Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Laptop grundlos abwechselnd extrem langsam, dann wieder normal

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Plagegeister aller Art und deren Bekämpfung: Laptop grundlos abwechselnd extrem langsam, dann wieder normal

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 07.01.2018, 18:24   #16
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Hey cosinus, hab alles mit revo deinstalliert von deiner liste.

Alt 07.01.2018, 18:33   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 09.01.2018, 19:14   #18
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Scanreport


Schönen Abend Cosinus, es wurde eine Malware gefunden.

Scan Nummer 1:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.01.09.03
  rootkit: v2017.10.14.01

Windows 8.1 x86 NTFS
Internet Explorer 11.0.9600.18861
USUARIO :: PAVILION [administrator]

09/01/2018 05:29:31 a.m.
mbar-log-2018-01-09 (05-29-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 165777
Time elapsed: 30 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\SECOH-QAD.exe (HackTool.IdleKMS) -> Delete on reboot. [c552dbe196214aec89eac4741be63cc4]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Scan Nummer 2:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.01.09.03
  rootkit: v2017.10.14.01

Windows 8.1 x86 NTFS
Internet Explorer 11.0.9600.18861
USUARIO :: PAVILION [administrator]

09/01/2018 06:54:38 a.m.
mbar-log-2018-01-09 (06-54-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 165077
Time elapsed: 23 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
__________________
Alt 10.01.2018, 03:50   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



adwCleaner v7.x

Downloade Dir bitte AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.01.2018, 20:01   #20
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

adw cleaner logdatei


hallo cosinus, es tut mir leid ich hatte hier einen privaten zwischenfall und konnte nicht weitermachen. ich kann dir nicht privat schreiben, hoffe, du siehst jetzt meinen post noch?! hatte irgendwo gelesen dass man aus dem abo gelöscht werden würde, wenn man 3 tage nicht antwortet. finde diese info aber nicht mehr. hoffentlich siehst du dies.
beste grüße
helada

Code:
ATTFilter
# AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 27 18:48:24 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 8.1 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: chip1click


***** [ Folders ] *****

Deleted: C:\Program Files\Chip Digital GmbH
Deleted: C:\Windows\\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}\
Deleted: [Key] - HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2160 B] - [2018/1/27 18:46:44]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Geändert von helada (27.01.2018 um 20:09 Uhr)

Alt 27.01.2018, 20:40   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


adwcleaner bitte zwecks Kontrolle wiederholen
__________________
--> Laptop grundlos abwechselnd extrem langsam, dann wieder normal

Alt 28.01.2018, 11:48   #22
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

zweiter Durchlauf Adw Cleaner


Code:
ATTFilter
# AdwCleaner 7.0.7.0 - Logfile created on Sun Jan 28 10:31:40 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 8.1 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2300 B] - [2018/1/27 18:48:24]
C:/AdwCleaner/AdwCleaner[S0].txt - [2160 B] - [2018/1/27 18:46:44]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2018/1/28 10:30:55]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Alt 29.01.2018, 10:59   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.01.2018, 15:38   #24
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

FRST Datei


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
Ran by USUARIO (administrator) on PAVILION (29-01-2018 09:26:46)
Running from D:\Desktop
Loaded Profiles: USUARIO (Available Profiles: PERSONAL & USUARIO)
Platform: Microsoft Windows 8.1 Pro (Update) (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [149440 2015-11-12] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6635224 2014-01-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2435312 2013-10-24] (Synaptics Incorporated)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747744 2014-07-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [407040 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\...\MountPoints2: {094d4fb3-dc79-11e7-972e-a01d48113abd} - "F:\DriverSetup.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.200
Tcpip\..\Interfaces\{88C84BD4-DE48-422F-B237-71C11A3DB894}: [DhcpNameServer] 192.168.5.200
Tcpip\..\Interfaces\{91227947-735B-4129-B191-471469D12DD3}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 0y8gijzj.default
FF ProfilePath: C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default [2018-01-29]
FF Homepage: Mozilla\Firefox\Profiles\0y8gijzj.default -> www.google.com.pe
FF Extension: (Avira Browser Safety) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\abs@avira.com [2017-12-29]
FF Extension: (ADB Helper) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\adbhelper@mozilla.org [2018-01-12] [Legacy]
FF Extension: (convert2mp3.net Online Video Converter) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\info@convert2mp3.net.xpi [2017-12-08]
FF Extension: (AdBlock) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-01-04]
FF Extension: (English (GB) Language Pack) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-01-27]
FF Extension: (Avira SafeSearch Plus) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\safesearchplus2@avira.com [2017-12-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Presentaciones) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-04]
CHR Extension: (Documentos) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-04]
CHR Extension: (Google Drive) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-04]
CHR Extension: (YouTube) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-04]
CHR Extension: (Avira Password Manager) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-12-29]
CHR Extension: (Hojas de cálculo) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-04]
CHR Extension: (Avira Navegación segura) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-12-29]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-04]
CHR Extension: (Gmail) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128944 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1526832 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280872 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103696 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [69888 2013-07-23] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [22272 2013-07-23] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200192 2013-09-24] (Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [54088 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [147576 2017-12-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [167272 2017-12-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [53256 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [77560 2017-12-07] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [37472 2017-12-07] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [220376 2014-01-03] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5357056 2016-12-29] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38920 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [231256 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [85336 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver86.sys [29792 2016-03-23] (HP)
R3 WirelessButtonDriver86; C:\Windows\system32\DRIVERS\WirelessButtonDriver86.sys [29792 2016-03-23] (HP)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-27 15:44 - 2017-10-04 03:21 - 000029352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2018-01-27 15:44 - 2017-10-04 03:21 - 000019088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2018-01-27 13:40 - 2018-01-28 05:30 - 000000000 ____D C:\AdwCleaner
2018-01-25 06:15 - 2018-01-25 06:15 - 000149608 _____ C:\Windows\Minidump\012518-103609-01.dmp
2018-01-25 05:57 - 2018-01-25 05:57 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\ClassicShell
2018-01-25 05:57 - 2018-01-25 05:57 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\ClassicShell
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\Synaptics
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\ATI
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\ATI
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\AMD
2018-01-25 05:48 - 2018-01-25 05:48 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\VirtualStore
2018-01-25 05:48 - 2018-01-25 05:48 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\Google
2018-01-25 05:47 - 2018-01-25 06:00 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\Packages
2018-01-25 05:47 - 2018-01-25 05:47 - 000001430 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-01-25 05:47 - 2018-01-25 05:47 - 000000020 ___SH C:\Users\PERSONAL\ntuser.ini
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Reciente
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Plantillas
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Mis documentos
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Menú Inicio
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Impresoras
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Entorno de red
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Datos de programa
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Configuración local
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Historial
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Datos de programa
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Archivos temporales de Internet
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\Adobe
2018-01-25 05:47 - 2014-02-21 23:38 - 000000369 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-01-25 05:47 - 2014-02-21 23:38 - 000000369 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-01-25 05:46 - 2018-01-25 05:52 - 000000000 ____D C:\Users\PERSONAL
2018-01-23 13:50 - 2018-01-23 13:50 - 000149464 _____ C:\Windows\Minidump\012318-37218-01.dmp
2018-01-14 13:47 - 2018-01-14 13:47 - 000149512 _____ C:\Windows\Minidump\011418-41531-01.dmp
2018-01-10 07:34 - 2018-01-02 01:00 - 019790760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 005668696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-10 07:34 - 2018-01-02 00:59 - 001681240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-10 07:34 - 2018-01-02 00:59 - 001565520 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 001213784 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 000342872 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 000342872 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-10 07:34 - 2018-01-02 00:58 - 001472056 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-10 07:34 - 2018-01-02 00:58 - 001405464 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-10 07:34 - 2018-01-02 00:58 - 001295440 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-10 07:34 - 2018-01-02 00:58 - 001280960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-10 07:34 - 2018-01-02 00:58 - 001181824 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-10 07:34 - 2018-01-02 00:56 - 000889440 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-10 07:34 - 2018-01-02 00:20 - 020275200 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-10 07:34 - 2018-01-01 23:49 - 002294272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-10 07:34 - 2018-01-01 23:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-10 07:34 - 2018-01-01 23:23 - 004508160 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-10 07:34 - 2018-01-01 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-10 07:34 - 2018-01-01 23:13 - 001117184 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-10 07:34 - 2018-01-01 23:09 - 000644608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-10 07:34 - 2018-01-01 23:06 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-10 07:34 - 2018-01-01 23:01 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-10 07:34 - 2018-01-01 22:46 - 002976256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-01-10 07:34 - 2017-12-10 08:24 - 005275136 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2018-01-10 07:34 - 2017-12-10 07:59 - 005270528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-10 07:34 - 2017-12-05 23:37 - 001841488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-10 07:34 - 2017-12-05 11:37 - 003454464 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000501592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000192352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000164296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-10 07:33 - 2018-01-02 01:03 - 000482904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-10 07:33 - 2018-01-02 01:03 - 000341384 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2018-01-10 07:33 - 2018-01-02 01:01 - 001902328 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-10 07:33 - 2018-01-02 01:01 - 000069464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-10 07:33 - 2018-01-02 00:59 - 000270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-10 07:33 - 2018-01-02 00:56 - 000851712 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-10 07:33 - 2018-01-02 00:48 - 000507176 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-10 07:33 - 2018-01-02 00:47 - 000736600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-10 07:33 - 2018-01-02 00:01 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-10 07:33 - 2018-01-02 00:01 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000574464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000376320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-10 07:33 - 2018-01-01 23:59 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-10 07:33 - 2018-01-01 23:59 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-10 07:33 - 2018-01-01 23:56 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-10 07:33 - 2018-01-01 23:54 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-10 07:33 - 2018-01-01 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-10 07:33 - 2018-01-01 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-10 07:33 - 2018-01-01 23:45 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-10 07:33 - 2018-01-01 23:43 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-10 07:33 - 2018-01-01 23:42 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-10 07:33 - 2018-01-01 23:34 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-10 07:33 - 2018-01-01 23:27 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-10 07:33 - 2018-01-01 23:25 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-10 07:33 - 2018-01-01 23:25 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-10 07:33 - 2018-01-01 23:22 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-10 07:33 - 2018-01-01 23:18 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-10 07:33 - 2018-01-01 23:17 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-10 07:33 - 2018-01-01 23:17 - 000331776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-10 07:33 - 2018-01-01 23:16 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-10 07:33 - 2018-01-01 23:16 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-10 07:33 - 2018-01-01 23:12 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-10 07:33 - 2018-01-01 23:11 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-10 07:33 - 2018-01-01 23:11 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-10 07:33 - 2018-01-01 23:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-10 07:33 - 2018-01-01 23:09 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-10 07:33 - 2018-01-01 23:09 - 000543232 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-10 07:33 - 2018-01-01 23:08 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-10 07:33 - 2018-01-01 23:07 - 001328128 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-10 07:33 - 2018-01-01 23:05 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-10 07:33 - 2018-01-01 23:04 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-10 07:33 - 2018-01-01 23:02 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-10 07:33 - 2018-01-01 23:02 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-10 07:33 - 2018-01-01 23:01 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-10 07:33 - 2018-01-01 23:00 - 001326080 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-10 07:33 - 2018-01-01 22:59 - 001845248 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-10 07:33 - 2018-01-01 22:59 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-10 07:33 - 2018-01-01 22:58 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-10 07:33 - 2018-01-01 22:57 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-10 07:33 - 2018-01-01 22:56 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-10 07:33 - 2018-01-01 22:56 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-10 07:33 - 2018-01-01 22:55 - 001015808 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-10 07:33 - 2018-01-01 22:55 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-10 07:33 - 2018-01-01 22:54 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-10 07:33 - 2018-01-01 22:53 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-10 07:33 - 2017-12-14 16:39 - 000315736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-10 07:33 - 2017-12-13 00:44 - 000076624 _____ (Microsoft Corporation) C:\Windows\system32\KeyboardFilterSvc.dll
2018-01-10 07:33 - 2017-12-10 08:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-10 07:33 - 2017-12-10 08:58 - 000035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-10 07:33 - 2014-11-07 22:17 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-10 07:33 - 2014-11-07 22:13 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-10 07:33 - 2014-11-07 22:13 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-10 07:33 - 2014-11-07 22:13 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-10 07:33 - 2014-11-07 21:48 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-10 07:33 - 2014-11-03 23:41 - 000112128 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2018-01-09 06:53 - 2018-01-09 06:53 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\2762C5C5.sys
2018-01-09 06:52 - 2018-01-09 06:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-09 05:29 - 2018-01-09 05:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 05:28 - 2018-01-09 05:28 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\625343F5.sys
2018-01-09 05:21 - 2018-01-14 13:14 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-09 05:21 - 2018-01-09 06:53 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-01-05 05:50 - 2018-01-05 05:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-05 05:50 - 2018-01-05 05:50 - 000000000 ____D C:\Program Files\VS Revo Group
2018-01-03 14:08 - 2018-01-03 14:08 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Downloaded Installations
2018-01-03 13:09 - 2018-01-29 09:26 - 000000000 ____D C:\FRST
2018-01-03 11:59 - 2018-01-03 11:59 - 000000000 ____D C:\Users\USUARIO\AppData\Local\AviraSpeedup
2017-12-30 18:52 - 2017-12-30 18:52 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Macromedia
2017-12-30 18:44 - 2017-12-30 18:44 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 00:39 - 2017-11-27 12:58 - 000000000 ____D C:\Users\USUARIO\AppData\Local\ClassicShell
2018-01-29 00:36 - 2013-08-22 01:21 - 000000000 ____D C:\Windows\inf
2018-01-28 05:38 - 2017-12-05 08:01 - 000000000 ____D C:\Users\USUARIO\AppData\LocalLow\Mozilla
2018-01-28 05:35 - 2017-11-27 15:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-28 05:35 - 2017-11-27 12:59 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-28 05:35 - 2013-08-22 02:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-28 04:26 - 2013-08-22 03:05 - 000000000 ____D C:\Windows\CbsTemp
2018-01-27 13:53 - 2017-11-27 12:59 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-27 13:49 - 2013-08-22 01:13 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-01-27 07:17 - 2017-12-04 09:05 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-27 06:27 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\system32\NDF
2018-01-25 06:15 - 2017-11-23 16:46 - 000000000 ____D C:\Windows\Minidump
2018-01-25 06:15 - 2017-11-23 16:45 - 404799402 _____ C:\Windows\MEMORY.DMP
2018-01-25 06:00 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\AppReadiness
2018-01-25 05:58 - 2017-11-23 16:48 - 000000000 ____D C:\Users\USUARIO
2018-01-25 04:36 - 2017-11-23 17:01 - 000341090 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-25 04:36 - 2013-08-22 09:57 - 000016712 _____ C:\Windows\system32\perfh00A.dat
2018-01-25 04:36 - 2013-08-22 09:57 - 000005328 _____ C:\Windows\system32\perfc00A.dat
2018-01-16 14:59 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\rescache
2018-01-14 13:15 - 2013-08-22 02:22 - 000478784 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-14 08:26 - 2013-08-22 03:17 - 000000000 ___RD C:\Windows\ToastData
2018-01-11 06:05 - 2017-12-28 15:58 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\PhotoScape
2018-01-11 03:45 - 2017-11-27 16:56 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 03:19 - 2017-11-27 16:56 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:17 - 2017-11-27 16:56 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-09 12:55 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 06:51 - 2017-12-29 16:27 - 000000000 ____D C:\Program Files\Avira
2018-01-09 06:51 - 2017-12-29 16:26 - 000000000 ____D C:\ProgramData\Avira
2018-01-09 06:51 - 2017-11-27 16:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-07 07:00 - 2017-11-27 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-07 07:00 - 2017-11-27 13:01 - 000000000 ____D C:\Program Files\Java
2018-01-07 05:55 - 2017-11-27 14:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-01-07 05:55 - 2017-11-27 14:42 - 000000000 ____D C:\ProgramData\Adobe
2018-01-05 05:25 - 2017-11-27 14:18 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-05 05:25 - 2013-08-22 03:17 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-05 05:22 - 2013-08-22 10:00 - 000000000 ____D C:\Windows\ShellNew
2018-01-05 05:20 - 2013-08-22 03:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-01 10:20 - 2017-11-27 15:06 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Cyberlink
2018-01-01 10:20 - 2017-11-27 14:57 - 000000000 ____D C:\ProgramData\CyberLink
2017-12-30 18:45 - 2017-11-27 15:05 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Adobe

==================== Files in the root of some directories =======

2017-12-07 12:48 - 2017-12-07 12:48 - 000000000 _____ () C:\Users\USUARIO\AppData\Local\{F26EDB51-2055-4602-B5D3-00CED93B3C9D}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-27 15:41

==================== End of FRST.txt ============================
--- --- ---

--- --- ---

--- --- ---



Additional.txt:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by USUARIO (29-01-2018 09:29:03)
Running from D:\Desktop
Microsoft Windows 8.1 Pro (Update) (X86) (2017-11-23 21:47:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3478894747-1205790465-3368493391-500 - Administrator - Disabled)
Invitado (S-1-5-21-3478894747-1205790465-3368493391-501 - Limited - Disabled)
PERSONAL (S-1-5-21-3478894747-1205790465-3368493391-1001 - Administrator - Enabled) => C:\Users\PERSONAL
USUARIO (S-1-5-21-3478894747-1205790465-3368493391-1002 - Administrator - Enabled) => C:\Users\USUARIO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD VISION Engine Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM\...\{4BC30143-FC17-4BA0-96C3-11F21F026099}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{638c58eb-e71e-4b96-8f16-c5a7dbc4293f}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG)
Classic Shell (HKLM\...\{8EA72B6A-D11E-4B91-8657-364F4B21347F}) (Version: 4.2.5 - IvoSoft)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
K-Lite Mega Codec Pack 10.9.2 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.2 - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 58.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 58.0 (x86 es-ES)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.2 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper32.dll [2015-11-12] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C62A04-1B4A-4A01-A4A3-4C32B0385A7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {599A5840-BFA2-45D8-8B2D-A2CAE6830927} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {94AF091E-7A0A-4558-AF24-C73A84A388A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {B7F80375-FA01-4A43-959A-16AF01FA815C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-11-23] ()
Task: {E1122790-29E4-4B57-B10A-3765D5A5DD2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {F0D8A4DD-17B8-4EB8-A6A0-60A1EBB995F8} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-12-07] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 000114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 000095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-01-27 07:17 - 2018-01-24 01:14 - 003730264 _____ () C:\Program Files\Google\Chrome\Application\64.0.3282.119\libglesv2.dll
2018-01-27 07:17 - 2018-01-24 01:14 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\64.0.3282.119\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 01:13 - 2013-08-22 01:13 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 192.168.5.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E06FC46E-59EF-47EE-B3BB-F73828841A5D}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{3D8CC876-965E-4FA4-889C-914872C5BE74}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{64F9F47D-74F5-4B72-8AE1-BCE6941C2F34}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{67D03460-1154-45C7-B9D4-28C8D2C144BC}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{22ACC95E-571B-440A-8D31-E05521489023}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5591A55D-34F9-4A5A-8765-FEC28DB34739}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EE8242AC-2F14-45E6-99D9-908FFA69F966}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2151C475-393A-41C4-A384-870B1E54B9B8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{ED6DB659-A350-4345-B79F-67844D03B214}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-01-2018 03:12:16 Instalador de Módulos de Windows
25-01-2018 06:30:02 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2018 07:10:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/27/2018 06:29:00 AM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/27/2018 06:24:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/25/2018 04:13:44 AM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/25/2018 04:13:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/18/2018 09:07:21 AM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/12/2018 02:07:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/11/2018 06:04:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ipmGui.exe, versión 15.0.34.12, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1cf4

Hora de inicio: 01d38af354ca73a2

Hora de finalización: 10484

Ruta de acceso de la aplicación: C:\program files\avira\antivirus\ipmGui.exe

Identificador de informe: a556db4b-f723-11e7-9743-a01d48113abd

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (01/11/2018 04:10:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/10/2018 07:52:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).


System errors:
=============
Error: (01/28/2018 05:35:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (01/28/2018 05:35:23 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Se activó el temporizador de vigilancia del sistema.

Error: (01/28/2018 05:31:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (01/28/2018 05:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/28/2018 05:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Andrea RT Filters Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/28/2018 05:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/27/2018 03:42:00 PM) (Source: DCOM) (EventID: 10010) (User: PAVILION)
Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/27/2018 03:41:27 PM) (Source: DCOM) (EventID: 10010) (User: PAVILION)
Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/27/2018 01:49:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (01/27/2018 01:49:28 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Se activó el temporizador de vigilancia del sistema.


CodeIntegrity:
===================================
  Date: 2017-12-25 07:49:08.697
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-18 20:15:52.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-18 04:52:22.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-15 09:12:05.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-13 10:34:52.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-11 17:33:22.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics 
Percentage of memory in use: 66%
Total physical RAM: 3057.11 MB
Available physical RAM: 1026.11 MB
Total Virtual: 6129.11 MB
Available Virtual: 2964.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:120 GB) (Free:92.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:177.75 GB) (Free:168 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3D9DFA4D)
Partition 1: (Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---
Alt 29.01.2018, 16:08   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Da läuft immer noch Avira!

Hau es bitte runter mit revo!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.01.2018, 08:21   #26
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Avira lässt sich nicht deinstallieren...


Guten Morgen Cosinus.
Also jetzt kommts. Nachdem ich hätte hoch drei schwören können, dass ich Avira deinstalliert hatte, hab ichs jetzt nochmal gemacht. Alles normal, es öffnet sich ein Firefox-Tab mit "Schade, dass Sie uns verlassen haben" und Revo will restliche Dateien beim Neustart löschen. Ich schließe Revo, habe den Desktop vor mir und sehe, wie das Avira-Icon auf dem Desktop an neuer Stelle aufploppt. Nach Neustart sitzt Avira sogar wieder an alter Stelle und kann ganz normal geöffnet werden. Fröhlich teilt es mir mit, dass ich geschützt sei. Ich hatte Avira also damals definitiv deinstalliert. Was geht hier vor sich?
Außerdem stürzt mein Laptop neuerdings des öfteren ab, gerade eben auch wieder beim Starten von Firefox, um hier zu antworten. Es kommt der blaue Bildschirm mit dem traurigen Smiley "Es ist etwas schief gelaufen, Windows muss neu gestartet werden". Dazu wird der Fehlercode Kmode Not Handled Exception und avipbb.sys angezeigt.

Alt 30.01.2018, 08:27   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


https://www.avira.com/de/support-dow...-removal-tool/
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.01.2018, 09:20   #28
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Avira jetzt weg


Hallo Cosinus, nach dem dritten Versuch (ich musste sichergehen, dass ich mich nicht zu blöd anstelle) bin ich Avira jetzt los. Es war wieder das gleiche, das Icon kam zurück nach dem Neustart. Dann stürzte Windows ab (ich hatte gar nichts getan, nur verzweifelt auf den Bildschirm gestarrt) und startete neu. Nach dem erneuten Neustart wurde mir diesmal jedoch von Avira mitgeteilt, dass die Funktion, die ich versuche auszuführen (haha), nicht verfügbar ist und das Installationspaket Avira.OE.Setup.Msi.msi nicht auffindbar ist. Ich sollte dann einen Pfad angeben, wo dieses liegt. Hab auf Abbrechen geklickt und jetzt ist es endlich weg.

Zu dem AntiVir Removal Tool: Also ich habe mir jetzt das Nutzerhandbuch, welches du mir verlinkt hast, durchgelesen und entnehme diesem, dass dieses Tool jetzt sowas ähnliches wie Adw Cleaner usw. ist, richtig?
Und: Ich weiß nicht, ob ich jetzt völlig die Peilung verloren habe, aber ich finde den Download des Tools einfach nicht. Unter dem Link kann man komischerweise nur das Benutzerhandbuch runterladen, nicht aber das Programm...?!? Auf avira.com das gleiche, sowie auf dem zum Download ausgeschriebenen Link im Benutzerhandbuch. Bitte mich nicht umbringen, ich raffs einfach gerade nicht...

Alt 30.01.2018, 09:48   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

Laptop grundlos abwechselnd extrem langsam, dann wieder normal


Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.01.2018, 10:30   #30
helada
 
Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Standard

neue Logs


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.01.2018
Ran by USUARIO (administrator) on PAVILION (30-01-2018 04:24:49)
Running from D:\Desktop
Loaded Profiles: USUARIO (Available Profiles: PERSONAL & USUARIO)
Platform: Microsoft Windows 8.1 Pro (Update) (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [149440 2015-11-12] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6635224 2014-01-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2435312 2013-10-24] (Synaptics Incorporated)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747744 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [407040 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\...\MountPoints2: {094d4fb3-dc79-11e7-972e-a01d48113abd} - "F:\DriverSetup.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.200
Tcpip\..\Interfaces\{88C84BD4-DE48-422F-B237-71C11A3DB894}: [DhcpNameServer] 192.168.5.200
Tcpip\..\Interfaces\{91227947-735B-4129-B191-471469D12DD3}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 0y8gijzj.default
FF ProfilePath: C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default [2018-01-30]
FF Homepage: Mozilla\Firefox\Profiles\0y8gijzj.default -> www.google.com.pe
FF Extension: (Avira Browser Safety) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\abs@avira.com [2017-12-29]
FF Extension: (ADB Helper) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\adbhelper@mozilla.org [2018-01-12] [Legacy]
FF Extension: (convert2mp3.net Online Video Converter) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\info@convert2mp3.net.xpi [2017-12-08]
FF Extension: (AdBlock) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-01-04]
FF Extension: (English (GB) Language Pack) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-01-27]
FF Extension: (Avira SafeSearch Plus) - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\0y8gijzj.default\Extensions\safesearchplus2@avira.com [2017-12-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Presentaciones) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-04]
CHR Extension: (Documentos) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-04]
CHR Extension: (Google Drive) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-04]
CHR Extension: (YouTube) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-04]
CHR Extension: (Avira Password Manager) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-12-29]
CHR Extension: (Hojas de cálculo) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-04]
CHR Extension: (Avira Navegación segura) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-12-29]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-04]
CHR Extension: (Gmail) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\USUARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128944 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1526832 2017-12-07] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-01-23] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280872 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103696 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [69888 2013-07-23] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [22272 2013-07-23] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200192 2013-09-24] (Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [54088 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [147576 2017-12-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [167272 2017-12-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [53256 2017-12-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [77560 2017-12-07] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [37472 2017-12-07] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [220376 2014-01-03] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5357056 2016-12-29] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38920 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [231256 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [85336 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver86.sys [29792 2016-03-23] (HP)
R3 WirelessButtonDriver86; C:\Windows\system32\DRIVERS\WirelessButtonDriver86.sys [29792 2016-03-23] (HP)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 02:44 - 2018-01-30 02:44 - 000149512 _____ C:\Windows\Minidump\013018-30890-01.dmp
2018-01-30 02:43 - 2018-01-30 02:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-30 01:52 - 2018-01-30 01:53 - 000149512 _____ C:\Windows\Minidump\013018-26703-01.dmp
2018-01-29 16:40 - 2018-01-29 16:41 - 000149512 _____ C:\Windows\Minidump\012918-24156-01.dmp
2018-01-29 11:49 - 2018-01-29 11:49 - 000149512 _____ C:\Windows\Minidump\012918-27390-01.dmp
2018-01-27 15:44 - 2017-10-04 03:21 - 000029352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2018-01-27 15:44 - 2017-10-04 03:21 - 000019088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2018-01-27 13:40 - 2018-01-28 05:30 - 000000000 ____D C:\AdwCleaner
2018-01-25 06:15 - 2018-01-25 06:15 - 000149608 _____ C:\Windows\Minidump\012518-103609-01.dmp
2018-01-25 05:57 - 2018-01-25 05:57 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\ClassicShell
2018-01-25 05:57 - 2018-01-25 05:57 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\ClassicShell
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\Synaptics
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\ATI
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\ATI
2018-01-25 05:55 - 2018-01-25 05:55 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\AMD
2018-01-25 05:48 - 2018-01-25 05:48 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\VirtualStore
2018-01-25 05:48 - 2018-01-25 05:48 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\Google
2018-01-25 05:47 - 2018-01-25 06:00 - 000000000 ____D C:\Users\PERSONAL\AppData\Local\Packages
2018-01-25 05:47 - 2018-01-25 05:47 - 000001430 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-01-25 05:47 - 2018-01-25 05:47 - 000000020 ___SH C:\Users\PERSONAL\ntuser.ini
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Reciente
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Plantillas
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Mis documentos
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Menú Inicio
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Impresoras
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Entorno de red
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Datos de programa
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\Configuración local
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Historial
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Datos de programa
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 _SHDL C:\Users\PERSONAL\AppData\Local\Archivos temporales de Internet
2018-01-25 05:47 - 2018-01-25 05:47 - 000000000 ____D C:\Users\PERSONAL\AppData\Roaming\Adobe
2018-01-25 05:47 - 2014-02-21 23:38 - 000000369 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-01-25 05:47 - 2014-02-21 23:38 - 000000369 _____ C:\Users\PERSONAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-01-25 05:46 - 2018-01-25 05:52 - 000000000 ____D C:\Users\PERSONAL
2018-01-23 13:50 - 2018-01-23 13:50 - 000149464 _____ C:\Windows\Minidump\012318-37218-01.dmp
2018-01-14 13:47 - 2018-01-14 13:47 - 000149512 _____ C:\Windows\Minidump\011418-41531-01.dmp
2018-01-10 07:34 - 2018-01-02 01:00 - 019790760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 005668696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-10 07:34 - 2018-01-02 00:59 - 001681240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-10 07:34 - 2018-01-02 00:59 - 001565520 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 001213784 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 000342872 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-01-10 07:34 - 2018-01-02 00:59 - 000342872 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-10 07:34 - 2018-01-02 00:58 - 001472056 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-10 07:34 - 2018-01-02 00:58 - 001405464 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-10 07:34 - 2018-01-02 00:58 - 001295440 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-10 07:34 - 2018-01-02 00:58 - 001280960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-10 07:34 - 2018-01-02 00:58 - 001181824 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-10 07:34 - 2018-01-02 00:56 - 000889440 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-10 07:34 - 2018-01-02 00:20 - 020275200 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-10 07:34 - 2018-01-01 23:49 - 002294272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-10 07:34 - 2018-01-01 23:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-10 07:34 - 2018-01-01 23:23 - 004508160 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-10 07:34 - 2018-01-01 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-10 07:34 - 2018-01-01 23:13 - 001117184 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-10 07:34 - 2018-01-01 23:09 - 000644608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-10 07:34 - 2018-01-01 23:06 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-10 07:34 - 2018-01-01 23:01 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-10 07:34 - 2018-01-01 22:46 - 002976256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-01-10 07:34 - 2017-12-10 08:24 - 005275136 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2018-01-10 07:34 - 2017-12-10 07:59 - 005270528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-10 07:34 - 2017-12-05 23:37 - 001841488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-10 07:34 - 2017-12-05 11:37 - 003454464 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000501592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000192352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-10 07:33 - 2018-01-02 01:05 - 000164296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-10 07:33 - 2018-01-02 01:03 - 000482904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-10 07:33 - 2018-01-02 01:03 - 000341384 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2018-01-10 07:33 - 2018-01-02 01:01 - 001902328 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-10 07:33 - 2018-01-02 01:01 - 000069464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-10 07:33 - 2018-01-02 00:59 - 000270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-10 07:33 - 2018-01-02 00:56 - 000851712 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-10 07:33 - 2018-01-02 00:48 - 000507176 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-10 07:33 - 2018-01-02 00:47 - 000736600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-10 07:33 - 2018-01-02 00:01 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-10 07:33 - 2018-01-02 00:01 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000574464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000376320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-10 07:33 - 2018-01-02 00:00 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-10 07:33 - 2018-01-01 23:59 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-10 07:33 - 2018-01-01 23:59 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-10 07:33 - 2018-01-01 23:56 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-10 07:33 - 2018-01-01 23:54 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-10 07:33 - 2018-01-01 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-10 07:33 - 2018-01-01 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-10 07:33 - 2018-01-01 23:45 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-10 07:33 - 2018-01-01 23:43 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-10 07:33 - 2018-01-01 23:42 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-10 07:33 - 2018-01-01 23:34 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-10 07:33 - 2018-01-01 23:27 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-10 07:33 - 2018-01-01 23:25 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-10 07:33 - 2018-01-01 23:25 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-10 07:33 - 2018-01-01 23:22 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-10 07:33 - 2018-01-01 23:18 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-10 07:33 - 2018-01-01 23:17 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-10 07:33 - 2018-01-01 23:17 - 000331776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-10 07:33 - 2018-01-01 23:16 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-10 07:33 - 2018-01-01 23:16 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-10 07:33 - 2018-01-01 23:12 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-10 07:33 - 2018-01-01 23:11 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-10 07:33 - 2018-01-01 23:11 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-10 07:33 - 2018-01-01 23:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-10 07:33 - 2018-01-01 23:09 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-10 07:33 - 2018-01-01 23:09 - 000543232 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-10 07:33 - 2018-01-01 23:08 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-10 07:33 - 2018-01-01 23:07 - 001328128 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-10 07:33 - 2018-01-01 23:05 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-10 07:33 - 2018-01-01 23:04 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-10 07:33 - 2018-01-01 23:02 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-10 07:33 - 2018-01-01 23:02 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-10 07:33 - 2018-01-01 23:01 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-10 07:33 - 2018-01-01 23:00 - 001326080 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-10 07:33 - 2018-01-01 22:59 - 001845248 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-10 07:33 - 2018-01-01 22:59 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-10 07:33 - 2018-01-01 22:58 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-10 07:33 - 2018-01-01 22:57 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-10 07:33 - 2018-01-01 22:56 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-10 07:33 - 2018-01-01 22:56 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-10 07:33 - 2018-01-01 22:55 - 001015808 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-10 07:33 - 2018-01-01 22:55 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-10 07:33 - 2018-01-01 22:54 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-10 07:33 - 2018-01-01 22:53 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-10 07:33 - 2017-12-14 16:39 - 000315736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-10 07:33 - 2017-12-13 00:44 - 000076624 _____ (Microsoft Corporation) C:\Windows\system32\KeyboardFilterSvc.dll
2018-01-10 07:33 - 2017-12-10 08:59 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-10 07:33 - 2017-12-10 08:58 - 000035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-10 07:33 - 2014-11-07 22:17 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-10 07:33 - 2014-11-07 22:13 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-10 07:33 - 2014-11-07 22:13 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-10 07:33 - 2014-11-07 22:13 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-10 07:33 - 2014-11-07 21:48 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-10 07:33 - 2014-11-03 23:41 - 000112128 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2018-01-09 06:53 - 2018-01-09 06:53 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\2762C5C5.sys
2018-01-09 05:29 - 2018-01-09 05:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 05:28 - 2018-01-09 05:28 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\625343F5.sys
2018-01-09 05:21 - 2018-01-14 13:14 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-09 05:21 - 2018-01-09 06:53 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-01-05 05:50 - 2018-01-05 05:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-05 05:50 - 2018-01-05 05:50 - 000000000 ____D C:\Program Files\VS Revo Group
2018-01-03 14:08 - 2018-01-03 14:08 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Downloaded Installations
2018-01-03 13:09 - 2018-01-30 04:24 - 000000000 ____D C:\FRST
2018-01-03 11:59 - 2018-01-03 11:59 - 000000000 ____D C:\Users\USUARIO\AppData\Local\AviraSpeedup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 02:51 - 2017-12-05 08:01 - 000000000 ____D C:\Users\USUARIO\AppData\LocalLow\Mozilla
2018-01-30 02:50 - 2017-11-27 16:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-30 02:48 - 2017-11-27 12:58 - 000000000 ____D C:\Users\USUARIO\AppData\Local\ClassicShell
2018-01-30 02:44 - 2017-11-23 16:48 - 000000000 ____D C:\Users\USUARIO
2018-01-30 02:44 - 2017-11-23 16:46 - 000000000 ____D C:\Windows\Minidump
2018-01-30 02:44 - 2017-11-23 16:45 - 352354122 _____ C:\Windows\MEMORY.DMP
2018-01-30 02:44 - 2013-08-22 02:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-30 02:39 - 2017-12-29 16:27 - 000000000 ____D C:\Program Files\Avira
2018-01-30 02:39 - 2017-12-29 16:26 - 000000000 ____D C:\ProgramData\Avira
2018-01-30 02:36 - 2017-11-27 12:59 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-01-30 01:56 - 2017-11-27 15:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-30 01:56 - 2017-11-27 12:59 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-29 16:54 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\system32\NDF
2018-01-29 00:36 - 2013-08-22 01:21 - 000000000 ____D C:\Windows\inf
2018-01-28 04:26 - 2013-08-22 03:05 - 000000000 ____D C:\Windows\CbsTemp
2018-01-27 13:49 - 2013-08-22 01:13 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-01-27 07:17 - 2017-12-04 09:05 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-25 06:00 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\AppReadiness
2018-01-25 04:36 - 2017-11-23 17:01 - 000341090 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-25 04:36 - 2013-08-22 09:57 - 000016712 _____ C:\Windows\system32\perfh00A.dat
2018-01-25 04:36 - 2013-08-22 09:57 - 000005328 _____ C:\Windows\system32\perfc00A.dat
2018-01-16 14:59 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\rescache
2018-01-14 13:15 - 2013-08-22 02:22 - 000478784 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-14 08:26 - 2013-08-22 03:17 - 000000000 ___RD C:\Windows\ToastData
2018-01-11 06:05 - 2017-12-28 15:58 - 000000000 ____D C:\Users\USUARIO\AppData\Roaming\PhotoScape
2018-01-11 03:45 - 2017-11-27 16:56 - 000000000 ____D C:\Windows\system32\MRT
2018-01-11 03:19 - 2017-11-27 16:56 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-11 03:17 - 2017-11-27 16:56 - 126487616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-09 12:55 - 2013-08-22 03:17 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 07:00 - 2017-11-27 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-07 07:00 - 2017-11-27 13:01 - 000000000 ____D C:\Program Files\Java
2018-01-07 05:55 - 2017-11-27 14:43 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-01-07 05:55 - 2017-11-27 14:42 - 000000000 ____D C:\ProgramData\Adobe
2018-01-05 05:25 - 2017-11-27 14:18 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-05 05:25 - 2013-08-22 03:17 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-05 05:22 - 2013-08-22 10:00 - 000000000 ____D C:\Windows\ShellNew
2018-01-05 05:20 - 2013-08-22 03:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-01 10:20 - 2017-11-27 15:06 - 000000000 ____D C:\Users\USUARIO\AppData\Local\Cyberlink
2018-01-01 10:20 - 2017-11-27 14:57 - 000000000 ____D C:\ProgramData\CyberLink

==================== Files in the root of some directories =======

2017-12-07 12:48 - 2017-12-07 12:48 - 000000000 _____ () C:\Users\USUARIO\AppData\Local\{F26EDB51-2055-4602-B5D3-00CED93B3C9D}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-27 15:41

==================== End of FRST.txt ============================
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
Ran by USUARIO (30-01-2018 04:27:09)
Running from D:\Desktop
Microsoft Windows 8.1 Pro (Update) (X86) (2017-11-23 21:47:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3478894747-1205790465-3368493391-500 - Administrator - Disabled)
Invitado (S-1-5-21-3478894747-1205790465-3368493391-501 - Limited - Disabled)
PERSONAL (S-1-5-21-3478894747-1205790465-3368493391-1001 - Administrator - Enabled) => C:\Users\PERSONAL
USUARIO (S-1-5-21-3478894747-1205790465-3368493391-1002 - Administrator - Enabled) => C:\Users\USUARIO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD VISION Engine Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira (HKLM\...\{4BC30143-FC17-4BA0-96C3-11F21F026099}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{638c58eb-e71e-4b96-8f16-c5a7dbc4293f}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG)
Classic Shell (HKLM\...\{8EA72B6A-D11E-4B91-8657-364F4B21347F}) (Version: 4.2.5 - IvoSoft)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
K-Lite Mega Codec Pack 10.9.2 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.2 - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 58.0.1 (x86 es-ES)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1.6602 - Mozilla)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.2 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper32.dll [2015-11-12] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C62A04-1B4A-4A01-A4A3-4C32B0385A7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {94AF091E-7A0A-4558-AF24-C73A84A388A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {B7F80375-FA01-4A43-959A-16AF01FA815C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-11-23] ()
Task: {E1122790-29E4-4B57-B10A-3765D5A5DD2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {F0D8A4DD-17B8-4EB8-A6A0-60A1EBB995F8} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-12-07] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 000114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 000095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 01:13 - 2013-08-22 01:13 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3478894747-1205790465-3368493391-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 192.168.5.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E06FC46E-59EF-47EE-B3BB-F73828841A5D}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{3D8CC876-965E-4FA4-889C-914872C5BE74}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{64F9F47D-74F5-4B72-8AE1-BCE6941C2F34}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{67D03460-1154-45C7-B9D4-28C8D2C144BC}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{22ACC95E-571B-440A-8D31-E05521489023}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5591A55D-34F9-4A5A-8765-FEC28DB34739}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EE8242AC-2F14-45E6-99D9-908FFA69F966}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2151C475-393A-41C4-A384-870B1E54B9B8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{ED6DB659-A350-4345-B79F-67844D03B214}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D46845F8-079C-4C55-A4B0-885EB233E5D6}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

11-01-2018 03:12:16 Instalador de Módulos de Windows
25-01-2018 06:30:02 Punto de control programado
30-01-2018 01:38:37 Revo Uninstaller's restore point - Avira
30-01-2018 02:24:10 Revo Uninstaller's restore point - Avira

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2018 02:50:49 AM) (Source: MsiInstaller) (EventID: 11714) (User: PAVILION)
Description: Product: Avira -- Error 1714. The older version of Avira cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (01/30/2018 02:46:48 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.

Error: (01/30/2018 02:46:34 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.

Error: (01/30/2018 02:45:07 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Während der Installation ist ein Fehler aufgetreten. Starten Sie die Reparatur.

Error: (01/30/2018 02:24:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {1aaa337f-7c43-47fc-957e-e035321ed4fa}

Error: (01/30/2018 01:38:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {f22fbdb2-dae6-48bc-ac8d-f00e38e2ec9a}

Error: (01/29/2018 11:25:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa glcnd.exe, versión 6.3.9600.16384, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1904

Hora de inicio: 01d3991267652e8f

Hora de finalización: 187

Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe\glcnd.exe

Identificador de informe: 12f36cbf-0511-11e8-974a-a01d48113abd

Nombre completo de paquete con errores: Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: Microsoft.Reader

Error: (01/29/2018 10:06:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Un problema impidió que los datos del Programa para la mejora de la experiencia del usuario se enviaran a Microsoft, (error 80070005).

Error: (01/29/2018 10:03:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PAVILION)
Description: La aplicación Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe+Microsoft.Reader no se inició dentro del tiempo asignado.

Error: (01/29/2018 10:03:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa glcnd.exe, versión 6.3.9600.16384, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: f0c

Hora de inicio: 01d39824cf7df11f

Hora de finalización: 140

Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe\glcnd.exe

Identificador de informe: 97147b96-0505-11e8-974a-a01d48113abd

Nombre completo de paquete con errores: Microsoft.Reader_6.3.9600.16384_x86__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: Microsoft.Reader


System errors:
=============
Error: (01/30/2018 02:46:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Avira Service Host se terminó de manera inesperada. Esto ha sucedido 3 veces.

Error: (01/30/2018 02:46:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (01/30/2018 02:46:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (01/30/2018 02:44:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (01/30/2018 02:44:44 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: El equipo se reinició después de una comprobación de errores. La comprobación de errores fue: 0x0000001e (0xc0000005, 0x8dae0dfb, 0x00000000, 0x00000000). Se guardó un volcado en: C:\Windows\MEMORY.DMP. Id. de informe: 013018-30890-01.

Error: (01/30/2018 02:44:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 02:36:35 a.m. del ‎30/‎01/‎2018 resultó inesperado.

Error: (01/30/2018 02:36:41 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (01/30/2018 02:30:46 AM) (Source: DCOM) (EventID: 10010) (User: PAVILION)
Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/30/2018 02:30:16 AM) (Source: DCOM) (EventID: 10010) (User: PAVILION)
Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/30/2018 01:53:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126


CodeIntegrity:
===================================
  Date: 2017-12-25 07:49:08.697
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-18 20:15:52.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-18 04:52:22.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-15 09:12:05.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-13 10:34:52.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-11 17:33:22.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics 
Percentage of memory in use: 49%
Total physical RAM: 3057.11 MB
Available physical RAM: 1556.38 MB
Total Virtual: 6129.11 MB
Available Virtual: 3910.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:120 GB) (Free:91.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:177.75 GB) (Free:168 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 3D9DFA4D)
Partition 1: (Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

--- --- ---

Antwort
Seite 2 von 3 1 2 3

Themen zu Laptop grundlos abwechselnd extrem langsam, dann wieder normal
email, festgestellt, firefox, gekauft, geld, grundlos, hängen, hängt, installation, internetseite, klick, langsam, laptop, logfiles, lädt, neue, nichts, offen, programm, seite, seiten, super, system, taskmanager, winrar, youtube


« Unbekannte Chromeerweiterung lässt sich nicht entfernen | Funde mit Eset Onlinescanner »


Ähnliche Themen: Laptop grundlos abwechselnd extrem langsam, dann wieder normal


  1. Win 7: normaler Modus extrem langsam, läuft normal abgesichert
    Log-Analyse und Auswertung - 27.03.2017 (19)
  2. Pc wird extrem langsam und dann stürzt er ab
    Plagegeister aller Art und deren Bekämpfung - 14.03.2017 (2)
  3. Pc wird extrem langsam und dann stürzt er ab
    Mülltonne - 10.03.2017 (0)
  4. Windows 8.1: Laptop ist extrem langsam geworden/friert hin und wieder ein
    Plagegeister aller Art und deren Bekämpfung - 16.12.2016 (15)
  5. Windwos 7 Home Premium. Rechner ist ständigen Intervallen langsam und dann wieder normal.
    Log-Analyse und Auswertung - 06.08.2015 (14)
  6. Browser extrem langsam oder funktionieren nicht. PC läuft normal.
    Log-Analyse und Auswertung - 18.11.2014 (13)
  7. Internet extrem langsam an Desktop PC. An anderen Geräten normal!
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (14)
  8. Windows 8.1 Wird oft ein paar Minuten langsam und dann wieder schnell
    Alles rund um Windows - 01.05.2014 (19)
  9. Laptop extrem langsam; Aufpoppendes Programm bei Systemstart verschwindet gleich wieder
    Log-Analyse und Auswertung - 08.04.2014 (5)
  10. Windows 7 startet extrem langsam und arbeitet dann auch sehr ruckhaft
    Log-Analyse und Auswertung - 19.02.2014 (18)
  11. Seitenaufbau im Internet extrem langsam, Textprogramme oder Spiele und ähnliche Programme laufen normal
    Log-Analyse und Auswertung - 04.10.2013 (37)
  12. blauer bildschirm, wird heruntergefahren und is dann wieder normal
    Alles rund um Windows - 21.01.2013 (3)
  13. Windows extrem langsam, im abgesicherten Modus normal
    Log-Analyse und Auswertung - 06.12.2012 (3)
  14. Internet extrem langsam - sonst alles normal
    Log-Analyse und Auswertung - 25.07.2012 (6)
  15. Internet immer wieder langsam, dann wieder normal usw.
    Log-Analyse und Auswertung - 20.10.2010 (1)
  16. Laptop extrem langsam
    Log-Analyse und Auswertung - 14.02.2009 (2)
  17. Fenster werden grundlos geöffnet und PC ist extrem lahm!
    Log-Analyse und Auswertung - 12.03.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Laptop grundlos abwechselnd extrem langsam, dann wieder normal - Hey cosinus, hab alles mit revo deinstalliert von deiner liste. - Laptop grundlos abwechselnd extrem langsam, dann wieder normal...
Archiv
Du betrachtest: Laptop grundlos abwechselnd extrem langsam, dann wieder normal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131