      Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    8. #8
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Posible virus PUP.Optional.Funmoods

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKLM-x32\...\Run: [] => [X]
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-11-12] [Legacy] [not signed]
      CHR Extension: (Presentaciones) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Web Developer) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-03]
      CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-12-19]
      CHR Extension: (Chrome Media Router) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11]
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000000 _____ () C:\Users\Alchemyst\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000016 _____ () C:\Users\Alchemyst\AppData\Local\Temp\21e674addc1d437eb77a231a358d9c2c.dll 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de zenmen
      Registrado
      ene 2009
      Ubicación
      Madrid, España
      Mensajes
      75

      Re: Posible virus PUP.Optional.Funmoods

      Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
      Ran by Alchemyst (21-12-2017 05:07:29) Run:1
      Running from C:\Users\Alchemyst\Desktop
      Loaded Profiles: Alchemyst (Available Profiles: Alchemyst)
      Boot Mode: Safe Mode (with Networking)
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      HKLM-x32\...\Run: [] => [X]
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-11-12] [Legacy] [not signed]
      CHR Extension: (Presentaciones) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Documentos) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Web Developer) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-03]
      CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-12-19]
      CHR Extension: (Chrome Media Router) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11]
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000000 _____ () C:\Users\Alchemyst\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-16 06:00 - 2017-12-17 03:17 - 000000016 _____ () C:\Users\Alchemyst\AppData\Local\Temp\21e674addc1d437eb77a231a358d9c2c.dll

      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      *****************

      Error: Restore point can only be created in normal mode.
      Processes closed successfully.
      HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
      C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn => moved successfully
      CHR Extension: (Presentaciones) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Documentos) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] => Error: No automatic fix found for this entry.
      CHR Extension: (Web Developer) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-03] => Error: No automatic fix found for this entry.
      CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-12-19] => Error: No automatic fix found for this entry.
      CHR Extension: (Chrome Media Router) - C:\Users\Alchemyst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11] => Error: No automatic fix found for this entry.
      C:\Users\Alchemyst\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll => moved successfully
      C:\Users\Alchemyst\AppData\Local\Temp\21e674addc1d437eb77a231a358d9c2c.dll => moved successfully

      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
      est‚n desconectados.

      Adaptador de Ethernet Ethernet:

      Sufijo DNS espec¡fico para la conexi¢n. . :


      Adaptador de Ethernet Ethernet 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= bitsadmin /reset /allusers =========


      BITSADMIN version 3.0
      BITS administration utility.
      (C) Copyright 2000-2006 Microsoft Corp.

      BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
      Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

      Unable to connect to BITS - 0x8007043c
      El servicio no puede iniciarse en modo a prueba de errores



      ========= End of CMD: =========


      ========= RemoveProxy: =========

      HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
      HKU\S-1-5-21-1650804611-1913954991-3436895043-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 10510336 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68171937 B
      Java, Flash, Steam htmlcache => 343295645 B
      Windows/system/drivers => 39439 B
      Edge => 9728 B
      Chrome => 446676505 B
      Firefox => 0 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      Users => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 128 B
      systemprofile32 => 128 B
      LocalService => 1650 B
      NetworkService => 0 B
      Alchemyst => 179992742 B

      RecycleBin => 0 B
      EmptyTemp: => 1000.1 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 05:07:41 ====

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: Posible virus PUP.Optional.Funmoods

      Hola

      Como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo