Scan results of Farbar Restoration Scan Device (FRST) (x64) Model: 26-12-2017
Ran by administrator (administrator) on ALFA (27-12-2017 13:10:29)
Working from C:UsersadministratorDownloads
Loaded Profiles: administrator (Accessible Profiles: administrator)
Platform: Home windows Server 2016 Normal (X64) Language: Español (España, internacional)
Web Explorer Model 11 (Default browser: Chrome)
Boot Mode: Regular
==================== Processes (Whitelisted) =================
(If an entry is included within the fixlist, the method shall be closed. The file won’t be moved.)
(Code Sector) C:Program FilesTeraCopyTeraCopyService.exe
(Avast Software program s.r.o.) C:Program FilesAVAST SoftwareAvast BusinessAvastSvc.exe
(Hewlett-Packard Firm) C:Program FilesHewlett-PackardAMSserviceHpAmsStor.exe
(Microsoft Company) C:WindowsSystem32ismserv.exe
(Hewlett-Packard Firm) C:Program FilesHewlett-PackardiLO 3serviceProLiantMonitor.exe
(Microsoft Company) C:WindowsSystem32dfsrs.exe
(Hewlett Packard Enterprise Improvement LP) C:Program FilesHewlett-PackardAMSservicehpqams.exe
(Microsoft Company) C:Program FilesWindows DefenderMsMpEng.exe
(Microsoft Company) C:WindowsADWSMicrosoft.ActiveDirectory.WebServices.exe
(Microsoft Company) C:WindowsSystem32dns.exe
(Microsoft Company) C:WindowsSystem32dfssvc.exe
(Microsoft Company) C:WindowsSystem32ntfrs.exe
(Microsoft Company) C:WindowsSystem32vds.exe
(Ammyy LLC) C:UsersadministratorDesktopAA_v3.exe
(Google Inc.) C:Program Information (x86)GoogleUpdate1.3.33.7GoogleCrashHandler.exe
(Google Inc.) C:Program Information (x86)GoogleUpdate1.3.33.7GoogleCrashHandler64.exe
(Acronis) C:Program Information (x86)Frequent FilesAcronisSchedule2schedhlp.exe
() C:Program Information (x86)GoogleDrivegoogledrivesync.exe
(Avast Software program s.r.o.) C:Program FilesAVAST SoftwareAvast BusinessAvastUI.exe
() C:Program Information (x86)GoogleDrivegoogledrivesync.exe
(Luis Cobian, CobianSoft) C:Program Information (x86)Cobian Backup 11cbService.exe
(Luis Cobian, CobianSoft) C:Program Information (x86)Cobian Backup 11cbInterface.exe
(CobianSoft, Luis Cobian) C:Program Information (x86)Cobian Backup 11cbVSCService11.exe
(Emsisoft Ltd) C:Program FilesEmsisoft Anti-Malwarea2service.exe
(Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Information (x86)GoogleChromeApplicationchrome.exe
(Microsoft Company) C:Program FilesWindows DefenderMpCmdRun.exe
(Microsoft Company) C:WindowsSystem32dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included within the fixlist, the registry merchandise shall be restored to default or eliminated. The file won’t be moved.)
“Path” (%SystemRootpercentsystem32;%SystemRoot%;%SystemRootpercentSystem32Wbem;%SYSTEMROOTpercentSystem32WindowsPowerShellv1.0 -> %SystemRootpercentsystem32;%SystemRoot%;%SystemRootpercentSystem32Wbem;%SYSTEMROOTpercentSystem32WindowsPowerShellv1.0) <==== Repaired efficiently
HKLM…Run: [QLogicSaveSystemInfo] => rundll32.exe qlco10011.dll,QLSaveSystemInfo
HKLM…Run: [Acronis Scheduler2 Service] => C:Program Information (x86)Frequent FilesAcronisSchedule2schedhlp.exe [392072 2012-10-12] (Acronis)
HKLM…Run: [emsisoft anti-malware] => c:program filesemsisoft anti-malwarea2guard.exe [8850344 2017-11-29] (Emsisoft Ltd)
HKLM-x32…Run: [avast] => C:Program FilesAVAST SoftwareAvast BusinessavastUI.exe [4770952 2016-10-24] (Avast Software program s.r.o.)
HKLM-x32…Run: [C:12090629546howtodecryptaesfiles.txt] => C:12090629546howtodecryptaesfiles.txt
HKLM-x32…Run: [Cobian Backup 11 interface] => C:Program Information (x86)Cobian Backup 11cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM…PoliciesExplorer: [ShowSuperHidden] 1
HKUS-1-5-21-4017227460-457275624-4033542720-500…Run: [GoogleDriveSync] => C:Program Information (x86)GoogleDrivegoogledrivesync.exe [41061856 2017-11-20] ()
Lsa: [Notification Packages] rassfm scecli
SecurityProviders: pwdssp.dll, credssp.dll
BootExecute: autocheck autochk /q /v *
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyUser: Restriction <==== ATTENTION
==================== Web (Whitelisted) ====================
(If an merchandise is included within the fixlist, if it’s a registry merchandise it is going to be eliminated or restored to default.)
Tcpip..Interfaces{ca96c418-fb49-4ae9-9db3-75f1eee47840}: [NameServer] 192.168.10.251,127.0.0.1
Web Explorer:
==================
HKUS-1-5-21-4017227460-457275624-4033542720-500SoftwareMicrosoftInternet ExplorerMain,Begin Web page = res://iesetup.dll/HardAdmin.htm
FireFox:
========
FF Plugin-x32: @instruments.google.com/Google Replace;model=3 -> C:Program Information (x86)GoogleUpdate1.3.33.7npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @instruments.google.com/Google Replace;model=9 -> C:Program Information (x86)GoogleUpdate1.3.33.7npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
Chrome:
=======
CHR Profile: C:UsersadministratorAppDataLocalGoogleChromeUser DataDefault [2017-12-27]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2017-11-22]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2017-11-22]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2017-02-15]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2017-11-22]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-15]
CHR Extension: (Software Launcher for Drive (by Google)) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionslmjegmlicamnimmfhcmpkclmigmmcbeh [2017-07-26]
CHR Extension: (Chrome Internet Retailer Funds) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2017-10-10]
CHR Extension: (No Identify) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
CHR Extension: (Chrome Media Router) – C:UsersadministratorAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-18]
CHR HKUS-1-5-21-4017227460-457275624-4033542720-500SOFTWAREGoogleChromeExtensions…ChromeExtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] – hxxps://clients2.google.com/service/update2/crx
==================== Providers (Whitelisted) ====================
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
R2 a2AntiMalware; C:Program FilesEmsisoft Anti-Malwarea2service.exe [9216648 2017-11-29] (Emsisoft Ltd)
R2 ADWS; C:WindowsADWSMicrosoft.ActiveDirectory.WebServices.exe [465920 2017-02-08] (Microsoft Company)
S2 AmmyyAdmin; C:UsersadministratorDesktopAA_v3.exe [773624 2017-05-17] (Ammyy LLC)
R2 avast! Antivirus; C:Program FilesAVAST SoftwareAvast BusinessAvastSvc.exe [54344 2016-10-24] (Avast Software program s.r.o.)
R2 cbVSCService11; C:Program Information (x86)Cobian Backup 11cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:Program Information (x86)Cobian Backup 11cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 Dfs; C:Windowssystem32dfssvc.exe [454144 2017-02-08] (Microsoft Company)
R2 DFSR; C:Windowssystem32DFSRs.exe [3887104 2017-03-04] (Microsoft Company)
R2 DNS; C:Windowssystem32dns.exe [2078720 2016-09-15] (Microsoft Company)
S3 DsRoleSvc; C:Windowssystem32dsrolesrv.dll [293376 2017-02-08] (Microsoft Company)
R2 HpAmsStor; C:Program FilesHewlett-PackardAMSserviceHpAmsStor.exe [15248 2015-11-10] (Hewlett-Packard Firm)
R2 hpqams; C:Program FilesHewlett-PackardAMSservicehpqams.exe [560528 2015-11-10] (Hewlett Packard Enterprise Improvement LP)
R2 IsmServ; C:WindowsSystem32ismserv.exe [69120 2017-02-08] (Microsoft Company)
R2 Kdc; C:Windowssystem32kdcsvc.dll [564224 2017-03-04] (Microsoft Company)
S3 KdsSvc; C:Windowssystem32KdsSvc.dll [37888 2017-02-08] (Microsoft Company)
S3 KPSSVC; C:Windowssystem32kpssvc.dll [177152 2016-07-16] (Microsoft Company)
S3 MaxSyncUpService; C:Program Information (x86)MaxSyncUpmsusvc.exe [2340080 2017-05-30] (@MAX Software program)
R2 MBAMService; C:Program FilesMalwarebytesAnti-Malwarembamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NTDS; C:Windowssystem32ntdsa.dll [95744 2016-08-06] (Microsoft Company)
R2 NtFrs; C:Windowssystem32ntfrs.exe [1002496 2017-02-08] (Microsoft Company)
R2 ProLiantMonitor; C:Program FilesHewlett-PackardiLO 3serviceProLiantMonitor.exe [259984 2015-02-09] (Hewlett-Packard Firm)
S3 RSoPProv; C:Windowssystem32RSoPProv.exe [97280 2016-07-16] (Microsoft Company)
S3 RSoPProv; C:WindowsSysWOW64RSoPProv.exe [83968 2016-07-16] (Microsoft Company)
S3 sacsvr; C:Windowssystem32sacsvr.dll [16896 2016-07-16] (Microsoft Company)
R2 sysdown; C:Program FilesHewlett-PackardiLO 3serviceProLiantMonitor.exe [259984 2015-02-09] (Hewlett-Packard Firm)
R2 TeraCopyService; C:Program FilesTeraCopyTeraCopyService.exe [110416 2017-05-05] (Code Sector)
R2 UALSVC; C:WindowsSystem32ualsvc.dll [261120 2016-07-16] (Microsoft Company)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [347328 2016-07-16] (Microsoft Company)
R2 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103712 2017-03-04] (Microsoft Company)
===================== Drivers (Whitelisted) ======================
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
R2 aswMonFlt; C:Windowssystem32driversaswMonFlt.sys [90344 2016-10-24] (Avast Software program s.r.o.)
R1 aswRdr; C:WindowsSystem32Driversaswrdr2.sys [80376 2016-10-24] (Avast Software program s.r.o.)
R0 aswRvrt; C:WindowsSystem32DriversaswRvrt.sys [74680 2016-10-24] ()
R1 aswSnx; C:WindowsSystem32DriversaswSnx.sys [1053392 2016-10-24] (Avast Software program s.r.o.)
R1 aswSP; C:WindowsSystem32DriversaswSP.sys [441944 2016-10-24] (Avast Software program s.r.o.)
R1 aswTdi; C:WindowsSystem32DriversaswTdi.sys [78264 2016-10-24] (Avast Software program s.r.o.)
S3 aswVmm; C:WindowsSystem32DriversaswVmm.sys [292840 2016-10-24] ()
S0 bfad; C:WindowsSystem32driversbfad.sys [1964296 2014-09-29] (QLogic Company)
S0 bfadfcoei; C:WindowsSystem32driversbfadfcoei.sys [2279264 2016-07-16] (QLogic Company)
S0 bfadi; C:WindowsSystem32driversbfadi.sys [2279264 2016-07-16] (QLogic Company)
S0 bfad_up; C:WindowsSystem32driversbfad_up.sys [17160 2014-09-29] (QLogic Company)
S0 bxfcoe; C:WindowsSystem32driversbxfcoe.sys [205152 2016-07-16] (QLogic Company)
S0 bxois; C:WindowsSystem32driversbxois.sys [536416 2016-07-16] (QLogic Company)
R1 DfsDriver; C:WindowsSystem32driversdfs.sys [55648 2017-02-08] (Microsoft Company)
R0 DfsrRo; C:WindowsSystem32driversdfsrro.sys [67424 2017-02-08] (Microsoft Company)
S0 elxfcoe; C:WindowsSystem32driverselxfcoe.sys [758624 2016-07-16] (Emulex)
R1 epp; C:PROGRAM FILESEMSISOFT ANTI-MALWAREepp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:Windowssystem32driversmbae64.sys [77432 2017-11-29] ()
R0 HPpSA; C:WindowsSystem32driversHPpSA.sys [32440 2015-11-17] (PMC-Sierra Firm)
R3 hpqilo3chif; C:Windowssystem32DRIVERShpqilo3chif.sys [43920 2013-11-23] (Hewlett-Packard Firm)
R3 hpqilo3core; C:WindowsSystem32drivershpqilo3core.sys [47384 2013-05-22] (Hewlett-Packard Firm)
R0 hpqilo3whea; C:WindowsSystem32DRIVERShpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Firm)
S0 HPSA2; C:WindowsSystem32driversHPSA2.sys [173456 2015-08-20] (Hewlett-Packard Firm)
R0 HPSA3; C:WindowsSystem32driversHPSA3.sys [180408 2015-11-17] (PMC-Sierra Firm)
S3 IPsecGW; C:WindowsSystem32driversipsecgw.sys [18432 2016-07-16] (Microsoft Company)
S1 isiigddb; C:Windowssystem32driversisiigddb.sys [72816 2017-12-16] (Microsoft Company)
R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [193968 2017-12-16] (Malwarebytes)
R3 MBAMFarflt; C:Windowssystem32DRIVERSfarflt.sys [110016 2017-12-16] (Malwarebytes)
R3 MBAMProtection; C:Windowssystem32DRIVERSmbam.sys [46008 2017-12-16] (Malwarebytes)
R0 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [253880 2017-12-16] (Malwarebytes)
R3 MBAMWebProtection; C:Windowssystem32DRIVERSmwac.sys [94144 2017-12-27] (Malwarebytes)
R1 MpKslabc00e18; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{28A42F52-5F3E-47F5-9BB2-4F0BF5BFCDCC}MpKslabc00e18.sys [58120 2017-12-26] (Microsoft Company)
S3 MsLbfoProvider; C:WindowsSystem32driversMsLbfoProvider.sys [121344 2016-07-16] (Microsoft Company)
S0 ql2300i; C:WindowsSystem32driversql2300i.sys [1632608 2016-07-16] (QLogic Company)
S0 ql40xx2i; C:WindowsSystem32driversql40xx2i.sys [475488 2016-07-16] (QLogic Company)
S0 qlfcoe; C:WindowsSystem32driversqlfcoe.sys [1357064 2015-03-24] (QLogic Company)
S0 qlfcoei; C:WindowsSystem32driversqlfcoei.sys [1300320 2016-07-16] (QLogic Company)
S3 RasGre; C:WindowsSystem32driversrasgre.sys [45056 2016-07-16] (Microsoft Company)
S0 sacdrv; C:WindowsSystem32DRIVERSsacdrv.sys [95072 2016-09-15] (Microsoft Company)
S3 smbdirect; C:WindowsSystem32DRIVERSsmbdirect.sys [159232 2016-09-15] (Microsoft Company)
S0 WdBoot; C:WindowsSystem32driversWdBoot.sys [44056 2016-07-16] (Microsoft Company)
R0 WdFilter; C:WindowsSystem32driversWdFilter.sys [290144 2016-07-16] (Microsoft Company)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [123232 2016-07-16] (Microsoft Company)
R1 ZAM; C:WindowsSystem32driverszam64.sys [203680 2017-12-17] (Zemana Ltd.)
R1 ZAM_Guard; C:WindowsSystem32driverszamguard64.sys [203680 2017-12-17] (Zemana Ltd.)
S3 vwifibus; SystemRootSystem32driversvwifibus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
NETSVC: sacsvr -> C:Windowssystem32sacsvr.dll (Microsoft Company)
==================== One Month Created recordsdata and folders ========
(If an entry is included within the fixlist, the file/folder shall be moved.)
2017-12-27 13:10 – 2017-12-27 13:11 – 000015715 _____ C:UsersadministratorDownloadsFRST.txt
2017-12-27 13:09 – 2017-12-27 13:09 – 000000000 ____D C:UsersadministratorDownloadsFRST-OlderVersion
2017-12-22 11:07 – 2017-12-27 13:10 – 000000000 ____D C:FRST
2017-12-22 11:06 – 2017-12-27 13:09 – 002391552 _____ (Farbar) C:UsersadministratorDownloadsFRST64.exe
2017-12-21 02:21 – 2017-12-21 02:21 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-003
2017-12-21 01:51 – 2017-12-21 01:51 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-001
2017-12-21 01:47 – 2017-12-21 01:47 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-002
2017-12-21 01:44 – 2017-12-21 01:44 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-004
2017-12-21 01:42 – 2017-12-21 01:42 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-006
2017-12-21 01:40 – 2017-12-21 01:40 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-005
2017-12-21 01:39 – 2017-12-21 01:39 – 000000000 ____D C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-007
2017-12-21 01:39 – 2017-12-21 01:39 – 000000000 ____D C:UsersadministratorDownloadscontrolsalud-20171220T210156Z-001
2017-12-20 18:17 – 2017-12-20 19:52 – 1387098212 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-001.zip
2017-12-20 18:17 – 2017-12-20 19:50 – 1215464476 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-002.zip
2017-12-20 18:17 – 2017-12-20 19:48 – 1161162502 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-003.zip
2017-12-20 18:17 – 2017-12-20 19:45 – 1098453796 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-004.zip
2017-12-20 18:17 – 2017-12-20 19:36 – 934886682 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-006.zip
2017-12-20 18:17 – 2017-12-20 19:22 – 721786001 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-005.zip
2017-12-20 18:17 – 2017-12-20 18:42 – 251871437 _____ C:UsersadministratorDownloadsSATI-Q-20171220T210443Z-007.zip
2017-12-20 18:02 – 2017-12-20 18:03 – 085306491 _____ C:UsersadministratorDownloadscontrolsalud-20171220T210156Z-001.zip
2017-12-19 11:18 – 2017-12-19 11:20 – 000000000 ____D C:Program FilesRecuva
2017-12-19 11:18 – 2017-12-19 11:18 – 000003938 _____ C:WindowsSystem32TasksCCleaner Replace
2017-12-19 11:18 – 2017-12-19 11:18 – 000002870 _____ C:WindowsSystem32TasksCCleanerSkipUAC
2017-12-19 11:18 – 2017-12-19 11:18 – 000001699 _____ C:UsersPublicDesktopRecuva.lnk
2017-12-19 11:18 – 2017-12-19 11:18 – 000000863 _____ C:UsersPublicDesktopCCleaner.lnk
2017-12-19 11:18 – 2017-12-19 11:18 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRecuva
2017-12-19 11:18 – 2017-12-19 11:18 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner
2017-12-19 11:18 – 2017-12-19 11:18 – 000000000 ____D C:Program FilesCCleaner
2017-12-19 11:16 – 2017-12-19 11:17 – 005562976 _____ (Piriform Ltd) C:UsersadministratorDownloadsrcsetup153.exe
2017-12-18 15:12 – 2017-12-18 15:12 – 000000000 ____D C:UsersadministratorAppDataLocalFSDART
2017-12-18 15:11 – 2017-12-18 15:18 – 000000000 ____D C:ProgramDataF-Safe
2017-12-18 15:11 – 2017-12-18 15:11 – 000524248 _____ (F-Safe Company) C:UsersadministratorDownloadsF-SecureOnlineScanner.exe
2017-12-18 15:11 – 2017-12-18 15:11 – 000000000 ____D C:UsersadministratorAppDataLocalF-Safe
2017-12-18 15:10 – 2017-12-18 15:11 – 000000459 _____ C:Windowswininit.ini
2017-12-18 15:10 – 2017-12-18 15:10 – 000000000 ____D C:ProgramDataMcAfee Safety Scan
2017-12-18 15:10 – 2017-12-18 15:10 – 000000000 ____D C:ProgramDataMcAfee
2017-12-18 15:09 – 2017-12-18 15:10 – 011026328 _____ (McAfee, Inc.) C:UsersadministratorDownloadsSecurityScan_Release.exe
2017-12-18 10:25 – 2017-12-18 10:25 – 000000000 ____D C:UsersadministratorAppDataLocalESET
2017-12-18 10:24 – 2017-12-18 10:24 – 006968952 _____ (ESET spol. s r.o.) C:UsersadministratorDownloadsesetonlinescanner_enu.exe
2017-12-17 10:20 – 2017-12-18 10:21 – 000000000 ____D C:ProgramDataHitmanPro
2017-12-17 10:20 – 2017-12-17 10:21 – 011584088 _____ (SurfRight B.V.) C:UsersadministratorDownloadsHitmanPro_x64.exe
2017-12-17 10:19 – 2017-12-17 10:19 – 011024040 _____ (SurfRight B.V.) C:UsersadministratorDownloadsHitmanPro.exe
2017-12-17 02:25 – 2017-12-17 02:25 – 000028272 _____ C:Windowssystem32DriversTrueSight.sys
2017-12-17 02:24 – 2017-12-17 10:18 – 000000000 ____D C:ProgramDataRogueKiller
2017-12-17 02:24 – 2017-12-17 02:24 – 026867784 _____ (Adlice Software program) C:UsersadministratorDownloadsRogueKiller_portable64.exe
2017-12-17 01:35 – 2017-12-27 13:11 – 015797688 _____ C:WindowsZAM_Guard.krnl.hint
2017-12-17 01:35 – 2017-12-27 13:11 – 015049496 _____ C:WindowsZAM.krnl.hint
2017-12-17 01:35 – 2017-12-17 01:35 – 000203680 _____ (Zemana Ltd.) C:Windowssystem32Driverszamguard64.sys
2017-12-17 01:35 – 2017-12-17 01:35 – 000203680 _____ (Zemana Ltd.) C:Windowssystem32Driverszam64.sys
2017-12-17 01:35 – 2017-12-17 01:35 – 000000000 ____D C:UsersadministratorAppDataLocalZemana
2017-12-17 01:34 – 2017-12-17 01:35 – 015808656 _____ (Copyright 2017.) C:UsersadministratorDownloadsZemana.AntiMalware.Moveable (1).exe
2017-12-17 00:23 – 2017-12-17 00:24 – 015808656 _____ (Copyright 2017.) C:UsersadministratorDownloadsZemana.AntiMalware.Moveable.exe
2017-12-17 00:20 – 2017-12-17 00:20 – 000002205 _____ C:UsersadministratorDesktopmalwarebytes.txt
2017-12-16 22:43 – 2017-12-27 11:46 – 000094144 _____ (Malwarebytes) C:Windowssystem32Driversmwac.sys
2017-12-16 22:43 – 2017-12-16 22:43 – 000193968 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys
2017-12-16 22:43 – 2017-12-16 22:43 – 000110016 _____ (Malwarebytes) C:Windowssystem32Driversfarflt.sys
2017-12-16 22:43 – 2017-12-16 22:43 – 000046008 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys
2017-12-16 22:42 – 2017-12-16 22:42 – 000253880 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys
2017-12-16 22:42 – 2017-12-16 22:42 – 000001912 _____ C:UsersPublicDesktopMalwarebytes.lnk
2017-12-16 22:42 – 2017-12-16 22:42 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes
2017-12-16 22:42 – 2017-12-16 22:42 – 000000000 ____D C:ProgramDataMalwarebytes
2017-12-16 22:42 – 2017-12-16 22:42 – 000000000 ____D C:Program FilesMalwarebytes
2017-12-16 22:42 – 2017-11-29 09:11 – 000077432 _____ C:Windowssystem32Driversmbae64.sys
2017-12-16 22:40 – 2017-12-16 22:41 – 083316440 _____ (Malwarebytes ) C:UsersadministratorDownloadsmb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-16 18:58 – 2017-12-16 21:26 – 000000000 ____D C:ProgramDataEmsisoft
2017-12-16 18:57 – 2017-12-16 18:57 – 000000937 _____ C:UsersPublicDesktopEmsisoft Anti-Malware.lnk
2017-12-16 18:57 – 2017-12-16 18:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsEmsisoft Anti-Malware
2017-12-16 18:56 – 2017-12-27 13:00 – 000000000 ____D C:Program FilesEmsisoft Anti-Malware
2017-12-16 18:47 – 2017-12-16 18:52 – 253383016 _____ (Emsisoft Ltd. ) C:UsersadministratorDownloadsEmsisoftAntiMalwareSetup_bc.exe
2017-12-16 13:35 – 2017-12-16 13:35 – 000072816 _____ (Microsoft Company) C:Windowssystem32Driversisiigddb.sys
2017-12-14 15:36 – 2017-12-14 15:36 – 000000000 ____D C:WindowsSysWOW64XPSViewer
2017-12-14 15:35 – 2017-12-14 15:35 – 000000000 ____D C:Program FilesReference Assemblies
2017-12-14 15:35 – 2017-12-14 15:35 – 000000000 ____D C:Program FilesMSBuild
2017-12-14 15:35 – 2017-12-14 15:35 – 000000000 ____D C:Program Information (x86)Reference Assemblies
2017-12-14 15:35 – 2017-12-14 15:35 – 000000000 ____D C:Program Information (x86)MSBuild
2017-12-14 15:31 – 2016-05-25 11:03 – 000778936 _____ (Microsoft Company) C:WindowsSysWOW64PresentationNative_v0300.dll
2017-12-14 15:31 – 2016-05-25 11:03 – 000103120 _____ (Microsoft Company) C:WindowsSysWOW64PresentationCFFRasterizerNative_v0300.dll
2017-12-14 15:31 – 2016-05-25 11:03 – 000035480 _____ (Microsoft Company) C:WindowsSysWOW64TsWpfWrp.exe
2017-12-14 15:30 – 2016-05-25 14:31 – 001166520 _____ (Microsoft Company) C:Windowssystem32PresentationNative_v0300.dll
2017-12-14 15:30 – 2016-05-25 14:31 – 000124624 _____ (Microsoft Company) C:Windowssystem32PresentationCFFRasterizerNative_v0300.dll
2017-12-14 15:30 – 2016-05-25 14:31 – 000035480 _____ (Microsoft Company) C:Windowssystem32TsWpfWrp.exe
2017-12-14 15:26 – 2017-12-14 15:26 – 002869264 _____ (Microsoft Company) C:UsersadministratorDownloadsdotNetFx35setup.exe
2017-12-14 15:21 – 2017-12-14 15:21 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCobian Backup 11
2017-12-14 15:21 – 2017-12-14 15:21 – 000000000 ____D C:Program Information (x86)Cobian Backup 11
2017-12-14 15:19 – 2017-12-14 15:19 – 019709440 _____ (Luis Cobian, CobianSoft) C:UsersadministratorDownloadscbSetup.exe
2017-12-14 15:19 – 2017-12-14 15:19 – 000000000 ____D C:UsersadministratorDesktopServicios sospechosos
2017-12-14 14:47 – 2017-12-14 15:38 – 000003656 _____ C:WindowsSystem32TasksCreateExplorerShellUnelevatedTask
2017-12-14 14:36 – 2017-12-21 02:29 – 000000000 ____D C:UsersadministratorAppDataRoamingTeraCopy
2017-12-14 14:36 – 2017-12-14 14:36 – 000000000 ___HD C:UsersadministratorAppDataRoamingObsidium
2017-12-14 14:36 – 2017-12-14 14:36 – 000000000 ___HD C:Usersadministrator.obs32
2017-12-14 14:35 – 2017-12-14 14:35 – 000001725 _____ C:ProgramDataMicrosoftWindowsStart MenuTeraCopy.lnk
2017-12-14 14:35 – 2017-12-14 14:35 – 000000000 ____D C:Program FilesTeraCopy
2017-12-14 14:04 – 2017-12-14 14:05 – 000000000 ____D C:Share copia encriptada
2017-12-12 12:26 – 2017-12-14 13:06 – 000636278 _____ C:Windowsntbtlog.txt
2017-12-09 17:01 – 2017-12-12 12:46 – 000000371 _____ C:UsersPublicDesktopRDP PORT CHANGED.txt
2017-12-09 17:01 – 2017-12-12 12:46 – 000000371 _____ C:RDP PORT CHANGED.txt
2017-12-09 15:55 – 2017-12-09 15:55 – 000000162 _____ C:WindowsSysWOW64s3456784.txt
2017-12-09 06:30 – 2017-12-09 06:30 – 000000167 _____ C:UsersPublicDesktopOK_SNT.ntuser.dat.crashlog.txt
2017-12-09 06:29 – 2016-04-17 04:01 – 000000082 _____ C:WindowsSysWOW64decryptaesfiles.txt
2017-12-09 06:29 – 2016-02-03 18:38 – 000510456 _____ (Alexander Roshal) C:WindowsSysWOW64cfwin32.dll
2017-12-09 06:29 – 2013-01-09 07:26 – 000155736 _____ (Sysinternals) C:WindowsSysWOW64sdelete.dll
2017-12-06 12:52 – 2017-12-06 12:52 – 000000000 ____D C:Program FilesCommon Filesavast software program
2017-12-06 01:10 – 2017-12-06 01:10 – 001322120 _____ (Acronis) C:Windowssystem32Driverstib_mounter.sys
2017-12-06 00:29 – 2017-12-06 00:30 – 000000000 ____D C:UsersadministratorDownloadsAcronis
2017-12-06 00:23 – 2017-12-06 00:24 – 000000012 ____N C:UsersadministratorDesktopEventos de auditoria.txt
2017-12-05 14:27 – 2017-12-14 16:50 – 000000000 ____D C:ProgramDataAcronis
2017-12-05 13:48 – 2017-12-05 13:49 – 000000000 ____D C:UsersadministratorDownloadsAcronis.Backup.And.Restoration.Server.With.Common.Restore.v11.5.32266.ES.Incl.Serial
2017-12-05 13:47 – 2017-12-05 13:47 – 001381582 _____ (Igor Pavlov) C:UsersadministratorDownloads7z1604-x64.exe
2017-12-05 13:47 – 2017-12-05 13:47 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip
2017-12-05 13:47 – 2017-12-05 13:47 – 000000000 ____D C:Program Files7-Zip
2017-12-05 11:29 – 2017-12-05 11:29 – 000000000 ____D C:UsersadministratorAppDataLocalComms
2017-11-29 21:49 – 2017-11-30 02:11 – 943465172 _____ C:UsersadministratorDownloadsAcronis.Backup.And.Restoration.Server.With.Common.Restore.v11.5.32266.ES.Incl.Serial.rar
2017-11-29 13:48 – 2017-11-29 13:48 – 000000000 ____D C:UsersadministratorDownloadsNueva carpeta
==================== One Month Modified recordsdata and folders ========
(If an entry is included within the fixlist, the file/folder shall be moved.)
2017-12-27 13:10 – 2017-01-25 11:42 – 000072424 _____ C:Windowssystem32driverslist.csv
2017-12-26 20:00 – 2017-02-15 10:27 – 000000000 ____D C:WindowsNTDS
2017-12-17 03:20 – 2016-07-16 10:23 – 000000000 ____D C:Windowsrescache
2017-12-17 03:06 – 2017-01-25 11:44 – 002897042 _____ C:Windowssystem32PerfStringBackup.INI
2017-12-17 03:06 – 2016-09-12 08:25 – 001238820 _____ C:Windowssystem32perfh00A.dat
2017-12-17 03:06 – 2016-09-12 08:25 – 000310748 _____ C:Windowssystem32perfc00A.dat
2017-12-17 03:00 – 2016-09-12 08:44 – 000000006 ____H C:WindowsTasksSA.DAT
2017-12-15 05:27 – 2017-01-25 12:57 – 000002230 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2017-12-15 05:27 – 2017-01-25 12:57 – 000002218 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2017-12-14 15:38 – 2016-07-16 10:02 – 000000000 ____D C:WindowsCbsTemp
2017-12-14 15:36 – 2016-07-16 10:23 – 000000000 ____D C:WindowsSysWOW64MUI
2017-12-14 15:36 – 2016-07-16 10:23 – 000000000 ____D C:Windowssystem32MUI
2017-12-14 15:35 – 2016-07-16 10:21 – 000000000 ____D C:WindowsINF
2017-12-14 15:20 – 2017-02-11 19:21 – 000000000 ____D C:UsersadministratorAppDataLocalConnectedDevicesPlatform
2017-12-14 15:04 – 2017-04-04 12:43 – 000004298 _____ C:WindowsSystem32Tasksavast! Emergency Replace
2017-12-14 15:03 – 2017-02-15 10:31 – 000003416 _____ C:Windowssystem32confignetlogon.dnb
2017-12-14 15:03 – 2017-02-15 10:31 – 000002125 _____ C:Windowssystem32confignetlogon.dns
2017-12-14 15:02 – 2017-02-15 10:26 – 000000000 ____D C:Windowssystem32dns
2017-12-14 14:59 – 2016-07-16 03:04 – 000065536 _____ C:Windowssystem32configBBI
2017-12-14 14:36 – 2017-02-11 19:21 – 000000000 ____D C:Usersadministrator
2017-12-14 14:29 – 2017-08-25 20:54 – 000002664 _____ C:WindowsSystem32TasksFinalizar backup
2017-12-14 14:29 – 2017-08-25 20:53 – 000002644 _____ C:WindowsSystem32TasksIniciar backup
2017-12-14 13:13 – 2017-10-06 22:50 – 000000448 __RSH C:Usersadministratorntuser.pol
2017-12-14 13:12 – 2017-02-11 19:14 – 000003752 __RSH C:ProgramDatantuser.pol
2017-12-09 07:54 – 2017-03-07 23:23 – 000000000 ____D C:UsersadministratorAppDataRoamingTeamViewer
2017-12-09 07:53 – 2017-02-15 13:30 – 000000000 ____D C:ProgramDataMaxSyncUp
2017-12-09 07:53 – 2017-01-25 12:58 – 000000000 ____D C:UsersAdministrador.ALFAAppDataRoamingTeamViewer
2017-12-09 07:53 – 2017-01-25 11:40 – 000000000 ____D C:UsersAdministrador.ALFAAppDataLocalConnectedDevicesPlatform
2017-12-09 07:53 – 2017-01-25 08:18 – 000000000 ___HD C:cpqsystem
2017-12-09 07:53 – 2016-09-12 08:45 – 000000000 ____D C:UsersAdministradorAppDataLocalConnectedDevicesPlatform
2017-12-09 07:24 – 2017-08-25 22:46 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBackup and Sync from Google
2017-12-09 06:30 – 2017-03-09 10:22 – 000002296 ____N C:UsersadministratorDocumentsDefault.rdp
2017-12-07 16:27 – 2017-08-25 22:46 – 000002075 _____ C:UsersPublicDesktopGoogle Slides.lnk
2017-12-06 12:52 – 2017-04-05 12:52 – 000000000 ____D C:WindowsSystem32TasksAVAST Software program
2017-12-05 14:52 – 2017-07-26 15:39 – 000000000 ____D C:Windowssystem32appmgmt
2017-12-05 14:27 – 2016-07-16 10:23 – 000000000 ____D C:Windowssecurity
==================== Information within the root of some directories =======
2017-04-04 14:25 – 2017-04-04 14:25 – 000007605 ____N () C:UsersadministratorAppDataLocalResmon.ResmonCfg
Some recordsdata in TEMP:
====================
2017-12-17 02:24 – 2016-11-11 07:13 – 001886344 _____ (Microsoft Company) C:UsersadministratorAppDataLocalTempdllnt_dump.dll
==================== Bamital & volsnap ======================
(There isn’t any automated repair for recordsdata that don’t go verification.)
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe IS MISSING <==== ATTENTION
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed
LastRegBack: 2017-12-14 13:21
==================== Finish of FRST.txt ============================
Extra scan results of Farbar Restoration Scan Device (x64) Model: 26-12-2017
Ran by administrator (27-12-2017 13:12:43)
Working from C:UsersadministratorDownloads
Home windows Server 2016 Normal (X64) (2017-01-25 14:39:44)
Boot Mode: Regular
==========================================================
==================== Accounts: =============================
Administrator (0 – Administrator – Enabled) => %systemrootpercentsystem32configsystemprofile
Visitor (0 – Restricted – Disabled) => %systemrootpercentsystem32configsystemprofile
krbtgt (0 – Restricted – Disabled) => %systemrootpercentsystem32configsystemprofile
DefaultAccount (S-1-5-21-3983913466-1508181481-3891534483-503 – Restricted – Disabled)
SUPPORT_388945a0 (0 – Restricted – Disabled) => %systemrootpercentsystem32configsystemprofile
agorenstein (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
lprudent (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
dsatragno (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
csilvestre (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
nvain (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
cgarcia (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
nrossato (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
cvecchiarelli (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
IUSR_ALFA (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
IWAM_ALFA (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
aquiroga (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
meserra (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
asistente (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
secretaria (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
rmsoria (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
IUSR_BETA (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
IWAM_BETA (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
investigacion (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
gchattas (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
estudios (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
becario (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
comunicacion (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
desarrolloinstitucio (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
recepcion (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
avarela (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
enfermeria (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
mkenny (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
mlvbalaguer (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
BETA$ (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
NEWALFA$ (0 – Restricted – Disabled) => %systemrootpercentsystem32configsystemprofile
ALFA$ (0 – Restricted – Enabled) => %systemrootpercentsystem32configsystemprofile
==================== Safety Middle ========================
(If an entry is included within the fixlist, it is going to be eliminated.)
==================== Put in Packages ======================
(Solely the adware packages with “Hidden” flag might be added to the fixlist to unhide them. The adware packages ought to be uninstalled manually.)
@MAX SyncUp 6.0 (HKLM…{68EF9E48-C970-4124-BBC1-85C8ADD59109}_is1) (Model: – @MAX Software program)
7-Zip 16.04 (x64) (HKLM…7-Zip) (Model: 16.04 – Igor Pavlov)
avast! File Server Safety (HKLM-x32…avast) (Model: 8.0.1609.0 – AVAST Software program)
Backup and Sync from Google (HKLM-x32…{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Model: 3.38.7642.3857 – Google, Inc.)
CCleaner (HKLM…CCleaner) (Model: 5.38 – Piriform)
Cobian Backup 11 Gravity (HKLM-x32…CobBackup11) (Model: – )
Emsisoft Anti-Malware (HKLM…{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Model: 2017.4 – Emsisoft Ltd.)
Google Chrome (HKLM-x32…Google Chrome) (Model: 63.0.3239.84 – Google Inc.)
Google Replace Helper (HKLM-x32…{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Model: 1.3.33.7 – Google Inc.) Hidden
HP ProLiant iLO 3/4 Administration Controller Package deal (HKLM…HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Model: 3.20.0.0 – Hewlett-Packard Firm)
HPE ProLiant Agentless Administration Service (HKLM…{89C1F171-F24A-401C-B688-FAE669866478}) (Model: 10.40.0.0 – Hewlett Packard Enterprise Improvement LP) Hidden
HPE ProLiant Agentless Administration Service (HKLM…HP-{EDE88CBB-3384-4DDA-B23B-7E54A3F4344F}) (Model: 10.40.0.0 – Hewlett Packard Enterprise Improvement LP)
Malwarebytes versión 3.3.1.2183 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Model: 3.3.1.2183 – Malwarebytes)
MergeModule2012 (HKLM…{3E0D2B4B-CA5F-40D6-B0AE-648008897125}) (Model: 1.0.0 – Microsoft) Hidden
Microsoft Visible C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Model: 9.0.30729.6161 – Microsoft Company)
Recuva (HKLM…Recuva) (Model: 1.53 – Piriform)
TeraCopy model 3.26 (HKLM…TeraCopy_is1) (Model: 3.26 – Code Sector)
==================== Customized CLSID (Whitelisted): ==========================
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:Program Information (x86)GoogleDrivegoogledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:Program Information (x86)GoogleDrivegoogledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:Program Information (x86)GoogleDrivegoogledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAVAST SoftwareAvast BusinessashShA64.dll [2016-10-24] (Avast Software program s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAVAST SoftwareAvast BusinessashShA64.dll [2016-10-24] (Avast Software program s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:Program Information (x86)GoogleDrivecontextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREa2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREA2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAVAST SoftwareAvast BusinessashShA64.dll [2016-10-24] (Avast Software program s.r.o.)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREa2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREA2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:Program Information (x86)GoogleDrivecontextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:Program FilesAVAST SoftwareAvast BusinessashShA64.dll [2016-10-24] (Avast Software program s.r.o.)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREa2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:PROGRAM FILESEMSISOFT ANTI-MALWAREA2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6-x32: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:Program FilesTeraCopyTeraCopyExt.dll [2016-12-07] ()
==================== Scheduled Duties (Whitelisted) =============
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
Activity: {005E9852-43C1-4545-9089-3B62C3790C01} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon Filesavast softwareoverseeroverseer.exe [2017-12-06] (AVAST Software program)
Activity: {01D24577-4E2B-4858-9B61-043DCF098E87} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2017-12-13] (Piriform Ltd)
Activity: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} – System32TasksMicrosoftWindowsPLAServer Supervisor Efficiency Monitor => %systemrootpercentsystem32rundll32.exe %systemrootpercentsystem32pla.dll,PlaHost “Server Manager Performance Monitor” “$(Arg0)”
Activity: {2CFC8EDF-FE50-4562-B8D3-DF254C3E018F} – System32TasksGoogleUpdateTaskMachineUA => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [2017-01-25] (Google Inc.)
Activity: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} – System32TasksMicrosoftWindowsNetwork ControllerSDN Diagnostics Activity
Activity: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} – System32TasksMicrosoftWindowsSoftware Stock LoggingConfiguration => %systemrootpercentsystem32cmd.exe /d /c %systemrootpercentsystem32silcollector.cmd configure
Activity: {51AE33E2-880E-4C98-9283-D504F1A0142A} – System32TasksIniciar backup => C:Program Information (x86)GoogleDrivegoogledrivesync.exe [2017-11-20] ()
Activity: {7A51A7AB-56A0-440E-92B8-274FE8092C1A} – System32TasksAVAST SoftwareAvast settings backup => C:Program FilesCommon FilesAVavast! Antivirusbackup.exe
Activity: {B3969132-6F86-4C86-8112-7654CCE8EE1D} – System32Tasksavast! Emergency Replace => C:Program FilesAVAST SoftwareAvast BusinessAvastEmUpdate.exe [2017-04-05] (Avast Software program s.r.o.)
Activity: {C42217E9-71C2-483D-932D-C517BA56D1A3} – System32TasksCCleaner Replace => C:Program FilesCCleanerCCUpdate.exe [2017-12-13] (Piriform Ltd)
Activity: {D27F3323-DB9F-42A6-8FE1-E91CFC98449C} – System32TasksGoogleUpdateTaskMachineCore => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [2017-01-25] (Google Inc.)
Activity: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} – System32TasksMicrosoftWindowsServer ManagerServerManager => C:Windowssystem32ServerManagerLauncher.exe [2016-07-16] (Microsoft Company)
Activity: {E0A67649-21C8-4620-81A8-EACF01A98AC3} – System32TasksMicrosoftWindowsSoftware Stock LoggingCollection => %systemrootpercentsystem32cmd.exe /d /c %systemrootpercentsystem32silcollector.cmd publish
Activity: {EFDC23D7-2F66-41E7-8D44-7E7532F8AABD} – System32TasksFinalizar backup => taskkill [Argument = /f /im googledrivesync.exe]
Activity: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} – System32TasksMicrosoftWindowsServer ManagerCleanupOldPerfLogs => %systemrootpercentsystem32cscript.exe /B /nologo %systemrootpercentsystem32calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Activity: {F4FA9ECF-F4C5-4FA5-AE74-EA2ABA016D2C} – System32TasksCreateExplorerShellUnelevatedTask => C:Windowsexplorer.exe /NOUACCHECK
(If an entry is included within the fixlist, the duty (.job) file shall be moved. The file which is operating by the duty won’t be moved.)
==================== Shortcuts & WMI ========================
(The entries might be listed to be restored or eliminated.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 10:18 – 2016-07-16 10:18 – 000231424 _____ () C:WindowsSYSTEM32ism32k.dll
2017-03-18 18:49 – 2017-03-04 04:19 – 002681200 _____ () C:Windowssystem32CoreUIComponents.dll
2015-11-10 08:46 – 2015-11-10 08:46 – 000044944 _____ () C:Program FilesHewlett-PackardAMSserviceCQMGSTOR.dll
2015-11-10 08:46 – 2015-11-10 08:46 – 000038800 _____ () C:Program FilesHewlett-PackardAMSservicecqstrutl.dll
2015-11-10 08:46 – 2015-11-10 08:46 – 000056208 _____ () C:Program FilesHewlett-PackardAMSserviceCPQIDE.DLL
2015-11-10 08:46 – 2015-11-10 08:46 – 000054160 _____ () C:Program FilesHewlett-PackardAMSserviceCPQMDISK.dll
2015-11-10 08:46 – 2015-11-10 08:46 – 000067984 _____ () C:Program FilesHewlett-PackardAMSserviceCPQMSCSI.DLL
2015-11-10 08:47 – 2015-11-10 08:47 – 000065936 _____ () C:Program FilesHewlett-PackardAMSserviceCPQSAS.DLL
2015-11-10 08:47 – 2015-11-10 08:47 – 000344464 _____ () C:Program FilesHewlett-PackardAMSservicew2kmgAMS.dll
2017-11-20 15:27 – 2017-11-20 15:27 – 041061856 _____ () C:Program Information (x86)GoogleDrivegoogledrivesync.exe
2017-12-14 14:35 – 2016-12-07 16:40 – 003681104 _____ () C:Program FilesTeraCopyTeraCopyExt.dll
2017-12-14 14:35 – 2017-03-14 16:51 – 001714688 _____ () C:Program FilesTeraCopyTeraCopy64.dll
2017-01-25 18:05 – 2016-09-07 01:56 – 000134656 _____ () C:WindowsShellExperiencesWindows.UI.Shell.SharedUtilities.dll
2017-03-18 18:47 – 2017-03-04 03:31 – 000474112 _____ () C:WindowsShellExperiencesQuickActions.dll
2017-03-18 18:48 – 2017-03-04 03:12 – 009760768 _____ () C:WindowsSystemAppsMicrosoft.Home windows.Cortana_cw5n1h2txyewyCortanaApi.dll
2017-03-18 18:48 – 2017-03-04 03:05 – 001401856 _____ () C:WindowsSystemAppsMicrosoft.Home windows.Cortana_cw5n1h2txyewyCortana.Core.dll
2017-03-18 18:48 – 2017-03-04 03:05 – 000757248 _____ () C:WindowsSystemAppsMicrosoft.Home windows.Cortana_cw5n1h2txyewyCSGSuggestLib.dll
2017-03-18 18:48 – 2017-03-04 03:05 – 002424320 _____ () C:WindowsSystemAppsMicrosoft.Home windows.Cortana_cw5n1h2txyewyCortana.BackgroundTask.dll
2017-03-18 18:49 – 2017-03-04 03:08 – 004853760 _____ () C:WindowsSystemAppsMicrosoft.Home windows.Cortana_cw5n1h2txyewyRemindersUI.dll
2017-12-16 22:42 – 2017-11-29 09:11 – 002301384 _____ () C:PROGRAM FILESMALWAREBYTESANTI-MALWARESelfProtectionSdk.dll
2017-12-16 22:42 – 2017-11-29 09:11 – 002358728 _____ () C:PROGRAM FILESMALWAREBYTESANTI-MALWAREMwacLib.dll
2017-12-15 05:27 – 2017-12-06 01:24 – 002873688 _____ () C:Program Information (x86)GoogleChromeApplication63.0.3239.84swiftshaderlibglesv2.dll
2017-12-15 05:26 – 2017-12-06 01:24 – 000137048 _____ () C:Program Information (x86)GoogleChromeApplication63.0.3239.84swiftshaderlibegl.dll
2017-12-17 11:17 – 2017-12-17 10:00 – 005116928 _____ () C:Program FilesAVAST SoftwareAvast Businessdefs17121700algo.dll
2017-12-26 12:01 – 2017-12-26 08:55 – 005116928 _____ () C:Program FilesAVAST SoftwareAvast Businessdefs17122602algo.dll
2017-12-14 15:03 – 2017-12-14 15:03 – 000088064 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_ctypes.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000919552 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_hashlib.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000098816 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32api.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000110080 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442pywintypes27.dll
2017-12-14 15:04 – 2017-12-14 15:04 – 000364544 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442pythoncom27.dll
2017-12-14 15:04 – 2017-12-14 15:04 – 000686080 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442unicodedata.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000320512 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32com.shell.shell.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 001177088 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._core_.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000806912 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._gdi_.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000816640 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._windows_.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 001067520 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._controls_.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000733696 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._misc_.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000736256 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442pysqlite2._sqlite.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000119808 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32file.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000108544 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32security.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000007168 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442hashobjs_ext.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000017920 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442thumbnails_ext.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000082432 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442usb_ext.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000013824 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442common.time34.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000018432 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32event.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000027648 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442windows.conditional.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000017408 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442windows.winwrap.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000089088 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442windows.volumes.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000167936 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32gui.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000046080 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_socket.pyd
2017-12-14 15:03 – 2017-12-14 15:04 – 001311744 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_ssl.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000129536 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_elementtree.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000127488 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442pyexpat.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000038912 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32inet.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000077824 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442wx._html2.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000036864 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_psutil_windows.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000524248 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442windows._lib_cacheinvalidation.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000011264 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32crypt.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000218624 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442PIL._imaging.pyd
2017-12-14 15:03 – 2017-12-14 15:03 – 000027648 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_multiprocessing.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000020480 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442_yappi.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000035840 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32process.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000024064 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32pipe.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000010240 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442select.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000025600 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32pdh.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000059392 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442windows.device_monitor.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000017408 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32profile.pyd
2017-12-14 15:04 – 2017-12-14 15:04 – 000022528 _____ () C:UsersadministratorAppDataLocalTemp_MEI42442win32ts.pyd
==================== Alternate Information Streams (Whitelisted) =========
(If an entry is included within the fixlist, solely the ADS shall be eliminated.)
AlternateDataStreams: C:Windowssystem32Driversisiigddb.sys:changelist [284]
==================== Protected Mode (Whitelisted) ===================
(If an entry is included within the fixlist, it is going to be faraway from the registry. The “AlternateShell” shall be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkAmmyyAdmin => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
==================== Affiliation (Whitelisted) ===============
(If an entry is included within the fixlist, the registry merchandise shall be restored to default or eliminated.)
==================== Web Explorer trusted/restricted ===============
(If an entry is included within the fixlist, it is going to be faraway from the registry.)
==================== Hosts content material: ===============================
(If wanted Hosts: directive might be included within the fixlist to reset Hosts.)
2016-07-16 10:23 – 2016-07-16 10:21 – 000000824 _____ C:Windowssystem32Driversetchosts
==================== Different Areas ============================
(Presently there is no such thing as a automated repair for this part.)
HKUS-1-5-21-4017227460-457275624-4033542720-500Control PanelDesktopWallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
DNS Servers: 192.168.10.251 – 127.0.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
==================== MSCONFIG/TASK MANAGER disabled objects ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included within the fixlist, it is going to be faraway from the registry. The file won’t be moved except listed individually.)
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Permit) %systemrootpercentsystem32dllhost.exe
FirewallRules: [SLBM-MUX-IN-TCP] => (Permit) %SystemRootpercentsystem32MuxSvcHost.exe
FirewallRules: [{F46E6A2D-C711-4775-93CA-34A842FCE997}] => (Permit) C:Program Information (x86)TeamViewerTeamViewer.exe
FirewallRules: [{65EE5DC5-F9AC-45EF-B8FD-2F165920382B}] => (Permit) C:Program Information (x86)TeamViewerTeamViewer.exe
FirewallRules: [{C2722FEE-2A17-4EA3-BAA3-A5C0404D263C}] => (Permit) C:Program Information (x86)TeamViewerTeamViewer_Service.exe
FirewallRules: [{644229C8-1D06-4243-9854-0A67B2A475C0}] => (Permit) C:Program Information (x86)TeamViewerTeamViewer_Service.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Permit) %SystemRootpercentsystem32NTFRS.exe
FirewallRules: [DfsMgmt-In-TCP] => (Block) %systemrootpercentsystem32dfsfrsHost.exe
FirewallRules: [DfSMgmt-DCOM-In-TCP] => (Block) %systemrootpercentsystem32svchost.exe
FirewallRules: [DfsMgmt-WMI-In-TCP] => (Block) %systemrootpercentsystem32svchost.exe
FirewallRules: [ADWS-TCP-In] => (Permit) %systemrootpercentADWSMicrosoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Permit) %systemrootpercentADWSMicrosoft.ActiveDirectory.WebServices.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Permit) %SystemRootpercentsystem32dfsrs.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Permit) %systemrootpercentSystem32dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Permit) %systemrootpercentSystem32dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Permit) %systemrootpercentSystem32dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Permit) %systemrootpercentSystem32dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Permit) %systemrootpercentSystem32dns.exe
FirewallRules: [{8D8B9A56-8FCA-4D13-90AE-5390F2D5E3A0}] => (Permit) C:Program Information (x86)MaxSyncUpmsusvc.exe
FirewallRules: [{4D1CFD0A-D38A-4EC4-BA0B-4E0893895392}] => (Permit) C:Program Information (x86)MaxSyncUpMaxSyncUp.exe
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Permit) %systemrootpercentsystem32wbengine.exe
FirewallRules: [{B7D2464F-B8C2-4DE6-98A4-7094D6C3105D}] => (Permit) C:Program Information (x86)Frequent FilesAcronisAgentagent.exe
FirewallRules: [{052C6012-5549-4658-BC9A-175ADFF90265}] => (Permit) C:Program Information (x86)Frequent FilesAcronisAgentagent.exe
FirewallRules: [{20F721CC-A55A-4471-B42A-EAE0EBEB68C1}] => (Permit) C:Program Information (x86)Frequent FilesAcronisAgentagent.exe
FirewallRules: [{D078C96B-B461-49AF-820E-DE3E84D363A6}] => (Permit) C:Program Information (x86)Frequent FilesAcronisAgentagent.exe
FirewallRules: [{92C4E946-6C93-42AB-A17C-750D45C6B9D5}] => (Permit) C:Program Information (x86)AcronisBackupAndRecoverymms.exe
FirewallRules: [{EC788553-9539-4155-A5D8-7F97023F6C16}] => (Permit) C:Program Information (x86)AcronisBackupAndRecoverymms.exe
FirewallRules: [{EDB09A11-A6EC-4A50-84B4-75F861BF6FD8}] => (Permit) C:Program Information (x86)AcronisBackupAndRecoverymms.exe
FirewallRules: [{5F8828A2-B25C-40A9-8A7D-8AE26499D674}] => (Permit) C:Program Information (x86)AcronisBackupAndRecoverymms.exe
FirewallRules: [{54D495F2-E070-410A-A35C-B2E8337CC633}] => (Permit) C:Program Information (x86)GoogleChromeApplicationchrome.exe
==================== Restore Factors =========================
ATTENTION: System Restore is disabled
Test “winmgmt” service or restore WMI.
==================== Defective System Supervisor Units =============
==================== Occasion log errors: =========================
Software errors:
==================
Error: (12/26/2017 08:00:10 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/25/2017 08:00:12 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/24/2017 08:00:11 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/23/2017 08:00:11 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/22/2017 08:00:11 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/21/2017 08:01:02 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/20/2017 08:00:09 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/19/2017 08:00:09 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/18/2017 08:00:08 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
Error: (12/17/2017 08:01:06 PM) (Supply: VSS) (EventID: 8194) (Consumer: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Author
Id. de instancia del escritor: {70cac2ee-ea7e-4c7e-b206-7bcf82e5f715}
System errors:
=============
Error: (12/27/2017 11:43:44 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kpasswd._udp.community.fundasamin.org.ar. 600 IN SRV 0 100 464 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:42 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kpasswd._tcp.community.fundasamin.org.ar. 600 IN SRV 0 100 464 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:39 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kerberos._udp.community.fundasamin.org.ar. 600 IN SRV 0 100 88 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:37 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kerberos._tcp.Default-First-Web site-Identify._sites.community.fundasamin.org.ar. 600 IN SRV 0 100 88 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:34 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kerberos._tcp.community.fundasamin.org.ar. 600 IN SRV 0 100 88 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:32 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kerberos._tcp.Default-First-Web site-Identify._sites.dc._msdcs.community.fundasamin.org.ar. 600 IN SRV 0 100 88 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:29 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_kerberos._tcp.dc._msdcs.community.fundasamin.org.ar. 600 IN SRV 0 100 88 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:27 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_gc._tcp.Default-First-Web site-Identify._sites.community.fundasamin.org.ar. 600 IN SRV 0 100 3268 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:24 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_gc._tcp.community.fundasamin.org.ar. 600 IN SRV 0 100 3268 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
Error: (12/27/2017 11:43:22 AM) (Supply: NETLOGON) (EventID: 5774) (Consumer: )
Description: Error en el registro dinámico del registro DNS ‘_ldap._tcp.Default-First-Web site-Identify._sites.dc._msdcs.community.fundasamin.org.ar. 600 IN SRV 0 100 389 ALFA.community.fundasamin.org.ar.’ en el siguiente servidor DNS:
Dirección IP del servidor DNS: 74.124.210.242
Código de respuesta devuelto (RCODE): 5
Código de estado devuelto: 9017
Para que los equipos y usuarios puedan localizar este controlador de dominio, este registro deberá
registrarse en DNS.
ACCIÓN DEL USUARIO
Decide la causa del error, solucione el problema e inicie el registro de los
registros DNS mediante el controlador de dominio. Para determinar la causa del
error, ejecute DCDiag.exe. Para obtener más información acerca de DCDiag.exe, consulte el Centro de ayuda
y soporte técnico. Para iniciar el registro de los registros DNS mediante este controlador de
dominio, ejecute ‘nltest.exe /dsregdns’ desde el símbolo del sistema en el controlador de dominio
o reinicie el servicio de Web Logon.
También puede agregar manualmente este registro a DNS, pero
no se recomienda.
DATOS ADICIONALES
Valor del error: Clave DNS incorrecta.
CodeIntegrity:
===================================
Date: 2017-12-19 11:18:54.472
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3WindowsSystem32svchost.exe) tried to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwarea2hooks64.dll that didn’t meet the Home windows signing degree necessities.
Date: 2017-12-17 03:15:30.427
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3WindowsSystem32svchost.exe) tried to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwarea2hooks64.dll that didn’t meet the Home windows signing degree necessities.
Date: 2017-12-17 03:10:21.462
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3WindowsSystem32svchost.exe) tried to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwarea2hooks64.dll that didn’t meet the Home windows signing degree necessities.
Date: 2017-12-16 22:43:16.269
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3WindowsSystem32svchost.exe) tried to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwarea2hooks64.dll that didn’t meet the Home windows signing degree necessities.
Date: 2017-12-16 22:43:09.647
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3Program Information (x86)GoogleChromeApplicationchrome.exe) tried to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that didn’t meet the Microsoft signing degree necessities.
Date: 2017-12-16 19:19:30.402
Description: Code Integrity decided {that a} course of (DeviceHarddiskVolume3WindowsSystem32svchost.exe) tried to load DeviceHarddiskVolume3Program FilesEmsisoft Anti-Malwarea2hooks64.dll that didn’t meet the Home windows signing degree necessities.
==================== Reminiscence data ===========================
Processor: Intel® Xeon® CPU E5-2609 v4 @ 1.70GHz
Share of reminiscence in use: 35%
Whole bodily RAM: 16118.62 MB
Accessible bodily RAM: 10429.66 MB
Whole Digital: 23243.31 MB
Accessible Digital: 11418.54 MB
==================== Drives ================================
Drive c: () (Fastened) (Whole:1862.76 GB) (Free:421.85 GB) NTFS
Drive f: () (Fastened) (Whole:1862.98 GB) (Free:1702.61 GB) NTFS
==================== MBR & Partition Desk ==================
========================================================
Disk: 0 (Dimension: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Dimension: 1863 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== Finish of Addition.txt ============================