Archivo rar extraño

Hola Resulta que mi hermana estaba usando la pc y recien veo que descargo un rar extraño, Me dice que supuestamente era para bajar videos de youtube. Pero no se ve asi. Dentro del rar dice md5crack.exe y pense que era un virus o malware pero al analizar la pc no sale nada. Sin embargo si ya lo corrió ese programa podria ser algo peligroso. Buscando el internet parece ser algo de [email protected] Podria haber robado alguna informacion de la pc? Tenemos cosas importantes aqui, desde aqui recibo y realizo pagos para mi negocio, uso paypal, etc. Es posible que se haya comprometido la informacion? Podria subir el rar y dejarlo aqui para que lo vean pero no se si se puede Me ayudan por favor ?

Hola @sool47 y Bienvenido al nuevo Foro…!!

Con qué herramientas has analizado la PC…??

Tienes informes…??

Saludos.

Hola Hice un analisis con Super AntiSpyware y solo encontro cookies. Luego hice analisis con ESet Antivirus y nada. Pero ese archivo se ve muy sospechoso , no se , al buscar en google md5crack.exe sale como si fuese algo para hackear . pero no se como podria saber si algo comprometio a la pc

Hola.

Normalmente este tipo de archivos suelen usarse para “validar” algún programa que queramos instalar y del cual NO hayamos realizado la compra del mismo, posiblemente tu hermana descargo algun programa para bajar videos de youtube y una vez instalado vio que el programa NO funciona o lo hace de forma limitada y busco o venia incluido el programa adicional parar “romper” o intentarlo y ese es el programa que mencionas.

De todas maneras puedes TU misma verificar SI ese programa/aruchivo(md5crack.exe) YA es conocido como programa poco fiable y/o que pueda haber realizado alguna infección. :face_with_monocle:

Para hacerlo usas esta guia :arrow_right: Manual de VirusTotal.

Nos pones el enlace con los resultados para que podamos valorarlo y darte nuevos pasos por si estuvieras infectada.

Saludos.

Gracias Hice lo que me dijiste y aqui estan los resultados

https://www.virustotal.com/gui/file/21f7db5d937cbcff03fc0d23e021775f8b709dd814ec8b31b262a82a47904376/detection

Hola.

Pues 27 detecciones YA son demasiadas detecciones, así que vamos a revisar TU maquina para ver que nos encontramos.

Ahora sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Personalizado. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del programa :arrow_forward: Historial de detecciones :arrow_backward: encontrarás el informe de MBAM, que debes copiar y pegar en tu próxima respuesta, para poder analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer/Responsabilidad, pulsamos Sí/Yes

  • En la ventana principal pulsamos en el botón Analizar/Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(más de 64.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos.

Tengo un problema. Todo estaba bien hasta antes de ejecutar el FRST. Hice click ahí y estaba ejecutándose cuando de repente se cerró el programa. Me fijé y es por el MBAM que lo eliminó. Así que desactivé la protección a tiempo real del MBAM y descargué de nuevo el FRST.

Pero ahora mi teclado de la pc está loco. La p o i u no se escriben. Cuando tecleo la p me sale una línea cuando tecleo la o me sale el número 6. Escribo esto Desde el celular. Trataré de subir los reportes desde la pc. Pero como digo el teclado está raro y esto no estaba así hasta después de ejecutar el FRST y que se cerrara sin motivo.

Malwarebytes


-Detalles del registro-
Fecha del análisis: 12/4/20
Hora del análisis: 22:06
Archivo de registro: 85b378f2-7d01-11ea-96b6-002522c8c00e.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.867
Versión del paquete de actualización: 1.0.22374
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: PC\AsRock

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 263529
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 5 min, 38 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, En cuarentena, 415, 242794, 1.0.22374, , ame, 

Valor del registro: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, En cuarentena, 415, 242794, 1.0.22374, , ame, 

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
RiskWare.Tool.HCK, C:\USERS\ASROCK\DESKTOP\MD5CRACK.EXE, En cuarentena, 7376, 65610, 1.0.22374, , ame, 
HackTool.FilePatch, C:\USERS\ASROCK\DESKTOP\CHIASEPHANMEM.ORG---BOILSOFT-VIDEO-SPLITTER-7.02.2.RAR, En cuarentena, 7534, 281135, 1.0.22374, , ame, 

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-04-24.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-12-2020
# Duration: 00:00:02
# OS:       Windows 8.1 Pro
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\AsRock\AppData\Roaming\DRPSu

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6FBFE9F7-B36E-4BE1-92D8-BB7ECAFDAEBF}C:\users\asrock\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2975E6A2-457C-433B-9129-7C903D665B92}C:\users\asrock\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64 
Ran by AsRock (Administrator) on 12/04/2020 at 22:22:50,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 48 

Successfully deleted: C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Easy Scheduled Scan (Task)
Successfully deleted: C:\Windows\Tasks\Driver Easy Scheduled Scan.job (Task) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP12D8.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP17B9.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP1C9D.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP1E7E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP2CAD.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP3039.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP30A.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP338F.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP3621.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP4394.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP4AAB.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP55B0.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP57DC.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP5C59.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP5D92.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP5EC8.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP64BE.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP6650.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP6A71.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP6F08.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP6FB2.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP7B90.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP7BC9.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP7EB4.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP800E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP827A.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP849F.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP85CE.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP8E69.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP8FB1.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP905E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP9198.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP92D2.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAP9544.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPA7B2.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPAB82.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPBC4D.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPC70D.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPC948.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPD377.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPE41E.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPFDB8.tmp (File) 
Successfully deleted: C:\Windows\SysWOW64\FAPFFED.tmp (File) 

Deleted the following from C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\prefs.js
user_pref(browser.newtab.url, hxxps://securesearch.org/homepage?hp=2&pId=BT170702&iDate=2020-04-01 12:59:19&bName=);
user_pref(browser.newtabpage.url, hxxps://securesearch.org/homepage?hp=2&pId=BT170702&iDate=2020-04-01 12:59:19&bName=);
user_pref(browser.urlbar.suggest.searches, false);



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2020 at 22:28:43,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 12-04-2020
Ejecutado por AsRock (administrador) sobre PC (12-04-2020 22:42:10)
Ejecutado desde C:\Users\AsRock\Downloads\Programs
Perfiles cargados: AsRock (Perfiles disponibles: AsRock)
Platform: Windows 8.1 Pro (X64) Idioma: Español (España, internacional)
Navegador predeterminado: FF
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\slui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <4>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Numedia Soft, Inc. -> ) C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [185648 2020-04-08] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Lanzhou Itanium Software Technology Co., Ltd. -> Zbshareware Lab)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-16] (Shenzhen Wondershare Information Technology Co., Ltd. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2306456 2017-02-27] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2017-03-10] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH -> Geek Software GmbH)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4172656 2020-02-08] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Run: [f.lux] => C:\Users\AsRock\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Run: [EPSON L200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGUP.EXE [224768 2010-01-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4172656 2020-02-08] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Run: [f.lux] => C:\Users\AsRock\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Run: [EPSON L200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGUP.EXE [224768 2010-01-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4172656 2020-02-08] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Run: [f.lux] => C:\Users\AsRock\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Run: [EPSON L200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGUP.EXE [224768 2010-01-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.92\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\Users\AsRock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-02-09]
ShortcutTarget: MEGAsync.lnk -> C:\Users\AsRock\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {00DF0D70-93F5-44D8-B485-F966BAC982E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F947C40-1303-4339-94FA-19819EC6CCDC} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {350D5A58-D2A0-4888-A727-6E7D604B8B0E} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {3B077CA9-5375-49C1-B93F-591C5A9B452E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-23] (Adobe Inc. -> Adobe)
Task: {3EE464C0-14E4-45FB-839A-6CADBD90CA08} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {5A2337CD-EE8E-4296-B724-B2CD22FDF1F9} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {5D723A7C-FD9A-4BE4-BDC4-52F0AE30A946} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {694A9966-800D-4251-B050-42B88AF5BF40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-20] (Piriform Ltd -> Piriform Ltd)
Task: {92B06A5A-3E1E-449C-ABBF-2A4D737B6446} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {97101EE4-3C53-4F58-850A-3DCE7EF016FD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A93E1A8-F9D9-4609-A1F7-E02BD4A9DEAE} - System32\Tasks\{1B0682C1-B639-4E48-A621-4FF98A6C2A91} => C:\Windows\system32\pcalua.exe -a "C:\Archivos de programa\Diner Dash - Hometown Hero\Diner Dash - Hometown Hero.exe" -d "C:\Archivos de programa\Diner Dash - Hometown Hero"
Task: {BD2260D2-2615-4EFE-B226-721AFCB769BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.)
Task: {BD50EFCF-0B58-42CF-BECA-1D2DDAB2B3BD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D1C7396E-78B8-4B02-981A-A9AB6EA6C4DB} - System32\Tasks\{8E857ED6-D01A-466B-9478-1EB4F111710F} => C:\Windows\system32\pcalua.exe -a C:\Users\AsRock\Downloads\Programs\L200_x86_670APS_C1.exe -d C:\Users\AsRock\AppData\Roaming\IDM
Task: {D349BBDA-63F3-4764-94A8-A4D1ADE94D73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6F2A8CE-A268-48AF-A8A4-87F31AE40FFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {E7F74AE0-D9FF-414E-9EEA-2EED5EA473E1} - System32\Tasks\{DE03503B-A6D3-4B85-8113-E851FCB0E1C4} => C:\Windows\system32\pcalua.exe -a C:\Users\AsRock\Downloads\Programs\L200_x64_671A.exe -d C:\Users\AsRock\AppData\Roaming\IDM
Task: {F52B96CA-5663-4B7C-B54E-A9DB51D9EE89} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6D94A1E5-DD47-4351-AFF9-C622145A9217}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170702&iDate=2020-04-01 12:59:19&bName=
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2020-01-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-16] (Shenzhen Wondershare Information Technology Co., Ltd. -> Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Ningún archivo

FireFox:
========
FF DefaultProfile: 42bbftkl.default
FF ProfilePath: C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default [2020-04-12]
FF Extension: (Tampermonkey) - C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\Extensions\[email protected] [2019-05-13]
FF Extension: (SaveFrom.net helper) - C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\Extensions\[email protected] [2020-04-12]
FF Extension: (Video DownloadHelper) - C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-04-01]
FF Extension: (Greasemonkey) - C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
FF Extension: (NeoBux AdAlert) - C:\Users\AsRock\AppData\Roaming\Mozilla\Firefox\Profiles\42bbftkl.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2019-08-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] [2019-12-24] [Heredado] [no firmado]
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2020-02-01]
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Heredado]
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\AsRock\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\AsRock\AppData\Roaming\IDM\idmmzcc5 [2017-09-12] [Heredado] [no firmado]
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\AsRock\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\AsRock\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-23] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) [Archivo no firmado]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-23] (Adobe Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG -> Nero AG)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-09-26] (Zylom) [Archivo no firmado]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-04-12]

Chrome: 
=======
CHR Profile: C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default [2020-04-12]
CHR Extension: (Documentos) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (MEGA) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-04-12]
CHR Extension: (YouTube) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Búsqueda de Google) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-23]
CHR Extension: (ySense Addon) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2020-01-02]
CHR Extension: (AdSwap) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjnmfgkjghjcfegjedfcbegjihdhefa [2019-03-23]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-27]
CHR Extension: (Gmail) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-12]
CHR Profile: C:\Users\AsRock\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-02-08]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2018-07-19] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc. -> Apple Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-08] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] (Intel(R) Software Development Products -> )
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-12] (Malwarebytes Inc -> Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [664960 2010-11-22] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 NMSAccessU; C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe [71096 2007-10-12] (Numedia Soft, Inc. -> )
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [432776 2018-06-28] (Geek Software GmbH -> Geek Software GmbH)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] (Intel(R) Software Development Products -> )
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [17760 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [17760 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [17760 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [17760 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [330616 2017-02-27] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [154336 2020-04-08] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2020-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188872 2020-03-27] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [53048 2020-03-27] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79520 2020-03-27] (ESET, spol. s r.o. -> ESET)
U4 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [115960 2020-03-27] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [112872 2015-01-07] (GENESYS LOGIC, INC. -> GenesysLogic)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-04-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-04-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [119960 2020-04-12] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VIAHdAudAddService; C:\Windows\system32\drivers\viahduaa.sys [689672 2014-11-06] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2017-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare Software Co., Ltd.  -> Wondershare)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-04-12 22:32 - 2020-04-12 22:42 - 000000000 ____D C:\FRST
2020-04-12 22:28 - 2020-04-12 22:28 - 000004382 _____ C:\Users\AsRock\Desktop\JRT.txt
2020-04-12 22:21 - 2020-04-12 22:39 - 000000000 ____D C:\Users\AsRock\AppData\LocalLow\IGDump
2020-04-12 22:21 - 2020-04-12 22:21 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-04-12 22:20 - 2020-04-12 22:20 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-04-12 22:20 - 2020-04-12 22:20 - 000119960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-04-12 20:56 - 2020-04-12 20:56 - 000000000 ____D C:\Users\AsRock\AppData\Local\mbam
2020-04-12 20:56 - 2020-04-12 20:56 - 000000000 ____D C:\Users\AsRock\AppData\Local\cache
2020-04-12 20:55 - 2020-04-12 20:55 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-04-12 20:55 - 2020-04-12 20:55 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-12 20:55 - 2020-04-12 20:55 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-04-12 20:55 - 2020-04-12 20:55 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-04-12 20:55 - 2020-04-12 20:55 - 000000000 ____D C:\Users\AsRock\AppData\Local\mbamtray
2020-04-12 20:55 - 2020-04-12 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-04-12 20:32 - 2020-04-12 20:32 - 002281472 _____ (Farbar) C:\Users\AsRock\Desktop\FRST64.exe
2020-04-12 20:30 - 2020-04-12 20:30 - 001790024 _____ (Malwarebytes) C:\Users\AsRock\Desktop\JRT.exe
2020-04-12 20:30 - 2020-04-12 20:30 - 000000000 ____D C:\Program Files\Malwarebytes
2020-04-12 20:23 - 2020-04-12 20:23 - 000000000 ____D C:\ProgramData\MB2Migration
2020-04-12 15:57 - 2020-04-12 15:57 - 000001207 _____ C:\Users\Public\Desktop\Launch Airy.lnk
2020-04-12 15:57 - 2020-04-12 15:57 - 000001207 _____ C:\ProgramData\Desktop\Launch Airy.lnk
2020-04-12 15:57 - 2020-04-12 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airy Team
2020-04-12 15:56 - 2020-04-12 15:56 - 000000000 ____D C:\Program Files (x86)\Airy Team
2020-04-12 15:39 - 2020-04-12 15:39 - 000045104 _____ C:\Users\AsRock\Documents\cc_20200412_153923.reg
2020-04-12 15:16 - 2020-04-12 15:16 - 174245878 _____ C:\Users\AsRock\Desktop\[SEVENTEEN_ENG SUB] 181215 새벽 - 세븐틴 in 홍콩~캐럿들 사랑에 숨이차.mp4
2020-04-05 14:45 - 2019-10-23 00:22 - 101348646 ____N C:\Users\AsRock\Desktop\Team S 2nd Stage Te wo Tsunaginagara.rar
2020-04-03 12:24 - 2020-04-03 12:24 - 000001076 _____ C:\Users\Public\Desktop\MyEpson Portal.lnk
2020-04-03 12:24 - 2020-04-03 12:24 - 000001076 _____ C:\ProgramData\Desktop\MyEpson Portal.lnk
2020-04-01 13:58 - 2020-04-01 13:58 - 000000880 _____ C:\Users\AsRock\Desktop\BitTorrent.lnk
2020-04-01 13:58 - 2020-04-01 13:58 - 000000860 _____ C:\Users\AsRock\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2020-03-27 13:51 - 2020-03-27 13:51 - 000002012 _____ C:\Users\AsRock\Desktop\Road Rash.lnk
2020-03-27 13:51 - 2020-03-27 13:51 - 000001124 _____ C:\Users\AsRock\Desktop\Road Rash (Windows XP).lnk
2020-03-27 13:51 - 2020-03-27 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Gaming Network
2020-03-27 13:51 - 2020-03-27 13:51 - 000000000 ____D C:\Program Files (x86)\CGN
2020-03-26 15:17 - 2020-03-26 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2020-03-26 15:17 - 2020-03-26 15:17 - 000001934 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2020-03-26 15:17 - 2020-03-26 15:17 - 000001934 _____ C:\ProgramData\Desktop\DOSBox 0.74.lnk
2020-03-26 15:17 - 2020-03-26 15:17 - 000000000 ____D C:\Users\AsRock\AppData\Local\DOSBox
2020-03-26 15:17 - 2020-03-26 15:17 - 000000000 ____D C:\Program Files (x86)\DOSBox-0.74
2020-03-26 15:12 - 2020-04-03 14:41 - 000000000 ____D C:\Users\AsRock\Desktop\juegos
2020-03-26 14:52 - 2020-03-26 14:52 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\Obsidium
2020-03-26 14:51 - 2020-03-26 14:51 - 000000983 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2020-03-26 14:51 - 2020-03-26 14:51 - 000000983 _____ C:\ProgramData\Desktop\Driver Easy.lnk
2020-03-26 14:51 - 2020-03-26 14:51 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\Easeware
2020-03-26 14:51 - 2020-03-26 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2020-03-26 14:51 - 2020-03-26 14:51 - 000000000 ____D C:\Program Files\Easeware
2020-03-25 22:53 - 2020-03-25 22:57 - 000000000 ____D C:\Windows\The Labyrinth Plus! Edition
2020-03-25 22:53 - 2020-03-25 22:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2020-03-25 22:53 - 2020-03-25 22:53 - 000000000 ____D C:\Windows\Data
2020-03-25 22:53 - 2009-01-22 13:04 - 000065392 _____ C:\Windows\Labyrinth.chm
2020-03-25 22:47 - 2020-04-02 14:39 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\The Labyrinth Plus! Edition
2020-03-25 22:47 - 2020-03-25 22:47 - 000000000 ____D C:\Users\AsRock\AppData\Local\Thinstall
2020-03-25 17:28 - 2020-03-25 17:28 - 000000000 ____D C:\Road Rash
2020-03-24 19:55 - 2020-03-24 19:55 - 000000000 ____D C:\Users\AsRock\Documents\JoWooD
2020-03-23 20:17 - 2020-03-23 20:17 - 000004440 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-03-23 19:19 - 2020-03-24 18:25 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-03-23 19:19 - 2020-03-23 19:41 - 000000000 ____D C:\Users\AsRock\AppData\Local\BraveSoftware
2020-03-23 19:15 - 2020-03-23 19:15 - 000000000 ____D C:\ProgramData\Mozilla
2020-03-23 18:46 - 2020-03-23 18:46 - 000000000 ____D C:\ProgramData\TEMP
2020-03-23 17:06 - 2020-03-25 17:28 - 000000000 ____D C:\Program Files (x86)\Hercules_win95

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-04-12 22:43 - 2017-09-27 21:21 - 000000000 ____D C:\Users\AsRock\AppData\LocalLow\Mozilla
2020-04-12 22:38 - 2015-11-24 17:55 - 000003958 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{7571C57B-295C-48E6-9D00-6989E264807E}
2020-04-12 22:28 - 2018-01-06 17:42 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-04-12 22:19 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-12 22:18 - 2017-09-12 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-04-12 22:18 - 2015-12-01 12:55 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2020-04-12 22:18 - 2015-11-24 17:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-12 22:18 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2020-04-12 22:17 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-04-12 22:04 - 2015-12-08 21:34 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\MPC-HC
2020-04-12 22:04 - 2015-11-28 13:39 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\IDM
2020-04-12 22:02 - 2015-11-28 13:39 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\DMCache
2020-04-12 21:50 - 2015-11-26 12:14 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\vlc
2020-04-12 21:28 - 2015-11-24 17:18 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1872565749-2087832348-4293138441-1001
2020-04-12 20:55 - 2016-10-06 15:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-12 20:13 - 2019-02-09 14:47 - 000000000 ____D C:\Users\AsRock\Documents\MEGAsync Downloads
2020-04-12 15:36 - 2015-12-06 14:15 - 000000000 ____D C:\ProgramData\VSO
2020-04-12 15:36 - 2015-11-27 19:46 - 000000000 ____D C:\Users\AsRock\AppData\Roaming\BitTorrent
2020-04-08 19:59 - 2015-11-24 17:55 - 000002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-08 19:59 - 2015-11-24 17:55 - 000002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-08 19:59 - 2015-11-24 17:55 - 000002201 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-08 14:21 - 2016-04-09 17:12 - 034353543 _____ C:\Users\AsRock\Desktop\POCS-1360.zip
2020-04-08 13:33 - 2018-01-19 15:32 - 000154336 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2020-04-06 14:03 - 2018-03-18 14:59 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2020-04-05 14:52 - 2015-11-24 17:08 - 001974050 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-05 14:52 - 2013-09-16 23:46 - 000843936 _____ C:\Windows\system32\perfh00A.dat
2020-04-05 14:52 - 2013-09-16 23:46 - 000183224 _____ C:\Windows\system32\perfc00A.dat
2020-04-04 12:52 - 2015-11-24 17:13 - 000000000 ____D C:\Users\AsRock
2020-04-03 12:24 - 2018-10-09 12:44 - 000000000 ____D C:\Program Files (x86)\EPSON
2020-04-03 12:24 - 2016-12-30 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2020-04-03 12:24 - 2015-12-07 19:55 - 000000000 ____D C:\ProgramData\EPSON
2020-03-27 13:50 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Registration
2020-03-27 13:17 - 2018-01-19 15:32 - 000115960 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2020-03-27 13:17 - 2018-01-19 15:31 - 000188872 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2020-03-27 13:17 - 2018-01-19 15:31 - 000079520 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2020-03-27 13:17 - 2018-01-19 15:31 - 000053048 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2020-03-24 18:22 - 2019-02-09 14:45 - 000000000 ____D C:\Users\AsRock\AppData\Local\MEGAsync
2020-03-23 20:17 - 2015-11-24 17:56 - 000000000 ____D C:\Users\AsRock\AppData\Local\Adobe
2020-03-23 20:17 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-03-23 20:17 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-03-23 19:17 - 2015-11-24 17:55 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-03-23 16:41 - 2015-12-07 19:56 - 000000000 ____D C:\Users\AsRock\AppData\Local\ElevatedDiagnostics
2020-03-23 12:19 - 2015-11-27 19:01 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-23 12:19 - 2015-11-24 17:55 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-23 12:19 - 2015-11-24 17:55 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Archivos en la raíz de algunos directorios ========

2015-12-01 13:04 - 2015-12-01 13:05 - 000408064 _____ () C:\Users\AsRock\StopUpdate_IDM.exe
2014-04-30 03:03 - 2014-04-30 03:03 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2018-01-06 12:13 - 2018-01-06 12:13 - 000002319 _____ () C:\Users\AsRock\AppData\Roaming\ASSDraw3.cfg
2015-12-08 15:09 - 2015-12-08 15:10 - 000000290 _____ () C:\Users\AsRock\AppData\Roaming\burnaware.ini
2015-12-06 14:16 - 2018-01-06 17:51 - 000099384 _____ () C:\Users\AsRock\AppData\Roaming\inst.exe
2015-12-06 14:16 - 2018-01-06 17:51 - 000007859 _____ () C:\Users\AsRock\AppData\Roaming\pcouffin.cat
2015-12-06 14:16 - 2018-01-06 17:51 - 000001167 _____ () C:\Users\AsRock\AppData\Roaming\pcouffin.inf
2015-12-06 14:16 - 2018-01-06 17:51 - 000000055 _____ () C:\Users\AsRock\AppData\Roaming\pcouffin.log
2015-12-06 14:16 - 2018-01-06 17:51 - 000082816 _____ (VSO Software) C:\Users\AsRock\AppData\Roaming\pcouffin.sys

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2020-04-08 14:07
==================== Final de FRST.txt ========================
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 12-04-2020
Ejecutado por AsRock (12-04-2020 22:43:28)
Ejecutado desde C:\Users\AsRock\Downloads\Programs
Windows 8.1 Pro (X64) (2015-11-24 16:13:00)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-1872565749-2087832348-4293138441-500 - Administrator - Disabled)
AsRock (S-1-5-21-1872565749-2087832348-4293138441-1001 - Administrator - Enabled) => C:\Users\AsRock
Invitado (S-1-5-21-1872565749-2087832348-4293138441-501 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
3herosoft iPhone to Computer Transfer (HKLM-x32\...\3herosoft iPhone to Computer Transfer) (Version: 4.3.1.0909 - 3herosoft)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Airy (HKLM-x32\...\Airy_is1) (Version: 2.2.262 - Airy Team)
Apple Application Support (32 bits) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\BitTorrent) (Version: 7.10.5.45597 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\BitTorrent) (Version: 7.10.5.45597 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\BitTorrent) (Version: 7.10.5.45597 - BitTorrent Inc.)
Boilsoft Video Joiner 8.01 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version:  - Boilsoft, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Free 7.1 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Diner Dash - Hometown Hero (HKLM-x32\...\Diner Dash - Hometown Hero) (Version:  - )
Diner Dash  Seasonal Snack Pack 1.00 (HKLM-x32\...\Diner Dash  Seasonal Snack Pack 1.00) (Version:  - )
Diner Dash 2 - Restaurant Rescue en Español (HKLM-x32\...\Diner Dash 2 - Restaurant Rescue en Español) (Version:  - )
Diner Dash Flo On The Go en Español (HKLM-x32\...\Diner Dash Flo On The Go en Español) (Version:  - )
Diner Town Tycoon (HKLM-x32\...\Diner Town Tycoon) (Version:  - )
DinerTown - Detective Agency (HKLM-x32\...\DinerTown - Detective Agency) (Version:  - )
Driver Easy 5.6.10 (HKLM\...\DriverEasy_is1) (Version: 5.6.10 - Easeware)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EPSON L200 Series Printer Uninstall (HKLM\...\EPSON L200 Series) (Version:  - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
f.lux (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Flux) (Version:  - f.lux Software LLC)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FormatFactory 3.9.5.1 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.1 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.92 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{D34CA653-87BB-4605-826F-5525EE0A4664}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Mega Codec Pack 11.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Magic DVD Ripper V9.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 19.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 19.0.0 - Moritz Bunkus)
Mozilla Firefox 74.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 74.0 (x64 es-ES)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 74.0.0.7373 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.0.0.7 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero 2016 (HKLM-x32\...\{823226DF-2342-4E52-AF70-8EB539B7C25A}) (Version: 17.0.04100 - Nero AG)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 8.4.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plantas Contra Zombis (HKLM-x32\...\Plantas Contra Zombis) (Version:  - )
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.65.615.2018 - Realtek)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Road Rash - www.classic-gaming.net (HKLM-x32\...\Road Rash_is1) (Version:  - Classic Gaming Network)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Project 2013 (KB2817433) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Visio 2013 (KB2817443) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Stashimi Stub Installer (HKLM-x32\...\{9E93BF5A-E7A3-4A49-9D99-0F5F34670D62}) (Version: 18.000.1 - Nero AG) Hidden
Super DVD Creator 9.8 Full Version (HKLM-x32\...\Super DVD Creator_is1) (Version:  - MasterSoft, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52 - Ghisler Software GmbH)
Tumblebugs 2 en Español (HKLM-x32\...\Tumblebugs 2 en Español) (Version:  - )
Tumblebugs en Español (HKLM-x32\...\Tumblebugs en Español) (Version:  - )
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VdhCoApp 1.2.1 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD 5 (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.43 - VSO Software)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.31 - VSO Software)
WD Backup (HKLM-x32\...\{4F3A7B15-8E6D-4E6F-8DA5-6DC74BF7FA46}) (Version: 1.7.6278.23829 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{f931ed06-4d71-446f-a850-d833df481197}) (Version: 1.7.6278.23829 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{1b4de924-879e-4b42-99d9-0e570d37d2e9}) (Version: 1.4.2.11 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{CC535723-363C-4D2D-BDB7-0B6AF5E4E6B4}) (Version: 1.4.2.11 - Western Digital Technologies, Inc.) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.5.0.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.5.0.1 - Wondershare Software)
Xilisoft Descargar YouTube Videos (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\Xilisoft Descargar YouTube Videos) (Version: 5.6.7.20170216 - Xilisoft)
Xilisoft Descargar YouTube Videos (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\Xilisoft Descargar YouTube Videos) (Version: 5.6.7.20170216 - Xilisoft)
Xilisoft Descargar YouTube Videos (HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\Xilisoft Descargar YouTube Videos) (Version: 5.6.7.20170216 - Xilisoft)
Xilisoft Video Convertidor Ultimate (HKLM-x32\...\Xilisoft Video Convertidor Ultimate) (Version: 7.8.1.20140505 - Xilisoft)

Packages:
=========
Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.1.174_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Finanzas -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.1.174_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.100.0_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.41.0_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.1.174_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Recetas de Bing -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Salud y Bienestar de Bing -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c [2015-11-24] (Skype) [MS Ad]
Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.1.174_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]
Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2015-11-24] (Microsoft Corporation) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [{6238B220-1311-4627-B3DC-55736E5BA95F}] -> {6238B220-1311-4627-B3DC-55736E5BA95F} => C:\Windows\system32\iMobileDisk.dll [2012-05-11] () [Archivo no firmado]
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [{6238B220-1311-4627-B3DC-55736E5BA95F}] -> {6238B220-1311-4627-B3DC-55736E5BA95F} => C:\Windows\system32\iMobileDisk.dll [2012-05-11] () [Archivo no firmado]
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] () [Archivo no firmado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] () [Archivo no firmado]
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] () [Archivo no firmado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\AsRock\AppData\Local\MEGAsync\ShellExtX64.dll [2020-03-24] (Mega Limited -> )
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] () [Archivo no firmado]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] () [Archivo no firmado]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3571200 2015-02-28] (x264vfw project) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [254976 2015-06-22] () [Archivo no firmado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240128 2015-06-22] () [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-08-24] () [Archivo no firmado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Archivo no firmado]

==================== Accesos directos & WMI ========================

==================== Módulos cargados (Lista blanca) =============

2018-03-06 16:55 - 2012-01-20 07:55 - 000678400 _____ () [Archivo no firmado] C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-05-11 06:23 - 2012-05-11 06:23 - 000204800 _____ () [Archivo no firmado] C:\Windows\system32\iMobileDisk.dll
2019-12-24 20:35 - 2015-02-27 14:38 - 000721263 _____ () [Archivo no firmado] C:\Windows\SysWOW64\WSCM64.dll
2015-12-26 15:13 - 2013-12-27 02:41 - 000506880 _____ (www.startisback.com) [Archivo no firmado] C:\Program Files (x86)\StartIsBack\StartIsBack64.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\Users\AsRock:zylomtest [0]
AlternateDataStreams: C:\Users\AsRock:zylomtr{000HQ7FF-AD7A-3FG4-KTDR-26GG92B50VVL} [36]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\...\localhost -> localhost

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2013-08-22 14:25 - 2020-03-26 14:52 - 000001202 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 support.wondershare.net 
127.0.0.1 www.wondershare.net 
127.0.0.1 http://cbs.wondershare.com 
127.0.0.1 support.wondershare.net 
127.0.0.1 www.wondershare.net 
127.0.0.1 http://cbs.wondershare.com 
127.0.0.1         app.drivereasy.com
127.0.0.1         cdn.drivereasy.com
149.202.196.40         dow0.drivereasy.com
149.202.196.40         dow1.drivereasy.com

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\AsRock\yukowall.jpg
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020222030960\Control Panel\Desktop\\Wallpaper -> C:\Users\AsRock\yukowall.jpg
HKU\S-1-5-21-1872565749-2087832348-4293138441-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122020223311611\Control Panel\Desktop\\Wallpaper -> C:\Users\AsRock\yukowall.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{54BA61AA-7C72-448D-85F1-EB2730B288F7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2261DE29-ADDF-4B75-8D8A-5D6B8595DBEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90C123B-F9B5-41B8-B7DD-0C4E923B91A0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79BE3D65-157F-41EC-87FD-92EE6DAF0B4C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{710194CD-6259-4B92-8A19-4EBB406212F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA201C6B-60D9-41EE-808D-32B9BF2F15AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1DFF1014-B4F6-427A-A133-7289AFBFB729}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0142F3B8-C362-4F0D-8A6B-94EACE231787}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B52C6E1-8A6F-4AD6-9C04-2BD9E01F3FCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39987AF7-B87F-442F-BE00-06AD029B5387}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E787C837-D200-415A-8A38-BB3CE203DDE1}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{23C9D859-6D43-4072-A15F-59BBEE1874E8}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B21E640B-DF59-4417-8519-0EE54F121CDB}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4D3F542E-D456-40D0-A0C1-49C3020B1D6D}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D50EFB7C-E387-4A44-A7A5-DF1EEC75E1D8}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AC57685F-9AC7-4F4A-94C8-9C74849BD20F}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D942A106-1D14-4C40-892D-5C814A4AFAFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AAE22E22-5B55-4A79-9E87-0834F025B99E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CA058A84-E386-4E59-A27B-44DD5635921B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{9503E43B-02B2-4A78-B31D-C91B526DDD52}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{D3FCB9EB-529B-439F-AFC0-F201588D2F2D}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{E34176C0-1D82-48A9-B760-C6336D21F69F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{77DE8742-5384-43DD-B04F-67B189EBD76B}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{976CA34C-6951-454F-BB40-85D1C05F3B40}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{007FE950-2AC8-4CBA-9F91-023B10910AC2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F30CA975-2A7D-4A5F-AA23-43DD6C87EC19}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{C8DAF40F-F598-4ABB-B11E-93DAB9629699}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EA9A3AC4-1BC5-4795-AF7A-ED1FF4244975}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F263DDA4-DEAA-45B9-8D58-927AAC0FC9D7}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{E0BCA43C-33F4-4DD2-8AB8-F2CCFF00539B}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{41C72424-51A7-467A-9DB7-ED0C9C1A24A8}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{D52BECEE-6E29-4E89-921B-B1975828E8B0}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{46CCBDE7-BF03-404D-AC30-F96C2915FEE4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F7A3B1AC-0A2F-406C-AF0F-F3A5AB707F19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F42DF7ED-61D4-461A-8212-476E49E233FE}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{5E35D507-E627-4CEC-8F04-C55CE86BD0C6}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{31811B06-B182-4AE2-BD10-21ECCF84C3C5}] => (Allow) C:\Users\AsRock\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{23D2E08D-32F4-4EC7-B97E-4E0FD9271C1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Puntos de Restauración =========================

12-04-2020 22:22:50 JRT Pre-Junkware Removal

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (04/12/2020 10:43:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 10:42:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 10:41:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 10:40:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 10:39:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 10:21:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/12/2020 10:00:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/12/2020 09:59:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


Errores del sistema:
=============
Error: (04/12/2020 10:23:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio PDF24 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (04/12/2020 10:17:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio PDF24 no pudo iniciarse debido al siguiente error: 
Ha terminado la canalización.

Error: (04/12/2020 10:17:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Apple Mobile Device Service no pudo iniciarse debido al siguiente error: 
Ha terminado la canalización.

Error: (04/12/2020 10:16:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio MyEpson Portal Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/12/2020 10:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (04/12/2020 10:16:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio WD Drive Manager se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/12/2020 10:16:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/12/2020 10:16:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Driver & Support Assistant se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2020-01-04 17:19:45.774
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {AB706CAB-17C8-412D-81EE-2760926674F9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-01-04 16:45:00.110
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {06F8F298-7503-4CED-A9A2-42974604F989}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-01-04 15:07:58.887
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {C1688773-5573-4121-AA96-973BB585C60B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-01-04 14:34:42.437
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {B9424A1C-86D5-4FB7-AD52-3263973330CD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-01-02 14:17:28.377
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {415ED9C7-D969-40BA-8EBC-FBD70EB0349C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-10 15:34:47.731
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 0.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: PC\AsRock
Versión de motor actual: 
Versión de motor anterior: 0.0.0.0
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2019-08-10 15:34:46.231
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor: 
Versión de motor anterior: 2.1.9700.0
Usuario: PC\AsRock
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2019-08-10 15:34:46.231
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 106.0.0.0
Origen de actualización: Usuario
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: PC\AsRock
Versión de motor actual: 
Versión de motor anterior: 2.1.9700.0
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2019-08-10 15:34:46.199
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor: 
Versión de motor anterior: 2.1.9700.0
Usuario: PC\AsRock
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2019-08-10 15:34:46.199
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 106.0.0.0
Origen de actualización: Usuario
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: PC\AsRock
Versión de motor actual: 
Versión de motor anterior: 2.1.9700.0
Código de error: 0x80004004
Descripción del error: Operación anulada 

CodeIntegrity:
===================================

Date: 2020-04-12 22:44:04.950
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:44:04.934
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:40:50.442
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:40:50.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:38:49.441
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:38:49.432
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:38:49.421
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 22:38:49.411
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. P1.10 06/21/2011
Placa base: ASRock H61M-HVS
Procesador: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Porcentaje de memoria en uso: 29%
RAM física total: 7912.71 MB
RAM física disponible: 5539.88 MB
Virtual total: 9192.71 MB
Virtual disponible: 7038.35 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:350.07 GB) (Free:2.94 GB) NTFS
Drive d: (Disco local) (Fixed) (Total:580.93 GB) (Free:7.9 GB) NTFS
Drive f: () (RAMDisk) (Total:350.07 GB) (Free:3.24 GB) NTFS

\\?\Volume{39e91970-66b5-40a8-8935-7e5dcc89729e}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.27 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 649E1ADC)

Partition: GPT.

==================== Final de Addition.txt =======================

Ya pude subir los informes pero me costó mucho. Las teclas siguen locas. No puedo escribir la u i o j k l ñ m . Basicamente del lado derecho del teclado. No se porque paso porque no estaba así. Sólo lo noté hasta después de pasar el FRST por segunda vez ya que en la primera falló como dije en mi otro mensaje. Escribo este desde el celular. Espero me ayudes a reestablecer el teclado . Gracias

Hola.

FRST NO es una herramienta que provoque ningún tipo de cambio en el equipo mientras se usa para realizar un Análisis. :thinking:

Las demás herramientas que has usado NO veo que hayan producido o eliminado algo que pueda tener relación con la configuración del teclado… :roll_eyes:

Has REINICIADO el equipo después de pasar las herramientas…??

Y específicamente después de haber finalizado TODOS los pasos…??

Por cierto… NO te has planteado “migrar” a Windows 10…??

Si reinicié y seguía el teclado igual. Termine buscando en Google y lo arregle siguiendo un vídeo tutorial.

Hay algún problema que se vea en los informes? Me preocupa que mi antivirus no detectó ese archivo como peligroso y lo dejó ejecutarse.

Ahora estará bien mi pc después de haber pasado todas esas herramientas?

Hola.

Y nos puedes indicar que pasos realizaste exactamente…??

Para tenerlos en cuenta y poder valorar de dónde vino ese problema, gracias. :thinking:

Tu antivirus, por lo que veo, es el de Windows Defender…??

Aunque veo algún resto de ESET que NO se si tuviste instalado en algún momento…??

Confirmame estos puntos antes de que te de nuevas indicaciones.

Y te falto comentar mi pregunta anterior acerca de migrar a Windows 10. ??

Saludos.

Mi antivirus es el eset nod 32. No tengo activado el Windows defender. Desactive el eset antes de correr los programas como me indica las instrucciones.

No deseo migrar a Windows 10. Ya lo tuve instalado y tuve demasiados problemas y programas incompatibles que necesito usar.

Los pasos que hice fueron siguiendo este video :arrow_right: https://youtu.be/iHmHGA1JjMw

Hola.

Bien… perfecto. :+1:

Pues NO se cuando hiciste la prueba, pero W10 es bastante más estable que W8 y NO tiene que ser menos compatible uno que otro con programas que YA tuvieras instalados en ese equipo. :thinking:

Ten en cuenta que W8 YA NO tiene soporte estándar, eso implica que YA NO existirán cambios en el diseño y las funciones del producto, y SI tendras soporte extendido(de momento) que son las actualizaciones de seguridad.

Sistemas operativos cliente Fin del soporte estándar Fin del soporte extendido
Windows 8.1 9 de enero de 2018 10 de enero de 2023

Pero bueno, eso YA es decisión tuya. :roll_eyes:

Gracias por poner el video, es algo absolutamente extraño… :expressionless: pero si te ha funcionado… :+1:

Y ahora realiza las indicaciones que se dan en esta guia para asegurarnos que NO quede nada raro en tu equipo :arrow_right: Manual de HitmanPro , y al terminar nos pones el informe.

Saludos.

Hola No puedo correr el hitmanpro. Todo va bien unos minutos y después el programa se cuelga. Probé ya dos veces y la última vez lo dejé casi una hora pero sigue sin responder el programa. Que puedo hacer ? También noté que no puedo abrir el malwarebytes me sale error y no entiendo porque si ayer corrí el programa bien.

Has reactivado tu antivirus…??

Puede que esté interfiriendo con ambos programas… :thinking:

Intenta entrar en el modo seguro de windows para hacer los pasos con Hitmanpro.

Hazlo usando el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Saludos.

Hice lo que me dijiste e inicie en modo seguro. Pero el programa sigue congelandose. Pasaron 1 minuto y ya no responde. No se si sirve de algo pero en estos momentos está congelado analizando ésta ruta C:\Windows\system32\DRIVERS\edevmon.sys

Ahora que hago?

Hola.

Cuando dices que se ha congelado te sale algún mensaje en la ventana de “No responde” o solo parece que NO hace nada…??