cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by fisioterapia (administrator) on LENOVO-PC (26-08-2016 15:13:42)
Running from C:\Users\fisioterapia\Desktop
Loaded Profiles: fisioterapia (Available Profiles: fisioterapia)
Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-06] (Atheros Communications)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{044378CC-3093-4F0A-A76B-DD5EF5F563FE}: [DhcpNameServer] 190.157.8.33 181.48.0.232
Tcpip\..\Interfaces\{636346F4-D807-48C5-891C-B8E2AEBA8422}: [DhcpNameServer] 190.157.8.33 181.48.0.232

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.co/?gws_rd=ssl
HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> DefaultScope {17E0BAE5-4875-4715-A630-14F76081A833} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> {17E0BAE5-4875-4715-A630-14F76081A833} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=
SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> {B2EED70F-898B-4C88-8BE4-D9664EAB8BCA} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\fisioterapia\AppData\Roaming\Mozilla\Firefox\Profiles\SPqIyouS.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-23] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\fisioterapia\AppData\Roaming\Mozilla\Firefox\Profiles\SPqIyouS.default\Extensions\abs@avira.com [2016-07-18]

Chrome:
=======
CHR Profile: C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Navegación segura) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-29]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
CHR Extension: (Gmail) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-06] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-23] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-06] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-06] (Qualcomm Atheros)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-11-09] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-10] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 mfeaack01; \Device\mfeaack01.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 15:13 - 2016-08-26 15:14 - 00015214 _____ C:\Users\fisioterapia\Desktop\FRST.txt
2016-08-26 15:13 - 2016-08-26 15:13 - 00000000 ____D C:\FRST
2016-08-26 15:12 - 2016-08-26 15:12 - 02396160 _____ (Farbar) C:\Users\fisioterapia\Desktop\FRST64.exe
2016-08-26 15:09 - 2016-08-26 15:09 - 02396160 _____ (Farbar) C:\Users\fisioterapia\Downloads\FRST64.exe
2016-08-26 11:42 - 2016-08-26 11:42 - 00281632 _____ C:\WINDOWS\Minidump\082616-22328-01.dmp
2016-08-25 10:12 - 2016-08-25 10:12 - 00460883 _____ C:\Users\fisioterapia\Downloads\INVMC_PROCESO_16-13-5483561_219698011_21030448.pdf
2016-08-24 13:31 - 2016-08-24 13:31 - 00146475 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016 (2).xlsx
2016-08-24 13:29 - 2016-08-24 13:29 - 00064748 _____ C:\Users\fisioterapia\Downloads\crc listado salud ocupacional (1).xlsx
2016-08-24 13:28 - 2016-08-24 13:28 - 00028359 _____ C:\Users\fisioterapia\Downloads\CRC JUNIO DE 2016.xlsx
2016-08-24 13:17 - 2016-08-24 13:17 - 00137689 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016 (1).xlsx
2016-08-24 13:02 - 2016-08-24 13:02 - 00146475 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016.xlsx
2016-08-24 11:00 - 2016-08-24 11:00 - 00001165 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-23 17:33 - 2016-08-23 17:34 - 01029600 _____ C:\WINDOWS\Minidump\082316-21000-01.dmp
2016-08-23 17:10 - 2016-08-23 17:11 - 00795488 _____ C:\WINDOWS\Minidump\082316-25656-01.dmp
2016-08-23 16:08 - 2016-08-23 16:08 - 00281632 _____ C:\WINDOWS\Minidump\082316-39687-01.dmp
2016-08-23 10:58 - 2016-08-23 10:58 - 00281632 _____ C:\WINDOWS\Minidump\082316-23125-01.dmp
2016-08-22 10:24 - 2016-08-22 10:24 - 00281632 _____ C:\WINDOWS\Minidump\082216-27796-01.dmp
2016-08-18 08:36 - 2016-08-18 08:37 - 00262144 _____ C:\WINDOWS\Minidump\081816-51312-01.dmp
2016-08-17 23:00 - 2016-08-17 23:00 - 00072202 _____ C:\Users\fisioterapia\Downloads\Resultado10074020.pdf
2016-08-17 22:21 - 2016-08-17 22:22 - 06355379 _____ C:\Users\fisioterapia\Downloads\DISTINTIVOS HABILITACION FUNRESER 2016.zip
2016-08-17 22:06 - 2016-08-17 22:06 - 00035860 _____ C:\Users\fisioterapia\Downloads\CA_190010719901_17_08_2016_10_06horas.pdf
2016-08-17 22:05 - 2016-08-17 22:05 - 00035860 _____ C:\Users\fisioterapia\Downloads\CA_190010719901_17_08_2016_10_05horas.pdf
2016-08-17 22:02 - 2016-08-17 22:02 - 00044236 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_17_08_2016_10_02horas.pdf
2016-08-17 22:02 - 2016-08-17 22:02 - 00044236 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_17_08_2016_10_02horas (1).pdf
2016-08-17 19:06 - 2016-08-17 19:06 - 01118135 _____ C:\Users\fisioterapia\Downloads\INVMC_PROCESO_16-13-5450168_116001000_20902260.pdf
2016-08-17 13:02 - 2016-08-17 13:02 - 00006497 _____ C:\Users\fisioterapia\Desktop\ZHPCleaner.txt
2016-08-17 12:38 - 2016-08-17 12:38 - 00000896 _____ C:\Users\fisioterapia\Desktop\ZHPCleaner.lnk
2016-08-17 12:36 - 2016-08-17 12:37 - 02344960 _____ C:\Users\fisioterapia\Downloads\ZHPCleaner.exe
2016-08-17 10:22 - 2016-08-17 10:22 - 00281632 _____ C:\WINDOWS\Minidump\081716-24578-01.dmp
2016-08-14 21:34 - 2016-08-14 21:34 - 00019064 _____ C:\Users\fisioterapia\Downloads\ANALISIS PORCENTUAL DE BCE Y E.R..xlsx
2016-08-12 21:37 - 2016-08-12 21:38 - 00281632 _____ C:\WINDOWS\Minidump\081216-36171-01.dmp
2016-08-12 11:53 - 2016-08-12 11:54 - 03712064 _____ C:\Users\fisioterapia\Downloads\adwcleaner_5.201 (1).exe
2016-08-12 11:52 - 2016-08-12 11:52 - 03712064 _____ C:\Users\fisioterapia\Downloads\adwcleaner_5.201.exe
2016-08-12 09:52 - 2016-08-12 09:52 - 00003267 _____ C:\Users\fisioterapia\Desktop\ZHPFixReport.txt
2016-08-11 15:48 - 2016-08-26 15:05 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive
2016-08-11 15:47 - 2016-08-11 15:47 - 00281632 _____ C:\WINDOWS\Minidump\081116-21953-01.dmp
2016-08-11 11:21 - 2016-08-11 11:21 - 00048936 _____ C:\Users\fisioterapia\Downloads\CA_190010719901-11_08_2016_11_21horas.pdf
2016-08-11 10:54 - 2016-08-11 10:54 - 00044233 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_11_08_2016_10_54horas.pdf
2016-08-11 10:54 - 2016-08-11 10:54 - 00044233 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_11_08_2016_10_54horas (1).pdf
2016-08-08 17:11 - 2016-08-08 17:11 - 00281632 _____ C:\WINDOWS\Minidump\080816-22218-01.dmp
2016-08-05 13:49 - 2016-08-05 13:49 - 01416098 _____ C:\Users\fisioterapia\Downloads\Nueva exploración-20160803095130-00001.tif
2016-08-05 09:40 - 2016-08-05 09:40 - 00281632 _____ C:\WINDOWS\Minidump\080516-17421-01.dmp
2016-08-03 15:33 - 2016-08-03 15:33 - 00364242 _____ C:\Users\fisioterapia\Downloads\cotizacion fundacion restaura tu ser.pdf
2016-08-02 14:29 - 2016-08-02 14:29 - 00280760 _____ C:\WINDOWS\Minidump\080216-34781-01.dmp
2016-08-01 18:53 - 2016-08-01 18:54 - 07080798 _____ C:\Users\fisioterapia\Downloads\RESTAURA - copia (7).zip
2016-08-01 12:42 - 2016-08-01 12:42 - 00000038 _____ C:\Users\fisioterapia\Documents\lien.txt
2016-08-01 12:38 - 2016-08-01 12:38 - 00080508 _____ C:\Users\fisioterapia\Documents\ZHPDiag.txt
2016-08-01 12:32 - 2016-08-01 12:32 - 00080505 _____ C:\Users\fisioterapia\Desktop\ZHPDiag.txt
2016-08-01 12:19 - 2016-08-01 12:20 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-08-01 12:19 - 2016-08-01 12:19 - 00001876 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-08-01 12:19 - 2016-08-01 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-08-01 12:03 - 2016-08-17 12:48 - 00000000 ____D C:\Users\fisioterapia\AppData\Roaming\ZHP
2016-08-01 12:03 - 2016-08-01 12:30 - 00000886 _____ C:\Users\fisioterapia\Desktop\ZHPDiag.lnk
2016-08-01 12:03 - 2016-08-01 12:03 - 02234880 _____ C:\Users\fisioterapia\Downloads\ZHPDiag3.exe
2016-08-01 09:25 - 2016-08-01 10:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-01 09:24 - 2016-08-01 09:24 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-01 09:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-01 09:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-01 09:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-01 09:20 - 2016-08-01 09:21 - 22851472 _____ (Malwarebytes ) C:\Users\fisioterapia\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-01 09:13 - 2016-08-24 12:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4080409232-1409504885-1139174345-1001
2016-07-29 18:11 - 2016-07-29 18:11 - 00281632 _____ C:\WINDOWS\Minidump\072916-23015-01.dmp
2016-07-29 17:25 - 2016-07-27 14:25 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-29 16:39 - 2016-07-29 16:40 - 00281632 _____ C:\WINDOWS\Minidump\072916-24265-01.dmp
2016-07-29 16:28 - 2016-07-29 16:28 - 00281520 _____ C:\WINDOWS\Minidump\072916-51734-01.dmp
2016-07-29 16:00 - 2016-08-09 16:12 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-29 16:00 - 2016-08-09 16:12 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-29 15:59 - 2016-07-29 16:26 - 00000000 ____D C:\Program Files\Google
2016-07-29 15:58 - 2016-08-26 15:08 - 00001064 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 15:58 - 2016-08-26 15:05 - 00001060 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-29 15:58 - 2016-07-29 16:03 - 00004036 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 15:58 - 2016-07-29 16:03 - 00003800 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 15:20 - 2016-07-29 15:20 - 00000000 ____D C:\Users\fisioterapia\Documents\ProcAlyzer Dumps
2016-07-29 12:43 - 2016-08-11 15:48 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive (4).old
2016-07-29 12:39 - 2016-08-26 11:42 - 543417191 _____ C:\WINDOWS\MEMORY.DMP
2016-07-29 12:39 - 2016-07-29 12:40 - 00281632 _____ C:\WINDOWS\Minidump\072916-21234-01.dmp
2016-07-29 12:32 - 2016-08-12 11:54 - 00000000 ____D C:\AdwCleaner
2016-07-28 20:59 - 2016-07-28 21:32 - 00000000 ___HD C:\$WINDOWS.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 15:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-26 12:44 - 2014-04-26 22:44 - 00812192 _____ C:\WINDOWS\system32\perfh00A.dat
2016-08-26 12:44 - 2014-04-26 22:44 - 00167450 _____ C:\WINDOWS\system32\perfc00A.dat
2016-08-26 12:44 - 2013-10-07 13:27 - 01833224 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-26 12:39 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-26 12:37 - 2013-08-22 09:44 - 00484008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing
2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera
2016-08-26 11:42 - 2016-07-14 15:13 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-25 18:28 - 2015-10-19 18:23 - 00004010 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB518F97-88CB-4A74-A57C-B5853D44264A}
2016-08-25 17:15 - 2016-06-22 14:22 - 00000000 ____D C:\Users\fisioterapia\Desktop\mercadeo
2016-08-25 16:43 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-24 13:39 - 2015-10-19 18:13 - 00000000 ____D C:\Users\fisioterapia
2016-08-24 13:31 - 2015-10-19 18:13 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\Packages
2016-08-24 11:00 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-24 11:00 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-22 15:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-19 17:07 - 2015-12-03 15:27 - 00000000 ____D C:\Users\fisioterapia\Documents\fonoaudiología
2016-08-17 02:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-17 02:26 - 2013-08-22 14:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-16 09:57 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 09:54 - 2015-10-19 18:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-11 11:22 - 2015-10-23 11:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 11:17 - 2015-10-23 11:24 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-05 19:42 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-05 09:46 - 2015-10-19 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 09:45 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-29 16:26 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Avira
2016-07-29 16:26 - 2015-10-19 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-29 16:13 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-29 16:13 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-29 16:06 - 2016-07-14 15:05 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-07-29 16:06 - 2016-07-14 14:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-29 16:05 - 2015-10-19 18:25 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\Google
2016-07-29 16:00 - 2015-10-19 18:59 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-29 12:43 - 2016-04-01 10:20 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive (3).old
2016-07-28 21:33 - 2016-07-19 15:38 - 00000000 ___HD C:\$GetCurrent
2016-07-28 21:32 - 2016-07-23 02:15 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2016-07-28 21:32 - 2016-07-23 02:15 - 00001908 _____ C:\WINDOWS\diagerr.xml
2016-07-28 21:32 - 2013-10-07 14:23 - 00000000 ____D C:\WINDOWS\Panther
2016-07-28 21:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-07-28 20:59 - 2016-07-23 02:08 - 00000036 _____ C:\WINDOWS\progress.ini
2016-07-28 12:02 - 2014-04-26 13:49 - 00000000 ____D C:\ProgramData\Energy Manager
2016-07-28 12:02 - 2014-04-26 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-28 12:02 - 2014-04-26 13:43 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-07-28 12:02 - 2014-04-26 13:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-28 11:59 - 2016-07-19 14:07 - 00000000 ____D C:\Users\fisioterapia\AppData\LocalLow\Adblock Plus for IE
2016-07-28 11:58 - 2015-10-19 18:44 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2014-04-26 13:25 - 2014-04-26 13:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.


LastRegBack: 2016-08-12 17:06

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité