Archivos de inicio imborrables

Daniela · 31 Mayo, 2020 05:26

Hola

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura (32 o 64bits) de tu equipo. Como saber si Mi Windows es de 32 o 64 Bits ?.

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

ferdv77 · 31 Mayo, 2020 16:35

Hola de nuevo y gracias. Coloco lo que me pediste:


Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 30-05-2020 01
Ejecutado por Usuario (administrador) sobre USUARIO-PC (31-05-2020 18:17:13)
Ejecutado desde F:\Descargas
Perfiles cargados: Usuario
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Español (España, internacional)
Internet Explorer Versión 8 (Navegador predeterminado: "C:\Mozilla Firefox32\firefox.exe" -osint -url "%1")
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Mozilla Firefox32\firefox.exe <7>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) [Archivo no firmado] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133408 2012-09-11] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [Archivo no firmado]
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3a07267a-4ca4-11ea-a797-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3aebc13a-1e18-11e9-af4f-bc5ff46df346} - V:\AutoRunCD.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3de43ab0-1417-11ea-9832-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145912-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145913-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {8bea64ee-1a65-11e9-8151-bc5ff46df346} - H:\Audio\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {cfe08f53-4eeb-11e9-8ae2-bc5ff46df346} - V:\Install.exe
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\...\Print\Monitors\WSD Port: C:\Windows\system32\WSDMon.dll [224768 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
BootExecute: autocheck autochk /p \??\M:autocheck autochk *  
GroupPolicy: Restricción ? <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
CHR HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {013C0358-8AF7-492F-87D0-3FA1B896F373} - System32\Tasks\{1FB0B17C-F18F-4D8A-AD07-A926806C1D55} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\esperanza.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {0BBAB0A3-F773-4246-9285-5F8FF61907AA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {12F70F21-9404-40E7-8634-D341A733AF92} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {217DE458-BD0C-4E2E-9CD3-404BEDC6EBF8} - System32\Tasks\{C3AD988C-0DAD-4540-9C09-C6DF120F98AF} => C:\Windows\system32\pcalua.exe -a F:\Descargas\clamwin-0.99.4-setup-nodb.exe -d F:\Descargas
Task: {3DD391BE-E64D-449B-874E-31DC302907F8} - System32\Tasks\{A4F6DD8F-01B6-4956-8BC1-662F14150094} => C:\Windows\system32\pcalua.exe -a F:\Descargas\JMB36X_WinDrv_R1.17.65_WHQL\R1.17.65.11\setup.exe -d F:\Descargas\JMB36X_WinDrv_R1.17.65_WHQL\R1.17.65.11
Task: {3E99DE4D-F46D-42C6-AC6C-85682D5E946C} - System32\Tasks\{D43A7368-6411-411D-B2DD-7FD9D7656C91} => C:\Windows\system32\pcalua.exe -a F:\Descargas\eMule0.50a-Installer.exe -d F:\Descargas
Task: {444585BF-67AE-4043-B132-56215753DF1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {736F0C77-AB2D-4107-B08A-22FB413A828F} - System32\Tasks\{4F6C1320-4520-4A64-B5D1-283AF9E56119} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\jorge.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {78B16FF2-8C85-4503-9B8A-4E2143BE8407} - \NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} -> Ningún archivo <==== ATENCIÓN
Task: {7AABC385-EF32-44FE-BC0C-FB09027639FE} - System32\Tasks\{6E315DFB-9F42-4D8A-B27D-2DF5575899C5} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\converter.exe -d C:\Users\Usuario\Downloads
Task: {9E97616D-6172-40A4-8CCE-A5B1956D7C31} - \NvNgxUpdateCheckDaily_{A5ECD9C6-D9C6-D9C6-D9C6-A5ECD9C6D9C6} -> Ningún archivo <==== ATENCIÓN
Task: {A5C24F1B-9FC7-4698-BCA8-CD386E30DA93} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {AACB8A7D-3781-4593-A1F7-D808D3282AF6} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {ADBB3933-2934-45BC-BF6E-25AD1118487D} - System32\Tasks\{79D440D2-1A2A-4BF2-91A0-EF6B5520B4D1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\jorge.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {B3E7BB2A-84B6-4113-BC43-A6DF5A1829CA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
Task: {C5EDCFCE-A482-4EA4-89C2-AA838DA03DDF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-16] (Intel® Services Manager -> Intel Corporation)
Task: {DB4E2C4B-73CA-4DE3-8461-064FF6C8095B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-16] (Intel® Services Manager -> Intel Corporation)
Task: {DF4C6741-AD02-4440-BCAB-16D7C2CA573F} - System32\Tasks\{9E5DA3B6-AEA1-41D6-9ED8-E3FCEE257E4E} => F:\Descargas\DNIe_v14_0_2(32bits)(3).exe
Task: {E81EE10F-BBAB-477F-8034-A92A1CA7C7EE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
Task: {FAE500C1-5C4B-4598-ABA5-3590E6F3B704} - System32\Tasks\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80} => C:\Windows\system32\pcalua.exe -a F:\Descargas\JMicron_JMB36x_eSATA_R1.17.65.11_Win2k-8_x86-x64\setup.exe -d F:\Descargas\JMicron_JMB36x_eSATA_R1.17.65.11_Win2k-8_x86-x64
Task: {FB1B407C-4C15-42F9-9C99-0FB2EB95F103} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => F:\Descargas\adwcleaner_8.0.5.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

ProxyEnable: [S-1-5-19] => Proxy está habilitado.
ProxyServer: [S-1-5-19] => 127.0.0.1:8080
ProxyEnable: [S-1-5-20] => Proxy está habilitado.
ProxyServer: [S-1-5-20] => 127.0.0.1:8080
Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{B2DCCE5B-646B-439C-9443-FE7E25EEDB5B}: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{E7E885D1-DF41-4D2B-833C-421460112AB7}: [DhcpNameServer] 80.58.61.250 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Ltd. -> Safer Networking Limited)
BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ningún archivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ningún archivo
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: m9f4ou2y.default-1394146220714
FF DefaultProfile: 66vo6dwp.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1 [2020-05-31]
FF DownloadDir: F:\Descargas
FF Homepage: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> hxxps://www.startpage.com/es/
FF NewTab: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-05-14 07:44:13&bName=&bitmask=0300
FF NetworkProxy: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> type", 0
FF Extension: (Ant Video downloader) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-30]
FF Extension: (General Catalan dictionary) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-04-20]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-24]
FF Extension: (Català Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-16]
FF Extension: (English (GB) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (Español (España) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-16]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (User Agent Switcher) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-04-22]
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2019-09-24]
FF Extension: (uBlock Origin) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (Traducir páginas web) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2020-05-12]
FF Extension: (Startpage.com — Búsquedas privadas) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-11-14]
FF Extension: (Allow Right-Click) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2020-05-08]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2020-02-28]
FF Extension: (Sin Nombre) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{88ca97ee-69be-4604-bde1-1669f0dfe769}.xpi [2020-01-08]
FF Extension: (Firefox 3 Classic) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{9955ef03-99d6-40f4-b97b-ded88bb93f63}.xpi [2019-09-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-05-13]
FF Extension: (DownThemAll!) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2020-04-28]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\5goeji2x.default-release [2020-05-31]
FF Homepage: Mozilla\Firefox\Profiles\5goeji2x.default-release -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\5goeji2x.default-release -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-05-14 07:44:13&bName=&bitmask=0300
FF Extension: (Startpage.com — Búsquedas privadas) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\5goeji2x.default-release\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-07-02]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 [2020-05-31]
FF DownloadDir: H:\.MULTIMEDIA\1 VIDEO\Documentales\Documentales FeR\K\Curso2
FF Homepage: Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 -> file:///C:/ProgramData/Snorlers/ff.HP
FF NetworkProxy: Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 -> type", 0
FF Extension: (Avira Password Manager) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\[email protected] [2020-05-31]
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\[email protected] [2019-07-05]
FF Extension: (uBlock) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-04]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2019-06-18]
FF Extension: (Firefox 3 Classic) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{9955ef03-99d6-40f4-b97b-ded88bb93f63}.xpi [2019-05-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2019-08-22]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default [2020-05-31]
FF DownloadDir: F:\Descargas\_Palemoon
FF Homepage: Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default -> hxxps://www.startpage.com/
FF NewTab: Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default -> about:newtab
FF Extension: (Adblock Latitude) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Classic Toolbar Buttons) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected]_Noia4dev.xpi [2019-09-11] [Heredado] [no firmado]
FF Extension: (Spanish) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-13] [Heredado] [no firmado]
FF Extension: (Español (España) Language Pack) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Pale Moon Locale Switcher) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Complete YouTube Saver) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2019-09-17] [Heredado] [no firmado]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\searchplugins\startpagecom---espaol.xml [2019-09-20]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\searchplugins\tpbtpbart.xml [2019-09-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-26] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-26] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
StartMenuInternet: Firefox-51BCC20A3763AB92 - C:\Mozilla Firefox32\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575800 2020-05-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Archivo no firmado]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation - pGFX -> Intel Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] (Intel(R) Smart Connect software -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation -> Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2019-06-21] () [Archivo no firmado]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 E311D18D; C:\ProgramData\E311D18D\E2A83CCC.dll [X]

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AFXfilt; C:\Windows\System32\drivers\AFXfilt.sys [25088 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-05-10] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222168 2020-05-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [178720 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [178176 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [25088 2013-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [27008 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [21376 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14720 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2020-05-11] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2020-05-09] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-07] (Glarysoft Ltd -> Glarysoft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] (Intel(R) Smart Connect software -> )
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
S4 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2012-10-17] (LG Soft India) [Archivo no firmado]
S4 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [10752 2012-12-27] (LG Soft India) [Archivo no firmado]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2020-04-18] (Intel(R) Smart Connect software -> )
S4 cmuda3; system32\drivers\cmudax3.sys [X]
S4 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S4 csrpan; system32\DRIVERS\csrpan.sys [X]
S4 csrserial; system32\DRIVERS\csrserial.sys [X]
S4 csrusb; System32\Drivers\csrusb.sys [X]
S4 csr_bthav; system32\drivers\csrbthav.sys [X]
S4 PortTalk; System32\Drivers\PortTalk.sys [X]
S4 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

ferdv77 · 31 Mayo, 2020 16:36


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-31 06:05 - 2020-05-31 06:05 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-05-31 05:48 - 2020-05-31 05:48 - 000000000 ____D C:\Windows\SysWOW64\GPUCache
2020-05-31 05:40 - 2020-05-31 05:40 - 000000000 ____D C:\Users\Usuario\AppData\Local\AviraSpeedup
2020-05-31 05:39 - 2020-05-31 05:39 - 000000000 ____D C:\Users\Usuario\AppData\Local\Avira
2020-05-31 05:22 - 2020-05-31 05:22 - 000001120 _____ C:\Users\Public\Desktop\Avira.lnk
2020-05-31 05:22 - 2020-05-31 05:22 - 000001120 _____ C:\ProgramData\Desktop\Avira.lnk
2020-05-31 05:18 - 2020-05-31 05:18 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2020-05-31 05:18 - 2020-05-31 05:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2020-05-31 05:18 - 2020-05-31 05:18 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2020-05-31 05:18 - 2020-05-13 14:31 - 000222168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-05-31 05:18 - 2020-04-30 12:37 - 000178720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2020-05-31 05:18 - 2019-06-07 15:09 - 000068152 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000036072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000035376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2020-05-31 05:16 - 2020-05-31 06:10 - 000000000 ____D C:\Program Files (x86)\Avira
2020-05-31 05:16 - 2020-05-31 06:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-05-31 05:03 - 2020-05-31 05:04 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-05-31 02:48 - 2020-05-31 02:48 - 000001542 _____ C:\Users\Usuario\Desktop\MB.txt
2020-05-31 02:39 - 2020-05-31 02:39 - 000012695 _____ C:\Users\Usuario\Desktop\AdwCleaner[S162].txt
2020-05-31 02:38 - 2020-05-31 02:38 - 000077637 _____ C:\Users\Usuario\Desktop\FeR . - Outlook.pdf
2020-05-31 02:37 - 2020-05-31 02:37 - 008402608 _____ (Malwarebytes) C:\Users\Usuario\Desktop\adwcleaner_8.0.5(1).exe
2020-05-31 02:02 - 2020-05-31 02:30 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-31 00:27 - 2020-05-31 02:30 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-05-31 00:15 - 2020-05-31 00:15 - 000003128 _____ C:\Users\Usuario\Desktop\cc_20200531_001525.reg
2020-05-31 00:06 - 2020-05-31 00:07 - 000003548 _____ C:\Users\Usuario\Desktop\Rkill.txt
2020-05-31 00:06 - 2020-05-31 00:06 - 000000000 ____D C:\Users\Usuario\Desktop\rkill
2020-05-31 00:02 - 2020-05-31 00:03 - 000218924 _____ C:\TDSSKiller.3.1.0.28_31.05.2020_00.02.25_log.txt
2020-05-31 00:00 - 2020-05-31 00:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1424F626.sys
2020-05-30 23:59 - 2020-05-31 00:06 - 000000000 ____D C:\Users\Usuario\Desktop\mbar
2020-05-30 23:59 - 2020-05-31 00:06 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-05-30 23:30 - 2020-05-30 23:30 - 000000646 _____ C:\Users\Usuario\Desktop\Total Commander 64 bit.lnk
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\GHISLER
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Local\GHISLER
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\totalcmd
2020-05-30 23:09 - 2020-05-30 23:09 - 000005820 _____ C:\Users\Usuario\Desktop\startup.txt
2020-05-30 23:02 - 2020-05-30 23:02 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2020-05-30 23:00 - 2020-05-30 23:00 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2020-05-30 22:49 - 2020-05-30 22:57 - 000000740 _____ C:\Windows\system32\.crusader
2020-05-30 22:45 - 2020-05-30 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2020-05-30 22:44 - 2020-05-30 23:19 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-30 22:44 - 2020-05-30 22:45 - 000000000 ____D C:\Program Files\HitmanPro
2020-05-30 21:55 - 2020-05-31 02:30 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\cache
2020-05-30 21:49 - 2020-05-31 02:18 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2020-05-30 21:46 - 2020-05-31 18:17 - 000000000 ____D C:\FRST
2020-05-30 21:44 - 2020-05-31 00:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-30 21:41 - 2020-05-30 21:41 - 000000000 ____D C:\ProgramData\mb3migration
2020-05-30 21:08 - 2020-05-31 02:31 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-30 21:05 - 2020-05-30 21:05 - 000000264 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2020-05-30 20:57 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\f4a074664131
2020-05-30 20:43 - 2020-05-14 23:50 - 000458998 _____ C:\Windows\system32\Drivers\etc\hosts.20200530-204332.backup
2020-05-30 20:41 - 2020-05-30 21:21 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ue42onrwt5y
2020-05-30 20:15 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\bowf1qjgi2x
2020-05-30 20:05 - 2020-05-30 20:05 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\3098htrhpen8ifg0
2020-05-30 19:59 - 2020-05-30 20:21 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\YoutubeDownloader
2020-05-30 19:59 - 2020-05-30 19:59 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Python
2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ft2rckz4wwz
2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\3g4e5bqih3z
2020-05-30 19:55 - 2020-05-30 19:55 - 000000000 ____D C:\Program Files (x86)\agt7me
2020-05-30 19:54 - 2020-05-30 19:54 - 000000000 ____D C:\Users\Usuario\AppData\Local\app
2020-05-30 19:53 - 2020-05-30 20:10 - 000000000 ____D C:\Users\Usuario\AppData\Local\inetinfoservice
2020-05-30 13:25 - 2020-05-30 13:25 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Ant.com
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\57A8.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5797.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\563F.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5592.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\50E0.tmp
2020-05-30 11:16 - 2020-05-30 21:21 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Smart Clock
2020-05-30 11:15 - 2020-05-30 11:15 - 000000000 ____D C:\ProgramData\Riate
2020-05-30 11:14 - 2020-05-30 11:14 - 000000000 ____D C:\ProgramData\Odc
2020-05-30 11:13 - 2020-05-30 21:17 - 000000000 ____D C:\ProgramData\Aue
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\NVIDIA
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 ____D C:\ProgramData\Nec
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5132.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4F2E.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4D49.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4B36.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4913.tmp
2020-05-30 09:20 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\SysHost
2020-05-30 09:19 - 2020-05-30 09:21 - 000000000 ____D C:\Users\Usuario\Desktop\Video DownloadHelper 7.3.9
2020-05-15 02:49 - 2020-05-15 02:49 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2020-05-15 02:40 - 2020-05-15 02:40 - 000000000 ____D C:\Program Files (x86)\33download.com
2020-05-15 02:30 - 2020-05-15 02:36 - 000000000 ____D C:\Users\Usuario\Documents\EGDownloads
2020-05-15 02:26 - 2020-05-15 02:35 - 000000000 ____D C:\Users\Usuario\AppData\Local\luminati
2020-05-14 21:44 - 2020-05-14 22:00 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\QtProject
2020-05-14 21:44 - 2019-11-08 10:15 - 003600896 _____ C:\Windows\system32\pwNative.exe
2020-05-14 21:44 - 2019-11-08 10:15 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2020-05-14 21:44 - 2019-11-08 10:15 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2020-05-14 21:43 - 2020-05-29 19:39 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2020-05-14 21:43 - 2020-05-15 00:04 - 000003190 _____ C:\Windows\system32\Tasks\MiniToolPartitionWizard
2020-05-14 21:43 - 2020-05-14 21:44 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2020-05-14 21:43 - 2020-05-14 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2020-05-14 21:36 - 2020-05-14 21:36 - 000000000 ____D C:\Program Files\LSoft Technologies
2020-05-14 21:15 - 2020-05-14 21:32 - 000000258 _____ C:\Users\Usuario\Desktop\Marcas.txt
2020-05-14 20:14 - 2020-05-14 20:14 - 001057575 _____ C:\Users\Usuario\Documents\Manual de Victoria HDD [Parte 3].- Diagnóstico y reparación. _ _______ _.pdf
2020-05-12 10:52 - 2020-05-12 10:52 - 000030861 _____ C:\Users\Usuario\Desktop\vlog.txt
2020-05-12 10:40 - 2020-05-12 10:43 - 000000028 _____ C:\Users\Usuario\Desktop\Victoria WD320.txt
2020-05-12 01:11 - 2020-05-12 01:11 - 000000000 ____D C:\Users\Usuario\Desktop\Victoria476b
2020-05-09 12:12 - 2020-05-11 18:07 - 000032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2020-05-09 12:07 - 2020-05-09 12:07 - 000016648 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETURPX.SYS
2020-05-09 12:07 - 2020-05-09 12:07 - 000001889 _____ C:\Users\Public\Desktop\XFast USB.LNK
2020-05-09 12:07 - 2020-05-09 12:07 - 000001889 _____ C:\ProgramData\Desktop\XFast USB.LNK
2020-05-09 12:07 - 2020-05-09 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
2020-05-09 10:53 - 2020-05-13 22:11 - 000003276 _____ C:\Windows\system32\Tasks\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80}
2020-05-09 10:33 - 2020-05-13 22:11 - 000003240 _____ C:\Windows\system32\Tasks\{A4F6DD8F-01B6-4956-8BC1-662F14150094}
2020-05-09 09:36 - 2020-05-31 18:14 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2020-05-09 09:32 - 2020-05-09 09:32 - 489039748 _____ C:\Users\Usuario\Todo.reg
2020-05-09 08:31 - 2019-08-29 04:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-05-09 08:31 - 2019-08-29 04:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2020-05-09 08:31 - 2019-08-29 04:55 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-05-09 08:31 - 2019-08-29 04:54 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-05-09 08:31 - 2019-08-29 04:53 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-05-09 08:31 - 2019-08-29 04:53 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-05-09 08:31 - 2019-08-29 04:53 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-05-09 08:31 - 2019-08-29 04:53 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-05-09 08:31 - 2019-08-29 04:53 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-05-09 08:31 - 2019-08-29 04:52 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:51 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000320202 ___SH C:\Users\Usuario\AppData\Roaming\itwecjc
2020-05-09 08:31 - 2019-08-29 04:50 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000248887 ___SH C:\Users\Usuario\AppData\Roaming\fbajrwe
2020-05-09 08:31 - 2019-08-29 04:50 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:50 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2020-05-09 08:31 - 2019-08-29 04:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2020-05-09 08:31 - 2019-08-29 04:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2020-05-09 08:31 - 2019-08-29 04:22 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2020-05-09 08:31 - 2019-08-29 04:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2020-05-09 08:31 - 2019-08-29 04:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2020-05-09 08:31 - 2019-08-29 04:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2020-05-09 08:31 - 2019-08-29 04:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2020-05-09 08:31 - 2019-08-29 04:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2020-05-09 08:31 - 2019-08-29 04:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2020-05-09 08:31 - 2019-08-29 04:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-05-09 08:31 - 2019-08-29 04:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2020-05-09 08:31 - 2019-08-29 04:19 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-05-09 08:31 - 2019-08-29 04:19 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2020-05-09 08:31 - 2019-08-29 04:18 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-05-09 08:31 - 2019-08-29 04:15 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-05-09 08:31 - 2019-08-29 04:15 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-05-09 08:31 - 2019-08-29 04:15 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2020-05-09 08:31 - 2019-08-29 04:15 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-05-09 08:31 - 2019-08-29 04:15 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-05-09 08:31 - 2019-08-29 04:15 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-05-09 08:31 - 2019-08-29 04:14 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2020-05-09 08:31 - 2019-08-29 04:14 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2020-05-09 08:31 - 2019-08-27 04:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2020-05-09 08:31 - 2019-08-23 00:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-05-09 08:31 - 2019-08-21 03:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-05-09 08:31 - 2019-08-21 03:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-05-09 08:31 - 2019-08-21 03:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-05-09 08:31 - 2019-08-21 03:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-05-09 08:31 - 2019-08-21 01:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-05-09 08:31 - 2019-08-20 06:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-05-09 08:31 - 2019-08-20 06:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-05-09 08:31 - 2019-08-20 06:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-05-09 08:31 - 2019-08-20 06:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-05-09 08:31 - 2019-08-20 06:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-05-09 08:31 - 2019-08-20 05:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2020-05-09 08:31 - 2019-08-20 05:51 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-05-09 08:31 - 2019-08-20 04:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-05-09 08:31 - 2019-08-15 09:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-05-09 08:31 - 2019-08-15 09:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-05-09 08:31 - 2019-08-14 19:54 - 003229184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-05-09 08:31 - 2019-08-14 19:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-05-09 08:31 - 2019-08-14 19:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2020-05-09 08:31 - 2019-08-14 19:53 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2020-05-09 08:31 - 2019-08-14 07:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2020-05-09 08:31 - 2019-08-14 07:20 - 003730432 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-05-09 08:31 - 2019-08-14 07:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-05-09 08:31 - 2019-08-14 07:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2020-05-09 08:31 - 2019-08-14 07:20 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2020-05-09 08:31 - 2019-08-14 07:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-05-09 08:31 - 2019-08-14 07:19 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2020-05-09 08:31 - 2019-08-14 07:04 - 001053184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-05-09 08:31 - 2019-08-14 07:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-05-09 08:31 - 2019-08-14 06:59 - 001120768 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2020-05-09 08:31 - 2019-08-14 06:59 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2020-05-09 08:31 - 2019-08-14 06:59 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-05-09 08:31 - 2019-08-14 06:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2020-05-09 08:31 - 2019-08-14 00:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-05-09 08:31 - 2019-08-14 00:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-05-09 08:31 - 2019-08-14 00:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-05-09 08:31 - 2019-08-14 00:16 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-05-09 08:31 - 2019-08-14 00:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-05-09 08:31 - 2019-08-14 00:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-05-09 08:31 - 2019-08-14 00:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-05-09 08:31 - 2019-08-14 00:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-05-09 08:31 - 2019-08-14 00:13 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-05-09 08:31 - 2019-08-14 00:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-05-09 08:31 - 2019-08-14 00:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-05-09 08:31 - 2019-08-13 04:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-05-09 08:31 - 2019-08-13 04:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2020-05-09 08:31 - 2019-08-13 04:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-05-09 08:31 - 2019-08-13 04:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-05-09 08:31 - 2019-08-13 02:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-05-09 08:31 - 2019-08-13 02:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-05-09 08:31 - 2019-07-30 04:20 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-05-09 08:31 - 2019-07-30 04:20 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-05-09 08:31 - 2019-07-30 04:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2020-05-09 08:31 - 2019-07-30 04:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2020-05-09 08:31 - 2019-07-30 04:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-05-09 08:31 - 2019-07-30 04:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2020-05-09 08:31 - 2019-07-30 03:56 - 000556032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2020-05-09 08:31 - 2019-07-30 03:56 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2020-05-09 08:31 - 2019-07-30 03:56 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2020-05-09 08:31 - 2019-07-30 03:56 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2020-05-09 08:31 - 2019-07-30 03:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2020-05-09 08:31 - 2019-07-13 10:36 - 000289720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-05-09 08:31 - 2019-07-13 10:35 - 001894840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-05-09 08:31 - 2019-07-13 10:35 - 000378808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2020-05-09 08:31 - 2019-07-13 10:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
2020-05-09 08:31 - 2019-07-13 10:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2020-05-09 08:31 - 2019-07-13 10:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2020-05-09 08:31 - 2019-07-13 10:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2020-05-09 08:31 - 2019-07-13 10:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2020-05-09 08:31 - 2019-07-13 10:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2020-05-09 08:31 - 2019-07-13 10:32 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2020-05-09 08:31 - 2019-07-13 10:31 - 000318976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2020-05-09 08:31 - 2019-07-13 10:31 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2020-05-09 08:31 - 2019-07-13 10:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2020-05-09 08:31 - 2019-07-13 10:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2020-05-09 08:31 - 2019-07-13 10:31 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2020-05-09 08:31 - 2019-07-13 10:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2020-05-09 08:31 - 2019-07-13 10:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll
2020-05-09 08:31 - 2019-07-04 03:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2020-05-09 08:31 - 2019-07-04 03:14 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2020-05-09 08:31 - 2019-06-28 07:24 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2020-05-09 08:31 - 2019-06-28 07:24 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2020-05-09 08:31 - 2019-06-28 07:24 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2020-05-09 08:31 - 2019-06-28 07:24 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2020-05-09 08:31 - 2019-06-28 07:24 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2020-05-09 08:31 - 2019-06-28 07:23 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2020-05-09 08:31 - 2019-06-28 07:23 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2020-05-09 08:31 - 2019-06-28 07:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2020-05-09 08:31 - 2019-06-28 07:23 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2020-05-09 08:31 - 2019-06-21 05:09 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2020-05-09 08:31 - 2019-06-21 05:05 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2020-05-09 08:31 - 2019-06-12 17:21 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2020-05-09 08:31 - 2019-06-12 17:21 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2020-05-09 08:31 - 2019-06-12 17:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2020-05-09 08:31 - 2019-06-12 17:21 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2020-05-09 08:31 - 2019-06-12 17:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2020-05-09 08:31 - 2019-06-12 17:19 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2020-05-09 08:31 - 2019-06-12 17:11 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2020-05-09 08:31 - 2019-06-12 17:08 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2020-05-09 08:31 - 2019-06-12 17:08 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2020-05-09 08:31 - 2019-06-12 17:08 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2020-05-09 08:31 - 2019-06-12 17:08 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-05-09 08:31 - 2019-06-12 17:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2020-05-09 08:31 - 2019-06-12 17:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-05-09 08:31 - 2019-06-12 17:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2020-05-09 08:31 - 2019-06-12 17:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2020-05-09 08:31 - 2019-06-12 17:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2020-05-09 08:31 - 2019-06-12 17:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2020-05-09 08:31 - 2019-06-12 17:04 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2020-05-09 08:31 - 2019-06-12 17:01 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2020-05-09 08:31 - 2019-06-12 16:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2020-05-09 08:31 - 2019-06-12 16:49 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2020-05-09 08:31 - 2019-06-12 16:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-05-09 08:31 - 2019-06-12 16:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2020-05-09 08:31 - 2019-06-12 16:37 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2020-05-09 08:31 - 2019-06-12 16:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2020-05-09 08:31 - 2019-06-12 16:37 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-05-09 08:31 - 2019-06-02 05:50 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-05-09 08:24 - 2019-02-16 07:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-05-09 08:24 - 2019-02-16 07:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-05-08 20:35 - 2013-07-18 10:43 - 000795632 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2020-05-08 20:35 - 2013-07-18 10:43 - 000358896 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2020-05-08 20:35 - 2013-07-18 10:43 - 000020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2020-05-08 20:18 - 2020-05-09 12:07 - 000000000 ____D C:\Program Files (x86)\XFastUSB
2020-05-08 20:18 - 2020-05-08 20:18 - 000000000 ____D C:\ProgramData\FNET
2020-05-08 19:52 - 2020-05-08 19:52 - 000000000 ____D C:\ProgramData\Western Digital
2020-05-08 19:51 - 2020-05-08 19:51 - 000000000 ____D C:\Users\Usuario\.wdc
2020-05-07 13:07 - 2017-01-03 19:13 - 000000000 ____D C:\Users\Usuario\Desktop\HDD.Low.Level.Format.Tool.4.40.with.Portable.Incl.Keygen-tPORt
2020-05-03 19:45 - 2020-05-04 19:00 - 000000000 ___DC C:\Users\Usuario\AppData\Local\MigWiz

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-31 18:16 - 2011-04-12 11:10 - 000751318 _____ C:\Windows\system32\perfh00A.dat
2020-05-31 18:16 - 2011-04-12 11:10 - 000160360 _____ C:\Windows\system32\perfc00A.dat
2020-05-31 18:16 - 2009-07-14 07:13 - 001687128 _____ C:\Windows\system32\PerfStringBackup.INI
2020-05-31 18:16 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\inf
2020-05-31 18:14 - 2018-12-12 13:11 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2020-05-31 18:13 - 2013-07-26 14:18 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2020-05-31 18:13 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-05-31 06:14 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-31 06:14 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-31 06:08 - 2013-07-26 10:45 - 000000000 ____D C:\ProgramData\Avira
2020-05-31 06:04 - 2016-02-26 11:54 - 000000000 ____D C:\Program Files (x86)\ClamWin
2020-05-31 06:03 - 2016-02-26 12:42 - 000000000 ____D C:\Program Files (x86)\ClamSentinel
2020-05-31 06:02 - 2013-07-26 12:38 - 000000000 ____D C:\ProgramData\TEMP
2020-05-31 05:35 - 2009-07-14 06:45 - 000423984 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-31 05:22 - 2014-08-22 15:51 - 000000000 ____D C:\ProgramData\Package Cache
2020-05-31 05:22 - 2013-07-25 20:43 - 000114512 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2020-05-31 02:40 - 2013-07-26 10:33 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-05-31 02:37 - 2013-11-08 11:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeraCopy
2020-05-31 00:14 - 2013-07-26 12:41 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2020-05-30 22:53 - 2019-01-26 04:31 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\foobar2000
2020-05-30 21:48 - 2018-12-10 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-30 21:18 - 2013-07-25 20:32 - 000001431 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-05-30 20:43 - 2009-07-14 04:34 - 000458998 ____R C:\Windows\system32\Drivers\etc\hosts.20200531-022139.backup
2020-05-30 20:41 - 2019-01-23 22:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\Downloaded Installations
2020-05-30 20:21 - 2013-07-29 22:55 - 000005088 __RSH C:\ProgramData\ntuser.pol
2020-05-30 19:45 - 2019-12-29 21:19 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-05-30 19:45 - 2013-11-09 21:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2020-05-30 19:44 - 2012-08-22 09:35 - 000000000 ____D C:\Windows\pss
2020-05-30 13:59 - 2013-07-27 14:22 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2020-05-30 11:50 - 2013-07-27 14:09 - 000000000 ____D C:\Users\Usuario\dwhelper
2020-05-30 08:41 - 2019-01-19 13:33 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-05-29 12:44 - 2019-09-05 23:47 - 000000000 ____D C:\VueScan
2020-05-29 11:08 - 2009-07-14 07:08 - 000032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-05-26 18:47 - 2013-07-26 13:00 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2020-05-26 18:47 - 2013-07-26 11:09 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-05-26 18:47 - 2013-07-26 11:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-05-26 18:47 - 2013-07-26 11:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-26 18:47 - 2013-07-26 11:09 - 000000000 ____D C:\Windows\system32\Macromed
2020-05-18 13:24 - 2020-04-17 12:09 - 000000000 ____D C:\Mozilla Firefox32
2020-05-18 13:24 - 2013-07-26 10:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-05-16 11:08 - 2019-09-13 10:03 - 000072192 ___SH C:\Users\Usuario\Thumbs.db
2020-05-11 13:31 - 2013-07-25 20:31 - 000000000 ____D C:\Users\Usuario
2020-05-10 03:37 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\AppCompat
2020-05-09 17:39 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2020-05-09 09:35 - 2013-07-25 20:43 - 000000000 ____D C:\Program Files\Intel
2020-05-09 09:33 - 2013-07-26 14:14 - 001660778 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-05-09 08:33 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2020-05-09 08:32 - 2019-02-28 23:24 - 000000000 ___SD C:\Windows\system32\CompatTel
2020-05-09 08:32 - 2019-02-28 23:24 - 000000000 ____D C:\Windows\system32\appraiser
2020-05-09 08:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-05-09 08:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Dism
2020-05-07 20:46 - 2019-01-23 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2020-05-07 20:46 - 2019-01-23 23:39 - 000000000 ____D C:\Program Files (x86)\HDDGURU LLF Tool
2020-05-05 21:29 - 2013-08-01 17:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2020-05-04 02:11 - 2019-07-05 20:22 - 000000000 ____D C:\Users\Usuario\Documents\Negocios

==================== Archivos en la raíz de algunos directorios ========

2020-05-09 09:32 - 2020-05-09 09:32 - 489039748 _____ () C:\Users\Usuario\Todo.reg
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\4913.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\4B36.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\4D49.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\4F2E.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\50E0.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\5132.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\5592.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\563F.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\5797.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ () C:\Users\Usuario\AppData\Roaming\57A8.tmp
2020-05-09 08:31 - 2019-08-29 04:50 - 000248887 ___SH () C:\Users\Usuario\AppData\Roaming\fbajrwe
2019-01-11 00:22 - 2019-01-11 01:22 - 000099384 _____ () C:\Users\Usuario\AppData\Roaming\inst.exe
2020-05-09 08:31 - 2019-08-29 04:50 - 000320202 ___SH () C:\Users\Usuario\AppData\Roaming\itwecjc
2019-01-11 00:22 - 2019-01-11 01:22 - 000007859 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.cat
2019-01-11 00:22 - 2019-01-11 01:22 - 000001167 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.inf
2019-01-11 00:22 - 2019-01-11 01:22 - 000000055 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.log
2019-01-11 00:22 - 2019-01-11 01:22 - 000082816 _____ (VSO Software) C:\Users\Usuario\AppData\Roaming\pcouffin.sys
2019-10-12 21:52 - 2019-10-12 21:55 - 000004603 _____ () C:\Users\Usuario\AppData\Roaming\VoiceMeeterDefault.xml
2019-09-20 10:32 - 2020-01-28 20:41 - 000535552 _____ (Dirección General de la Policía) C:\Users\Usuario\AppData\Local\DNIeService.exe
2019-01-23 23:39 - 2019-01-23 23:39 - 000000001 _____ () C:\Users\Usuario\AppData\Local\llftool.4.40.agreement
2019-01-23 23:39 - 2019-01-23 23:39 - 000000019 _____ () C:\Users\Usuario\AppData\Local\llftool.license
2020-04-24 10:40 - 2020-04-24 10:40 - 000000762 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel
2014-08-12 11:15 - 2019-05-09 11:47 - 000007644 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restaurado correctamente

LastRegBack: 2020-05-30 15:24
==================== Final de FRST.txt ========================

ferdv77 · 31 Mayo, 2020 16:37


Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 30-05-2020 01
Ejecutado por Usuario (31-05-2020 18:18:08)
Ejecutado desde F:\Descargas
Windows 7 Ultimate Service Pack 1 (X64) (2013-07-25 18:31:53)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-3736251313-4123297334-1401593606-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3736251313-4123297334-1401593606-1004 - Limited - Enabled)
Invitado (S-1-5-21-3736251313-4123297334-1401593606-501 - Limited - Disabled)
Usuario (S-1-5-21-3736251313-4123297334-1401593606-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Avira Antivirus (Disabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Avira Antivirus (Disabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Reader 9.5.5 - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIDA64 Business Edition v2.85 (HKLM-x32\...\AIDA64 Business Edition_is1) (Version: 2.85 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{8C1DA63E-3B80-46B5-64CC-8BE27A0C3FB4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ant Video downloader (Native messaging host) (HKLM-x32\...\{41A57734-2ED5-449A-BAF0-F0B356417716}) (Version: 4.7 - Ant.com)
Arasan 21.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Argente Utilities 1.0.6.2 (HKLM-x32\...\Argente Utilities_is1) (Version: 1.0.6.2 - Argente Software)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.3.1.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2005.1889 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.2.0.1945 - Avira Operations GmbH & Co. KG)
Bigasoft Total Video Converter 4.2.5.5242 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
calibre (HKLM-x32\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Descargar de Antena 3 versión 1.0 (HKLM-x32\...\{B58E7A36-09A3-4514-9020-EA8D5AE2F92F}_is1) (Version: 1.0 - Televisión a la carta)
DreamChess 0.2.0 (HKLM-x32\...\DreamChess) (Version:  - )
Dual Smart Solution (HKLM-x32\...\{E61F7C73-277C-44CE-87C4-B574BF0F3803}) (Version: 2.7 - LG Soft India Pvt Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
foobar2000 v1.4.2 (HKLM-x32\...\foobar2000) (Version: 1.4.2 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Free PDF Compressor (HKLM-x32\...\{BFA49A14-EC18-4071-BC13-B43043B09222}_is1) (Version:  - freepdfcompressor.com)
FreeUndelete 2.1.36867.1 (HKLM-x32\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
gbrainy 2.06 (HKLM-x32\...\gbrainy) (Version: 2.06 - )
Glary Utilities 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd)
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.2 - HexChat)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Información del sistema de Creative (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Inkscape 0.92.5 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.5.0 - Inkscape project)
Instalable DNIe (HKLM\...\{D2CE0562-13E0-4FC9-85F2-CA3D0392310E}) (Version: 14.0.2 - Cuerpo Nacional de Policía)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{882BDE19-AA38-4442-964D-7D34BFBB091A}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.63 - IVONA Software Sp. z o.o.)
Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junior Icon Editor (HKLM-x32\...\Junior Icon Editor) (Version: 4.37 - SibCode)
Kodi (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Kodi) (Version:  - XBMC Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Loquendo TTS: Carmen (Spanish) (HKLM-x32\...\LoqTTS-Carmen_is1) (Version:  - )
Loquendo TTS: Diego (Spanish) (HKLM-x32\...\LoqTTS-Diego_is1) (Version:  - )
Loquendo TTS: Esperanza (Spanish-Mexican) (HKLM-x32\...\LoqTTS-Esperanza_is1) (Version:  - )
Loquendo TTS: Francisca (Spanish-Chilean) (HKLM-x32\...\LoqTTS-Francisca_is1) (Version:  - )
Loquendo TTS: Jorge (Spanish) (HKLM-x32\...\LoqTTS-Jorge_is1) (Version:  - )
Loquendo TTS: Juan (Spanish) (HKLM-x32\...\LoqTTS-Juan_is1) (Version:  - )
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
MiniTool Partition Wizard Free 12 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Firefox 76.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 76.0.1 (x86 es-ES)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OneClickFirewall (HKLM\...\OneClickFirewall) (Version: 1.0.0.2 - hxxp://winaero.com)
Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
RealSpeak Solo para Castellano, Isabel (HKLM-x32\...\{3D263D43-FFA4-4B03-9663-6868AABC1AFC}) (Version: 4.00.0000 - ScanSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
RecordPad, grabadora de audio (HKLM-x32\...\Recordpad) (Version: 7.06 - NCH Software)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Sp5 (HKLM-x32\...\{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (HKLM-x32\...\{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (HKLM-x32\...\{E415C943-37E5-473F-8BAE-043C56734124}) (Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (HKLM-x32\...\{6C3959C6-943E-44B3-BAAD-570B04B134E5}) (Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (HKLM-x32\...\{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}) (Version: 6.0.3122.0 - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot Anti-Beacon (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 2.1 - Safer-Networking Ltd.)
SSD Utility (HKLM-x32\...\{83C7BFA7-172B-45B3-B339-C66B6F370344}) (Version: 3.1.3276 - Toshiba Memory Corporation)
System Stability Tester (win64) (HKLM\...\{17D407A5-AC63-4367-8032-9EB0C9307EDA}) (Version: 1.5.1 - (c) 2005-2012 Lucas Tsatiris)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Tetris (HKLM-x32\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.41 - Crystal Office Systems)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.29 - VSO Software)
VueScan (HKLM\...\VueScan) (Version:  - )
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (04/08/2018 1.0.2.8) (HKLM\...\7B3391C6362BF89258FE123715A1CB82A8286DF6) (Version: 04/08/2018 1.0.2.8 - Dirección General de la Policía)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Data Recovery(Build 6.2.1.0) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.2.1.0 - Wondershare Software Co.,Ltd.)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> Ningún archivo
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ningún archivo
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> Ningún archivo
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [Archivo no firmado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers2: [Eraser] -> [CC]{BC9B776A-90D7-4476-A791-79D835F30650} =>  -> Ningún archivo
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2014-09-29] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers2: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ningún archivo
ContextMenuHandlers2: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ningún archivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} =>  -> Ningún archivo
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [Archivo no firmado]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> [CC]{A94757A0-0226-426F-B4F1-4DF381C630D3} =>  -> Ningún archivo
ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ningún archivo
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers6: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers6: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ningún archivo
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo

==================== Codecs (Lista blanca) ====================

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Módulos cargados (Lista blanca) =============

2013-07-25 20:42 - 2012-05-30 14:55 - 000059904 _____ ( () [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000007168 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000032768 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorIcon.resources.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000004608 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IntelVisualDesign.resources.dll
2013-07-25 20:42 - 2012-05-30 14:55 - 000176128 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2013-07-25 20:42 - 2012-05-30 14:55 - 001319424 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ ( (Microsoft Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2013-07-25 20:43 - 2013-07-25 20:43 - 000225280 _____ ( (Microsoft Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-07-02 20:26 - 2019-07-02 20:26 - 000172544 ____H () [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\59287b78c3ec80a796fc72e83bac8716\IsdiInterop.ni.dll
2019-07-02 20:26 - 2019-07-02 20:26 - 000014336 ____H (Intel Corp.) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f39005543919a2bd9bbf96f2173ba9d\IAStorCommon.ni.dll
2013-07-25 20:42 - 2012-05-30 14:43 - 000279552 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2013-07-25 20:44 - 2013-07-18 10:42 - 000073728 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-05-09 09:47 - 2020-05-09 09:47 - 000229376 _____ (Intel Corporation) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\969c90941cf6f8fe7fec9da7cf0d5ad3\IAStorDataMgr.ni.dll
2020-05-09 09:47 - 2020-05-09 09:47 - 000489472 _____ (Intel Corporation) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c7e9c41295d9d7a77590986b08fac83\IAStorUtil.ni.dll
2020-05-31 05:18 - 2020-05-31 05:18 - 000913920 _____ (ServiceStack) [Archivo no firmado] C:\Windows\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\1c451b416fc7b4c8b1ecd15a4bb91187\ServiceStack.Text.ni.dll
2017-02-12 02:28 - 2015-09-28 20:08 - 000255488 _____ (Sysprogs OU) [Archivo no firmado] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [352]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]
AlternateDataStreams: C:\ProgramData\TEMP:960C67A0 [129]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Hay 7947 más sitios.

IE trusted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\1-2005-search.com -> www.1-2005-search.com

Hay 12754 más sitios.


==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-14 04:34 - 2020-05-31 02:21 - 000458998 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Hay 15730 más lineas.


2015-03-19 21:02 - 2015-03-19 21:02 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Users\Usuario\AppData\Local\Smartbar\Application\;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.231.6.7 - 46.6.113.34
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeraCopyService => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Smart Solution.lnk => C:\Windows\pss\Dual Smart Solution.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Guard.lnk => C:\Windows\pss\Guard.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartClock.lnk => C:\Windows\pss\SmartClock.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: agt7me => rundll32.exe "C:\Program Files (x86)\agt7me\agt7me.dll",agt7me
MSCONFIG\startupreg: Clam Sentinel => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
MSCONFIG\startupreg: ClamWin => "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" -atRestart
MSCONFIG\startupreg: FastAccess Web Alert => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: MTPW => "C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe"
MSCONFIG\startupreg: MTSM => "C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe" --auto
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => C:\Users\Usuario\AppData\Roaming\NVIDIA\dllhost.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{82D0F5DE-7169-4845-A4DB-35F4D246FF7B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{C2776908-170F-4E7B-A29F-A80B62164780}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{CF9ED203-6A0A-4566-A1E6-60B6885DCEAB}C:\users\usuario\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Block) C:\users\usuario\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{5761B84C-2174-45CD-82B7-89AA2B5C0148}C:\users\usuario\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Block) C:\users\usuario\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe () [Archivo no firmado]
FirewallRules: [{CF755749-E6B2-410D-90EF-869677EC4C67}] => (Allow) C:\Mozilla Firefox32\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{67754056-D6F0-43C9-AA33-0D153A4002D5}] => (Allow) C:\Mozilla Firefox32\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{60767C68-464E-402E-8C84-A536F21566DF}] => (Block) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{FAD40311-DAC7-4397-92D6-4D31F631DEEB}] => (Block) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [TCP Query User{F36BDF57-26F5-4A1B-A703-05FE12A1D781}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{0BBFB483-DE8F-4EC3-AE29-03F80DFD5981}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F35007D2-9B58-4471-99DE-2DD9166B0807}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8DCAF583-BAE2-478C-8638-D5F70B4DB46F}] => (Block) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Incorporated -> Foxit Software Inc.)
FirewallRules: [{0C92BF72-188F-4F93-B5E6-1B422C9CC440}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo
FirewallRules: [{38B89F93-7F88-49EB-B1D5-FE722BE5176D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo
FirewallRules: [{D166377C-B525-455D-866C-F25CCA660328}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo

==================== Puntos de Restauración =========================

31-05-2020 06:06:23 Removed Avira Software Updater

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (05/31/2020 06:14:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/31/2020 06:11:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/31/2020 05:36:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/31/2020 02:03:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/31/2020 12:33:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/30/2020 11:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/30/2020 11:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/30/2020 10:57:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000204,(null),0,REG_BINARY,0000000001C4F020.72). HR = 0x80070005, Acceso denegado.
.


Errores del sistema:
=============
Error: (05/31/2020 06:14:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (05/31/2020 06:13:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk3\DR3.

Error: (05/31/2020 06:13:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk3\DR3.

Error: (05/31/2020 06:13:02 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (05/31/2020 06:11:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (05/31/2020 06:10:26 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (05/31/2020 05:36:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (05/31/2020 05:35:43 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado


Windows Defender:
===================================
Date: 2019-02-13 23:15:30.657
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{3C965762-5C7F-47DF-9CF1-A8B03F6DBCC1}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Usuario-PC\Usuario

Date: 2019-01-26 22:53:23.890
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=207199
Nombre:BrowserModifier:Win32/KipodToolsCby
Id.:207199
Gravedad:Alta
Categoría:Modificador de explorador
Ruta de acceso encontrada:containerfile:I:\WesternDigitalHD\LG HD\Titín\Downloads\iLividSetupV1.exe;file:I:\WesternDigitalHD\LG HD\Titín\Downloads\iLividSetupV1.exe->(7zSfx)->iLividSetupV1.res->InstallHelper.dll
Tipo de detección:Concreto
Origen de detección:Sistema
Estado:Desconocido
Usuario:NT AUTHORITY\SYSTEM
Nombre de proceso:

Date: 2018-12-21 16:13:50.853
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{03012458-2A46-449C-83D1-8DC292373FDE}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Usuario-PC\Usuario

CodeIntegrity:
===================================

Date: 2020-05-15 02:32:01.983
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.917
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.856
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.795
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.738
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.678
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.620
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.560
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. P1.00 08/22/2012
Placa base: ASRock B75M-GL R2.0
Procesador: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Porcentaje de memoria en uso: 51%
RAM física total: 7880.81 MB
RAM física disponible: 3814.71 MB
Virtual total: 7878.95 MB
Virtual disponible: 3593.32 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:16.29 GB) NTFS
Drive d: (Toshiba 2GB) (Fixed) (Total:1863.01 GB) (Free:113.99 GB) NTFS
Drive f: (SO) (Fixed) (Total:97.66 GB) (Free:28.11 GB) NTFS
Drive g: (Backup) (Fixed) (Total:833.85 GB) (Free:14.29 GB) NTFS
Drive h: (Toshiba1000) (Fixed) (Total:931.51 GB) (Free:798.9 GB) NTFS

\\?\Volume{bf7ad58a-f54f-11e2-af5f-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1CBECC65)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 0A5624AB)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.8 GB) - (Type=0F Extended)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0631EE4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================

ferdv77 · 2 Junio, 2020 08:03

Buenos días, he instalado el Malwarebytes. De repente me sale una alerta de un intento de comunicación con una web por la que no estoy navegando. Ocurre varias veces y suele ser con:

-Detalles del registro- Fecha del evento de protección: 2/6/20 Hora del evento de protección: 9:43 Archivo de registro: c7d2574c-a4a4-11ea-b2c9-bc5ff46df346.json

-Información del software- Versión: 4.1.0.56 Versión de los componentes: 1.0.931 Versión del paquete de actualización: 1.0.24882 Licencia: Prueba

-Información del sistema- SO: Windows 7 Service Pack 1 CPU: x64 Sistema de archivos: NTFS Usuario: System

-Detalles del sitio web bloqueado- Sitio web malicioso: 1 , C:\Mozilla Firefox32\firefox.exe, Bloqueado, -1, -1, 0.0.0

-Datos de sitio web- Categoría: Malvertising Dominio: pctnew.org Dirección IP: 172.67.70.144 Puerto: 443 Tipo: Saliente Archivo: C:\Mozilla Firefox32\firefox.exe

Supongo que estará relacionado con los dos archivos que no puedo borrar. A ver que podemos hacer…

Agradecido por el esfuerzo de antemano.

P.D. También olvidé colocar la “/” en el “[/CODE]” del final. Volví a copiar los textos corregidos.

Daniela · 2 Junio, 2020 22:33

Hola

No descargaste y ejecutaste FRST desde el escritorio como te indiqué, muevelo allí pero a la unidad principal C:/ si no fallará el siguiente paso.

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3a07267a-4ca4-11ea-a797-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3aebc13a-1e18-11e9-af4f-bc5ff46df346} - V:\AutoRunCD.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3de43ab0-1417-11ea-9832-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145912-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145913-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {8bea64ee-1a65-11e9-8151-bc5ff46df346} - H:\Audio\setup.exe
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {cfe08f53-4eeb-11e9-8ae2-bc5ff46df346} - V:\Install.exe
GroupPolicy: Restricción ? <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
CHR HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
Task: {78B16FF2-8C85-4503-9B8A-4E2143BE8407} - \NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} -> Ningún archivo <==== ATENCIÓN
Task: {9E97616D-6172-40A4-8CCE-A5B1956D7C31} - \NvNgxUpdateCheckDaily_{A5ECD9C6-D9C6-D9C6-D9C6-A5ECD9C6D9C6} -> Ningún archivo <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN
BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ningún archivo
BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ningún archivo
FF Plugin: @microsoft.com/GENUINE -> disabled [Ningún archivo]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Ningún archivo]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>
"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
S4 E311D18D; C:\ProgramData\E311D18D\E2A83CCC.dll [X]
S4 cmuda3; system32\drivers\cmudax3.sys [X]
S4 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S4 csrpan; system32\DRIVERS\csrpan.sys [X]
S4 csrserial; system32\DRIVERS\csrserial.sys [X]
S4 csrusb; System32\Drivers\csrusb.sys [X]
S4 csr_bthav; system32\drivers\csrbthav.sys [X]
S4 PortTalk; System32\Drivers\PortTalk.sys [X]
S4 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
2020-05-30 23:59 - 2020-05-31 00:06 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-05-30 20:57 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\f4a074664131
2020-05-30 20:41 - 2020-05-30 21:21 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ue42onrwt5y
2020-05-30 20:15 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\bowf1qjgi2x
2020-05-30 20:05 - 2020-05-30 20:05 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\3098htrhpen8ifg0
2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ft2rckz4wwz
2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\3g4e5bqih3z
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\57A8.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5797.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\563F.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5592.tmp
2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\50E0.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\5132.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4F2E.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4D49.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4B36.tmp
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming\4913.tmp
2020-05-09 10:53 - 2020-05-13 22:11 - 000003276 _____ C:\Windows\system32\Tasks\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80}
2020-05-09 10:33 - 2020-05-13 22:11 - 000003240 _____ C:\Windows\system32\Tasks\{A4F6DD8F-01B6-4956-8BC1-662F14150094}
2020-05-09 08:31 - 2019-08-29 04:50 - 000320202 ___SH C:\Users\Usuario\AppData\Roaming\itwecjc
2020-05-09 08:31 - 2019-08-29 04:50 - 000248887 ___SH C:\Users\Usuario\AppData\Roaming\fbajrwe
ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> Ningún archivo
ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ningún archivo
ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> Ningún archivo
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers2: [Eraser] -> [CC]{BC9B776A-90D7-4476-A791-79D835F30650} =>  -> Ningún archivo
ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers2: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ningún archivo
ContextMenuHandlers2: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ningún archivo
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} =>  -> Ningún archivo
ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> [CC]{A94757A0-0226-426F-B4F1-4DF381C630D3} =>  -> Ningún archivo
ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ningún archivo
ContextMenuHandlers6: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ningún archivo
ContextMenuHandlers6: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ningún archivo
ContextMenuHandlers6: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ningún archivo
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [352]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]
AlternateDataStreams: C:\ProgramData\TEMP:960C67A0 [129]
FirewallRules: [{0C92BF72-188F-4F93-B5E6-1B422C9CC440}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo
FirewallRules: [{38B89F93-7F88-49EB-B1D5-FE722BE5176D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo
FirewallRules: [{D166377C-B525-455D-866C-F25CCA660328}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ningún archivo



HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Inicia en modo seguro para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX/Corregir y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

ferdv77 · 3 Junio, 2020 07:04

Muchas gracias y disculpe por el/los despistes.

Sigo sin poder borrar las entradas del inicio y el Malwarebytes me ha vuelto a indicar que pctnew ha intentado conectarse.

Anoto el log:


Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 02-06-2020
Ejecutado por Usuario (03-06-2020 08:56:08) Run:2
Ejecutado desde C:\Users\Usuario\Desktop
Perfiles cargados: Usuario
Modo de Inicio: Safe Mode (minimal)
==============================================

fixlist contenido:
*****************
START

CREATERESTOREPOINT:

CLOSEPROCESSES:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricci�n <==== ATENCI�N

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3a07267a-4ca4-11ea-a797-bc5ff46df346} - V:\setup.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3aebc13a-1e18-11e9-af4f-bc5ff46df346} - V:\AutoRunCD.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {3de43ab0-1417-11ea-9832-bc5ff46df346} - V:\setup.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145912-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {74145913-1b8b-11ea-a03e-bc5ff46df346} - V:\setup.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {8bea64ee-1a65-11e9-8151-bc5ff46df346} - H:\Audio\setup.exe

HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\MountPoints2: {cfe08f53-4eeb-11e9-8ae2-bc5ff46df346} - V:\Install.exe

GroupPolicy: Restricci�n ? <==== ATENCI�N

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricci�n <==== ATENCI�N

CHR HKLM\SOFTWARE\Policies\Google: Restricci�n <==== ATENCI�N

CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Policies\Google: Restricci�n <==== ATENCI�N

Task: {78B16FF2-8C85-4503-9B8A-4E2143BE8407} - \NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544} -> Ning�n archivo <==== ATENCI�N

Task: {9E97616D-6172-40A4-8CCE-A5B1956D7C31} - \NvNgxUpdateCheckDaily_{A5ECD9C6-D9C6-D9C6-D9C6-A5ECD9C6D9C6} -> Ning�n archivo <==== ATENCI�N

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricci�n <==== ATENCI�N

BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ning�n archivo

BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ning�n archivo

FF Plugin: @microsoft.com/GENUINE -> disabled [Ning�n archivo]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Ning�n archivo]

CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <no encontrado>

CHR HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>

CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <no encontrado>

"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCI�N

HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCI�N (Rootkit!/Servicio bloqueado)

"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCI�N

HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)

"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N

HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)

"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N

HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)

S4 E311D18D; C:\ProgramData\E311D18D\E2A83CCC.dll [X]

S4 cmuda3; system32\drivers\cmudax3.sys [X]

S4 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]

S4 csrpan; system32\DRIVERS\csrpan.sys [X]

S4 csrserial; system32\DRIVERS\csrserial.sys [X]

S4 csrusb; System32\Drivers\csrusb.sys [X]

S4 csr_bthav; system32\drivers\csrbthav.sys [X]

S4 PortTalk; System32\Drivers\PortTalk.sys [X]

S4 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]

S4 VGPU; System32\drivers\rdvgkmd.sys [X]

2020-05-30 23:59 - 2020-05-31 00:06 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2020-05-30 20:57 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\f4a074664131

2020-05-30 20:41 - 2020-05-30 21:21 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ue42onrwt5y

2020-05-30 20:15 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\bowf1qjgi2x

2020-05-30 20:05 - 2020-05-30 20:05 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow098htrhpen8ifg0

2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ft2rckz4wwz

2020-05-30 19:55 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roamingg4e5bqih3z

2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming7A8.tmp

2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming797.tmp

2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming63F.tmp

2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming592.tmp

2020-05-30 11:44 - 2020-05-30 11:44 - 000000000 _____ C:\Users\Usuario\AppData\Roaming0E0.tmp

2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming132.tmp

2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\RoamingF2E.tmp

2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\RoamingD49.tmp

2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\RoamingB36.tmp

2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 _____ C:\Users\Usuario\AppData\Roaming913.tmp

2020-05-09 10:53 - 2020-05-13 22:11 - 000003276 _____ C:\Windows\system32\Tasks\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80}

2020-05-09 10:33 - 2020-05-13 22:11 - 000003240 _____ C:\Windows\system32\Tasks\{A4F6DD8F-01B6-4956-8BC1-662F14150094}

2020-05-09 08:31 - 2019-08-29 04:50 - 000320202 ___SH C:\Users\Usuario\AppData\Roaming\itwecjc

2020-05-09 08:31 - 2019-08-29 04:50 - 000248887 ___SH C:\Users\Usuario\AppData\Roaming\fbajrwe

ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> Ning�n archivo

ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ning�n archivo

ContextMenuHandlers1: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ning�n archivo

ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} =>  -> Ning�n archivo

ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ning�n archivo

ContextMenuHandlers2: [Eraser] -> [CC]{BC9B776A-90D7-4476-A791-79D835F30650} =>  -> Ning�n archivo

ContextMenuHandlers2: [TeraCopyS64] -> [CC]{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ning�n archivo

ContextMenuHandlers2: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ning�n archivo

ContextMenuHandlers2: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ning�n archivo

ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} =>  -> Ning�n archivo

ContextMenuHandlers4: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ning�n archivo

ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ning�n archivo

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ning�n archivo

ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> [CC]{A94757A0-0226-426F-B4F1-4DF381C630D3} =>  -> Ning�n archivo

ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> Ning�n archivo

ContextMenuHandlers6: [TeraCopyS64] -> [CC]{A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} =>  -> Ning�n archivo

ContextMenuHandlers6: [UltraISO] -> [CC]{AD392E40-428C-459F-961E-9B147782D099} =>  -> Ning�n archivo

ContextMenuHandlers6: [WinCDEmu] -> [CC]{A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>  -> Ning�n archivo

ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> Ning�n archivo

ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Ning�n archivo

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [352]

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]

AlternateDataStreams: C:\ProgramData\TEMP:960C67A0 [129]

FirewallRules: [{0C92BF72-188F-4F93-B5E6-1B422C9CC440}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ning�n archivo

FirewallRules: [{38B89F93-7F88-49EB-B1D5-FE722BE5176D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ning�n archivo

FirewallRules: [{D166377C-B525-455D-866C-F25CCA660328}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Ning�n archivo







HOSTS:

REMOVEPROXY:

EMPTYTEMP:

CMD: netsh winsock reset

CMD: ipconfig /renew

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a07267a-4ca4-11ea-a797-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aebc13a-1e18-11e9-af4f-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de43ab0-1417-11ea-9832-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74145912-1b8b-11ea-a03e-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74145913-1b8b-11ea-a03e-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bea64ee-1a65-11e9-8151-bc5ff46df346} => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe08f53-4eeb-11e9-8ae2-bc5ff46df346} => no encontrado
"C:\Windows\system32\GroupPolicy\Machine" => no encontrado
HKLM\SOFTWARE\Policies\Mozilla => no encontrado
HKLM\SOFTWARE\Policies\Google => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Policies\Google => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78B16FF2-8C85-4503-9B8A-4E2143BE8407}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E97616D-6172-40A4-8CCE-A5B1956D7C31}" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNgxUpdateCheckDaily_{A5ECD9C6-D9C6-D9C6-D9C6-A5ECD9C6D9C6}" => no encontrado
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => no encontrado
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => no encontrado
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => no encontrado
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => no encontrado
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => no encontrado
HKLM\SOFTWARE\Google\Chrome\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo => no encontrado
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => no encontrado
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdkdmoacnkphoadmfidlhfdobieblphn => no encontrado
"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
E311D18D => servicio no encontrado.
cmuda3 => servicio no encontrado.
CsrBtPort => servicio no encontrado.
csrpan => servicio no encontrado.
csrserial => servicio no encontrado.
csrusb => servicio no encontrado.
csr_bthav => servicio no encontrado.
PortTalk => servicio no encontrado.
VBAudioVMVAIOMME => servicio no encontrado.
VGPU => servicio no encontrado.
"C:\ProgramData\Malwarebytes' Anti-Malware (portable)" => no encontrado
"C:\Users\Usuario\AppData\Roaming\f4a074664131" => no encontrado
"C:\Users\Usuario\AppData\Roaming\ue42onrwt5y" => no encontrado
"C:\Users\Usuario\AppData\Roaming\bowf1qjgi2x" => no encontrado
"C:\Users\Usuario\AppData\LocalLow098htrhpen8ifg0" => no encontrado
"C:\Users\Usuario\AppData\Roaming\ft2rckz4wwz" => no encontrado
"C:\Users\Usuario\AppData\Roamingg4e5bqih3z" => no encontrado
"C:\Users\Usuario\AppData\Roaming7A8.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming797.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming63F.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming592.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming0E0.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming132.tmp" => no encontrado
"C:\Users\Usuario\AppData\RoamingF2E.tmp" => no encontrado
"C:\Users\Usuario\AppData\RoamingD49.tmp" => no encontrado
"C:\Users\Usuario\AppData\RoamingB36.tmp" => no encontrado
"C:\Users\Usuario\AppData\Roaming913.tmp" => no encontrado
"C:\Windows\system32\Tasks\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80}" => no encontrado
"C:\Windows\system32\Tasks\{A4F6DD8F-01B6-4956-8BC1-662F14150094}" => no encontrado
"C:\Users\Usuario\AppData\Roaming\itwecjc" => no encontrado
"C:\Users\Usuario\AppData\Roaming\fbajrwe" => no encontrado
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => no encontrado
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => no encontrado
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TeraCopyS64 => no encontrado
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt => no encontrado
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => no encontrado
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Eraser => no encontrado
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\TeraCopyS64 => no encontrado
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\UltraISO => no encontrado
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\WinCDEmu => no encontrado
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\RecuvaShellExt => no encontrado
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\TeraCopyS64 => no encontrado
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WinRAR32 => no encontrado
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Foxit_ConvertToPDF_Reader => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\TeraCopyS64 => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UltraISO => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinCDEmu => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => no encontrado
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => no encontrado
C:\ProgramData\TEMP => ":1AAB2E68" ADS no pudo ser eliminado.
C:\ProgramData\TEMP => ":1CE11B51" ADS eliminado correctamente
C:\ProgramData\TEMP => ":960C67A0" ADS no pudo ser eliminado.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C92BF72-188F-4F93-B5E6-1B422C9CC440}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38B89F93-7F88-49EB-B1D5-FE722BE5176D}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D166377C-B525-455D-866C-F25CCA660328}" => no encontrado
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= Final de CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= Final de CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4316732 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 912 B
Edge => 0 B
Chrome => 0 B
Firefox => 29456322 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 66151 B
LocalService => 66151 B
NetworkService => 66151 B
Usuario => 138646 B
boinc_master => 138646 B

RecycleBin => 0 B
EmptyTemp: => 32.7 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 08:56:14 ====

Daniela · 6 Junio, 2020 21:47

Hola

Prácticamente no ha eliminado nada FRST o no lo ha encontrado, pasaste FRST y lo ejecutaste desde el escritorio de la unidad principal?

Realizas lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

Este no da reporte cuando te encuentres al finalizar, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Comenta como sigue.

Un saludo

ferdv77 · 8 Junio, 2020 00:17

Hola, ejecuté el FRST desde el escritorio C:/ que es mi unidad principal y como administrador.

Le he pasado el “Eset Online Scaner” y tampoco encontró nada salvo falsos positivos en otras unidades como el “Hiren’s Boot”. (Tardó varias horas en escanear) Perdí algunos archivos exe y mp3 que no pudieron ser sacados de la cuarentena por error. Nada grave.

El “Kasperky Virus Removal Tool” detectó esto que fue borrado.

Parece que va mejor porque desde el día 6 no se intenta conectar a ninguna web. Aunque no sé qué programa gratuito instalar para controlar esto, que no se conecte solo a ninguna web, cuando pase el período de prueba del Malwarebytes. ¿Sabes de alguno?

Las entradas del inicio imborrables continúan intactas. Las he encontrado en el editor de registro pero no quiero modificar nada sin estudiarlo muy bien.

¿Cuál es el siguiente paso?

Muchas gracias por tu ayuda de todas formas.

P.D. El Avira ha encontrado varios positivos:

Avira Avira2

Daniela · 9 Junio, 2020 22:32

Hola

Ejecuta de nuevo FRST y trae los reportes.

Un saludo

ferdv77 · 10 Junio, 2020 10:43


Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 06-06-2020
Ejecutado por Usuario (administrador) sobre USUARIO-PC (10-06-2020 12:25:10)
Ejecutado desde C:\Users\Usuario\Desktop
Perfiles cargados: Usuario
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Español (España, internacional)
Internet Explorer Versión 8 (Navegador predeterminado: "C:\Mozilla Firefox32\firefox.exe" -osint -url "%1")
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Mozilla Firefox32\firefox.exe <7>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133408 2012-09-11] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-08-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Run: [] => [X]
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> boinc.scr
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
BootExecute: autocheck autochk /p \??\M:autocheck autochk *  sdnclean64.exe

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {013C0358-8AF7-492F-87D0-3FA1B896F373} - System32\Tasks\{1FB0B17C-F18F-4D8A-AD07-A926806C1D55} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\esperanza.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {0BBAB0A3-F773-4246-9285-5F8FF61907AA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {12F70F21-9404-40E7-8634-D341A733AF92} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759632 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {217DE458-BD0C-4E2E-9CD3-404BEDC6EBF8} - System32\Tasks\{C3AD988C-0DAD-4540-9C09-C6DF120F98AF} => C:\Windows\system32\pcalua.exe -a F:\Descargas\clamwin-0.99.4-setup-nodb.exe -d F:\Descargas
Task: {3DD391BE-E64D-449B-874E-31DC302907F8} - \{A4F6DD8F-01B6-4956-8BC1-662F14150094} -> Ningún archivo <==== ATENCIÓN
Task: {3E99DE4D-F46D-42C6-AC6C-85682D5E946C} - System32\Tasks\{D43A7368-6411-411D-B2DD-7FD9D7656C91} => C:\Windows\system32\pcalua.exe -a F:\Descargas\eMule0.50a-Installer.exe -d F:\Descargas
Task: {444585BF-67AE-4043-B132-56215753DF1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {736F0C77-AB2D-4107-B08A-22FB413A828F} - System32\Tasks\{4F6C1320-4520-4A64-B5D1-283AF9E56119} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\jorge.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {7AABC385-EF32-44FE-BC0C-FB09027639FE} - System32\Tasks\{6E315DFB-9F42-4D8A-B27D-2DF5575899C5} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\converter.exe -d C:\Users\Usuario\Downloads
Task: {8C502DDD-8587-44B1-A039-8DF365267C09} - System32\Tasks\G2MUploadTask-S-1-5-21-3736251313-4123297334-1401593606-1000 => C:\Users\Usuario\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-06-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A5C24F1B-9FC7-4698-BCA8-CD386E30DA93} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Task: {AACB8A7D-3781-4593-A1F7-D808D3282AF6} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {ADBB3933-2934-45BC-BF6E-25AD1118487D} - System32\Tasks\{79D440D2-1A2A-4BF2-91A0-EF6B5520B4D1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo\jorge.exe" -d "C:\Users\Usuario\Desktop\Balabolka\Balabolka\Voces loquendo"
Task: {B3E7BB2A-84B6-4113-BC43-A6DF5A1829CA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
Task: {C5EDCFCE-A482-4EA4-89C2-AA838DA03DDF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-16] (Intel® Services Manager -> Intel Corporation)
Task: {DB4E2C4B-73CA-4DE3-8461-064FF6C8095B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233792 2012-04-16] (Intel® Services Manager -> Intel Corporation)
Task: {DF4C6741-AD02-4440-BCAB-16D7C2CA573F} - System32\Tasks\{9E5DA3B6-AEA1-41D6-9ED8-E3FCEE257E4E} => F:\Descargas\DNIe_v14_0_2(32bits)(3).exe
Task: {E81EE10F-BBAB-477F-8034-A92A1CA7C7EE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
Task: {FAE500C1-5C4B-4598-ABA5-3590E6F3B704} - \{94B9516E-4183-4012-8D5C-2D9CA7BF5E80} -> Ningún archivo <==== ATENCIÓN
Task: {FB1B407C-4C15-42F9-9C99-0FB2EB95F103} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FFADF162-6274-4821-B0CC-7A23D1C13D80} - System32\Tasks\G2MUpdateTask-S-1-5-21-3736251313-4123297334-1401593606-1000 => C:\Users\Usuario\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-06-04] (LogMeIn, Inc. -> LogMeIn, Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => F:\Descargas\adwcleaner_8.0.5.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3736251313-4123297334-1401593606-1000.job => C:\Users\Usuario\AppData\Local\GoToMeeting\17359\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3736251313-4123297334-1401593606-1000.job => C:\Users\Usuario\AppData\Local\GoToMeeting\17359\g2mupload.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{B2DCCE5B-646B-439C-9443-FE7E25EEDB5B}: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{E7E885D1-DF41-4D2B-833C-421460112AB7}: [DhcpNameServer] 80.58.61.250 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ningún archivo
BHO-x32: Sin Nombre -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> Ningún archivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ningún archivo
Toolbar: HKLM - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ningún archivo
Toolbar: HKLM-x32 - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ningún archivo
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: m9f4ou2y.default-1394146220714
FF DefaultProfile: 66vo6dwp.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1 [2020-06-10]
FF DownloadDir: F:\Descargas
FF Homepage: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> hxxps://www.startpage.com/es/
FF NewTab: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-05-14 07:44:13&bName=&bitmask=0300
FF NetworkProxy: Mozilla\Firefox\Profiles\nikggb16.default-release-1 -> type", 0
FF Extension: (Ant Video downloader) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-30]
FF Extension: (General Catalan dictionary) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-06-08]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-24]
FF Extension: (Català Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-16]
FF Extension: (English (GB) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (Español (España) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-16]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (User Agent Switcher) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-04-22]
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2019-09-24]
FF Extension: (uBlock Origin) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\[email protected] [2020-05-29]
FF Extension: (Traducir páginas web) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2020-05-12]
FF Extension: (Startpage.com — Búsquedas privadas) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-11-14]
FF Extension: (Allow Right-Click) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2020-05-08]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2020-02-28]
FF Extension: (Sin Nombre) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{88ca97ee-69be-4604-bde1-1669f0dfe769}.xpi [2020-01-08]
FF Extension: (Firefox 3 Classic) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{9955ef03-99d6-40f4-b97b-ded88bb93f63}.xpi [2019-09-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-06-02]
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-05-13]
FF Extension: (DownThemAll!) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2020-04-28]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\5goeji2x.default-release [2020-06-08]
FF Homepage: Mozilla\Firefox\Profiles\5goeji2x.default-release -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\5goeji2x.default-release -> hxxps://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-05-14 07:44:13&bName=&bitmask=0300
FF Extension: (Startpage.com — Búsquedas privadas) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\5goeji2x.default-release\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-07-02]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 [2020-06-08]
FF DownloadDir: H:\.MULTIMEDIA\1 VIDEO\Documentales\Documentales FeR\K\Curso2
FF Homepage: Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 -> file:///C:/ProgramData/Snorlers/ff.HP
FF NetworkProxy: Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714 -> type", 0
FF Extension: (Avira Password Manager) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\[email protected] [2020-05-31]
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\[email protected] [2019-07-05]
FF Extension: (uBlock) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-04]
FF Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2019-06-18]
FF Extension: (Firefox 3 Classic) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{9955ef03-99d6-40f4-b97b-ded88bb93f63}.xpi [2019-05-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\m9f4ou2y.default-1394146220714\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2019-08-22]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default [2020-06-08]
FF DownloadDir: F:\Descargas\_Palemoon
FF Homepage: Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default -> hxxps://www.startpage.com/
FF NewTab: Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default -> about:newtab
FF Extension: (Adblock Latitude) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Classic Toolbar Buttons) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected]_Noia4dev.xpi [2019-09-11] [Heredado] [no firmado]
FF Extension: (Spanish) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-13] [Heredado] [no firmado]
FF Extension: (Español (España) Language Pack) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Pale Moon Locale Switcher) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\[email protected] [2019-09-11] [Heredado] [no firmado]
FF Extension: (Complete YouTube Saver) - C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2019-09-17] [Heredado] [no firmado]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\searchplugins\startpagecom---espaol.xml [2019-09-20]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\66vo6dwp.default\searchplugins\tpbtpbart.xml [2019-09-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-26] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-26] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
StartMenuInternet: Firefox-51BCC20A3763AB92 - C:\Mozilla Firefox32\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMChameleon" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208664 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483832 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483832 2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573256 2020-06-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S4 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Archivo no firmado]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [634632 2012-06-19] (Intel® Upgrade Service -> Intel(R) Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] (Intel(R) Smart Connect software -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel(R) Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation -> Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2019-06-21] () [Archivo no firmado]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-08-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [40304 2019-02-07] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-14] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 7615A470; C:\Windows\system32\drivers\7615A470.sys [255928 2020-05-31] (Malwarebytes Corporation -> Malwarebytes)
S3 AFXfilt; C:\Windows\System32\drivers\AFXfilt.sys [25088 2013-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21622784 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665088 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [17192 2011-05-10] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222168 2020-05-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [178720 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [178176 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [25088 2013-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [27008 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [21376 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14720 2019-12-09] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2020-05-11] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2020-05-09] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-07] (Glarysoft Ltd -> Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-06-03] (SurfRight B.V. -> )
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] (Intel(R) Smart Connect software -> )
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-24] (Kaspersky Lab -> Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
S1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [162464 2015-07-24] (Kaspersky Lab -> Kaspersky Lab ZAO)
S1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [633600 2020-04-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [218272 2015-07-24] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [915104 2015-07-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
S1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
S4 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2012-10-17] (LG Soft India) [Archivo no firmado]
S4 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [10752 2012-12-27] (LG Soft India) [Archivo no firmado]
S0 MBAMSwissArmy; C:\Windows\System32\drivers\mbamswissarmy.sys [248968 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2020-06-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2020-04-18] (Intel(R) Smart Connect software -> )

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-06-10 12:25 - 2020-06-10 12:25 - 000038940 _____ C:\Users\Usuario\Desktop\FRST.txt
2020-06-10 12:22 - 2020-06-10 12:22 - 002289152 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2020-06-10 12:20 - 2020-06-10 12:20 - 000000000 _____ C:\Users\Usuario\Desktop\FIXLIST.txt
2020-06-10 12:17 - 2020-06-10 12:23 - 000000000 ____D C:\Users\Usuario\Desktop\Infospy
2020-06-09 21:26 - 2020-06-09 21:27 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8
2020-06-09 21:26 - 2020-06-09 21:26 - 000000000 ____D C:\Users\Usuario\AppData\Local\Package Cache
2020-06-09 21:21 - 2020-06-09 22:50 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\qBittorrent
2020-06-09 21:21 - 2020-06-09 21:33 - 000000000 ____D C:\Program Files\qBittorrent
2020-06-09 21:21 - 2020-06-09 21:27 - 000000000 ____D C:\Users\Usuario\AppData\Local\qBittorrent
2020-06-09 21:21 - 2020-06-09 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-06-08 22:50 - 2020-06-08 22:50 - 000000670 _____ C:\Users\Usuario\Desktop\Ut.txt
2020-06-08 20:28 - 2020-06-08 20:31 - 000461240 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2020-06-08 20:27 - 2020-06-08 20:28 - 000430818 _____ C:\Windows\system32\Drivers\vsconfig.xml
2020-06-08 20:27 - 2020-06-08 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2020-06-08 20:10 - 2015-07-24 20:56 - 000478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2020-06-08 20:10 - 2015-07-24 20:56 - 000218272 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2020-06-08 19:59 - 2020-06-08 20:31 - 000000000 ____D C:\ProgramData\CheckPoint
2020-06-08 19:59 - 2020-06-08 20:31 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2020-06-08 19:45 - 2020-06-08 19:45 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1155537F.sys
2020-06-08 19:42 - 2020-06-08 19:42 - 004531659 _____ C:\Users\Usuario\bookmarks.html
2020-06-08 14:48 - 2020-06-08 14:50 - 006599835 _____ C:\Users\Usuario\Desktop\Denuncia080620.pdf
2020-06-08 14:46 - 2020-06-08 14:46 - 002247765 _____ C:\Users\Usuario\Desktop\UNED_JUNIO2020.pdf
2020-06-08 09:17 - 2020-06-08 09:17 - 026748710 _____ C:\Users\Usuario\Desktop\IOMR.zip
2020-06-08 01:37 - 2020-06-08 02:14 - 000000000 ____D C:\KVRT_Data
2020-06-08 01:10 - 2020-06-08 01:10 - 000236590 _____ C:\Users\Usuario\Desktop\EO.txt
2020-06-07 23:39 - 2020-06-07 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auslogics
2020-06-07 23:39 - 2020-06-07 23:39 - 000000000 ____D C:\ProgramData\Auslogics
2020-06-07 23:39 - 2020-06-07 23:39 - 000000000 ____D C:\Program Files (x86)\Auslogics
2020-06-07 13:24 - 2020-06-07 13:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2020-06-06 18:33 - 2020-06-07 13:22 - 000000000 ____D C:\Users\Usuario\Desktop\Openbank 060620
2020-06-06 12:11 - 2020-06-06 12:11 - 000000000 ____D C:\Users\Public\Speedup Sessions
2020-06-04 21:43 - 2020-06-04 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2020-06-04 17:50 - 2020-06-04 17:50 - 000000000 ____D C:\Users\Usuario\Documents\ProcAlyzer Dumps
2020-06-04 17:45 - 2020-06-04 17:46 - 000000000 ____D C:\Users\Usuario\Documents\Procura
2020-06-04 17:42 - 2020-06-03 10:08 - 000453922 _____ C:\Windows\system32\Drivers\etc\hosts.20200604-174232.backup
2020-06-04 16:41 - 2020-06-08 19:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-06-04 16:41 - 2020-06-04 16:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\55631361.sys
2020-06-04 15:48 - 2020-06-06 11:53 - 000000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3736251313-4123297334-1401593606-1000.job
2020-06-04 15:48 - 2020-06-06 11:53 - 000000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3736251313-4123297334-1401593606-1000.job
2020-06-04 15:48 - 2020-06-04 22:27 - 000003686 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-3736251313-4123297334-1401593606-1000
2020-06-04 15:48 - 2020-06-04 22:27 - 000003590 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-3736251313-4123297334-1401593606-1000
2020-06-04 15:48 - 2020-06-04 15:48 - 000000000 ____D C:\Users\Usuario\AppData\Local\GoToMeeting
2020-06-03 10:08 - 2020-06-03 10:02 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts.20200603-100809.backup
2020-06-03 09:42 - 2020-06-03 09:42 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2020-06-03 09:34 - 2020-06-03 09:38 - 000000000 ____D C:\Program Files (x86)\Vozi
2020-06-03 08:38 - 2020-06-03 10:01 - 000000000 ____D C:\Users\Usuario\Desktop\FRST-OlderVersion
2020-06-03 08:31 - 2020-06-03 08:31 - 000000261 _____ C:\Users\Usuario\Desktop\DelFix.txt
2020-06-03 08:30 - 2020-06-03 08:30 - 000000261 _____ C:\DelFix.txt
2020-06-03 08:30 - 2020-06-03 08:30 - 000000000 ____D C:\Windows\ERUNT
2020-06-03 08:29 - 2020-06-03 08:29 - 000797760 _____ C:\Users\Usuario\Desktop\delfix.exe
2020-06-02 09:28 - 2020-06-02 09:12 - 000774178 _____ C:\Windows\system32\Drivers\etc\hosts.20200602-092849.backup
2020-06-02 09:27 - 2020-06-02 09:12 - 000774178 _____ C:\Windows\system32\Drivers\etc\hosts.20200602-092759.backup
2020-06-02 09:01 - 2020-06-02 09:11 - 000000000 ____D C:\Users\Usuario\Doctor Web
2020-06-02 09:01 - 2020-06-02 09:01 - 000000000 ____D C:\ProgramData\Doctor Web
2020-06-02 03:41 - 2020-06-08 20:45 - 000000000 ____D C:\Users\Usuario\Documents\Cleaner_reg
2020-06-02 00:26 - 2020-06-02 00:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7771029A.sys
2020-06-02 00:07 - 2020-06-02 00:07 - 000000000 ___HD C:\kleaner.tmp
2020-06-01 21:19 - 2020-06-01 21:19 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2F34A303.sys
2020-06-01 21:11 - 2020-06-04 22:27 - 000000000 ____D C:\Users\Usuario\Desktop\Virus 310620
2020-06-01 19:15 - 2020-06-01 19:15 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-06-01 19:15 - 2020-06-01 19:15 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-06-01 19:15 - 2020-06-01 19:15 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-06-01 19:15 - 2020-06-01 19:15 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-06-01 19:15 - 2020-06-01 19:15 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb
2020-06-01 19:15 - 2020-06-01 19:15 - 000012288 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-06-01 19:15 - 2020-06-01 19:15 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-06-01 19:15 - 2020-06-01 19:15 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-wal
2020-06-01 19:15 - 2020-06-01 19:15 - 000000000 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-06-01 18:40 - 2020-06-02 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2020-06-01 18:40 - 2020-06-02 00:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-06-01 18:40 - 2020-06-02 00:12 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2020-06-01 18:40 - 2020-06-01 18:40 - 000000000 ____D C:\Program Files\Common Files\AV
2020-06-01 18:40 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2020-06-01 18:23 - 2020-06-01 18:23 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\212B5420.sys
2020-06-01 16:46 - 2020-06-01 16:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010
2020-06-01 16:14 - 2020-06-09 19:42 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2020-06-01 16:14 - 2020-06-01 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2020-06-01 16:14 - 2009-03-24 13:52 - 000129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2020-06-01 13:11 - 2020-06-01 18:09 - 000000000 ____D C:\Windows\CryptoGuard
2020-06-01 13:11 - 2020-06-01 15:43 - 001215072 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2020-06-01 13:11 - 2020-06-01 15:43 - 001017184 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2020-06-01 13:08 - 2020-06-01 18:03 - 000000000 ____D C:\Program Files\Sophos
2020-06-01 12:33 - 2020-06-01 18:00 - 000000000 ____D C:\ProgramData\Sophos
2020-05-31 20:00 - 2020-05-31 20:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7615A470.sys
2020-05-31 19:36 - 2020-05-31 19:36 - 026839448 _____ C:\Users\Usuario\Micer_Rabasa_Ctto_INES_OLMOS.pdf
2020-05-31 19:36 - 2020-05-31 19:36 - 026839448 _____ C:\Users\Usuario\Desktop\IOMR.pdf
2020-05-31 06:05 - 2020-05-31 06:05 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-05-31 05:48 - 2020-05-31 05:48 - 000000000 ____D C:\Windows\SysWOW64\GPUCache
2020-05-31 05:40 - 2020-05-31 05:40 - 000000000 ____D C:\Users\Usuario\AppData\Local\AviraSpeedup
2020-05-31 05:39 - 2020-05-31 05:39 - 000000000 ____D C:\Users\Usuario\AppData\Local\Avira
2020-05-31 05:18 - 2020-06-06 12:10 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2020-05-31 05:18 - 2020-05-31 05:18 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2020-05-31 05:18 - 2020-05-31 05:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2020-05-31 05:18 - 2020-05-13 14:31 - 000222168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2020-05-31 05:18 - 2020-04-30 12:37 - 000178720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2020-05-31 05:18 - 2019-06-07 15:09 - 000068152 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000036072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2020-05-31 05:18 - 2019-03-20 19:50 - 000035376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2020-05-31 05:16 - 2020-05-31 06:10 - 000000000 ____D C:\Program Files (x86)\Avira
2020-05-31 05:16 - 2020-05-31 06:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-05-31 05:03 - 2020-06-01 18:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-05-31 02:02 - 2020-05-31 02:30 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-31 00:02 - 2020-05-31 00:03 - 000218924 _____ C:\TDSSKiller.3.1.0.28_31.05.2020_00.02.25_log.txt
2020-05-31 00:00 - 2020-05-31 00:00 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\1424F626.sys
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\GHISLER
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\Users\Usuario\AppData\Local\GHISLER
2020-05-30 23:30 - 2020-05-30 23:30 - 000000000 ____D C:\totalcmd
2020-05-30 23:02 - 2020-05-30 23:02 - 005553104 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2020-05-30 23:00 - 2020-05-30 23:00 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2020-05-30 22:49 - 2020-05-30 22:57 - 000000740 _____ C:\Windows\system32\.crusader
2020-05-30 22:45 - 2020-05-30 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2020-05-30 22:44 - 2020-05-30 23:19 - 000000000 ____D C:\ProgramData\HitmanPro
2020-05-30 22:44 - 2020-05-30 22:45 - 000000000 ____D C:\Program Files\HitmanPro
2020-05-30 21:55 - 2020-05-31 02:30 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2020-05-30 21:55 - 2020-05-30 21:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\cache
2020-05-30 21:49 - 2020-05-31 02:18 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2020-05-30 21:46 - 2020-06-10 12:25 - 000000000 ____D C:\FRST
2020-05-30 21:44 - 2020-05-31 00:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-30 21:41 - 2020-05-30 21:41 - 000000000 ____D C:\ProgramData\mb3migration
2020-05-30 21:08 - 2020-05-31 02:31 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-30 21:05 - 2020-05-30 21:05 - 000000264 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2020-05-30 20:43 - 2020-05-14 23:50 - 000458998 _____ C:\Windows\system32\Drivers\etc\hosts.20200530-204332.backup
2020-05-30 19:59 - 2020-05-30 19:59 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Python
2020-05-30 19:54 - 2020-05-30 19:54 - 000000000 ____D C:\Users\Usuario\AppData\Local\app
2020-05-30 19:53 - 2020-05-30 20:10 - 000000000 ____D C:\Users\Usuario\AppData\Local\inetinfoservice
2020-05-30 13:25 - 2020-05-30 13:25 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Ant.com
2020-05-30 11:15 - 2020-05-30 11:15 - 000000000 ____D C:\ProgramData\Riate
2020-05-30 11:14 - 2020-05-30 11:14 - 000000000 ____D C:\ProgramData\Odc
2020-05-30 11:13 - 2020-05-30 21:17 - 000000000 ____D C:\ProgramData\Aue
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\NVIDIA
2020-05-30 11:13 - 2020-05-30 11:13 - 000000000 ____D C:\ProgramData\Nec
2020-05-30 09:20 - 2020-05-30 21:17 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\SysHost
2020-05-19 07:29 - 2020-05-19 07:29 - 000211048 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2020-05-19 07:29 - 2020-05-19 07:29 - 000145504 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2020-05-19 07:29 - 2020-05-19 07:29 - 000079768 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys
2020-05-19 07:29 - 2020-05-19 07:29 - 000079760 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klkbdflt.sys
2020-05-15 02:40 - 2020-05-15 02:40 - 000000000 ____D C:\Program Files (x86)\33download.com
2020-05-15 02:30 - 2020-05-15 02:36 - 000000000 ____D C:\Users\Usuario\Documents\EGDownloads
2020-05-15 02:26 - 2020-05-15 02:35 - 000000000 ____D C:\Users\Usuario\AppData\Local\luminati
2020-05-14 21:44 - 2020-05-14 22:00 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\QtProject
2020-05-14 21:44 - 2019-11-08 10:15 - 003600896 _____ C:\Windows\system32\pwNative.exe
2020-05-14 21:44 - 2019-11-08 10:15 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2020-05-14 21:44 - 2019-11-08 10:15 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2020-05-14 21:43 - 2020-05-29 19:39 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2020-05-14 21:43 - 2020-05-15 00:04 - 000003190 _____ C:\Windows\system32\Tasks\MiniToolPartitionWizard
2020-05-14 21:43 - 2020-05-14 21:44 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2020-05-14 21:43 - 2020-05-14 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2020-05-14 21:36 - 2020-05-14 21:36 - 000000000 ____D C:\Program Files\LSoft Technologies
2020-05-12 01:11 - 2020-05-12 01:11 - 000000000 ____D C:\Users\Usuario\Documents\Victoria476b

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-06-10 12:25 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-10 12:25 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-10 12:23 - 2011-04-12 11:10 - 000765916 _____ C:\Windows\system32\perfh00A.dat
2020-06-10 12:23 - 2011-04-12 11:10 - 000165156 _____ C:\Windows\system32\perfc00A.dat
2020-06-10 12:23 - 2009-07-14 07:13 - 001715506 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-10 12:23 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\inf
2020-06-10 12:22 - 2013-11-08 11:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeraCopy
2020-06-10 12:18 - 2020-05-09 09:36 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2020-06-10 12:18 - 2018-12-12 13:11 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2020-06-10 12:17 - 2013-07-26 14:18 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2020-06-10 12:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-09 21:38 - 2014-07-28 18:16 - 000000000 ____D C:\Program Files (x86)\uTorrent
2020-06-09 21:38 - 2013-11-09 21:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2020-06-09 21:38 - 2013-07-26 12:38 - 000000000 ____D C:\ProgramData\TEMP
2020-06-09 21:26 - 2014-08-22 15:51 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-09 15:06 - 2013-08-01 17:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2020-06-09 14:01 - 2020-04-17 12:09 - 000000000 ____D C:\Mozilla Firefox32
2020-06-08 22:00 - 2019-09-13 10:03 - 000072192 ___SH C:\Users\Usuario\Thumbs.db
2020-06-08 21:45 - 2013-07-27 14:22 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2020-06-08 21:41 - 2009-10-01 22:31 - 000000000 ____D C:\Users\Usuario\Desktop\Nudos de corbata
2020-06-08 20:45 - 2013-07-26 12:41 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2020-06-08 20:45 - 2013-07-26 10:33 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-06-08 19:49 - 2019-07-05 20:22 - 000000000 ____D C:\Users\Usuario\Documents\Negocios
2020-06-08 19:42 - 2013-07-25 20:31 - 000000000 ____D C:\Users\Usuario
2020-06-08 14:51 - 2019-09-05 23:47 - 000000000 ____D C:\VueScan
2020-06-04 21:45 - 2013-07-26 10:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2020-06-04 21:34 - 2013-08-01 00:12 - 000002993 ____H C:\Windows\wininit.ini
2020-06-04 18:01 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-06-04 17:46 - 2019-09-02 03:27 - 000000000 ____D C:\Users\Usuario\Desktop\Máster de acceso a la Procura
2020-06-04 17:42 - 2009-07-14 04:34 - 000453980 ____R C:\Windows\system32\Drivers\etc\hosts.20200604-214701.backup
2020-06-04 16:55 - 2019-02-25 01:04 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-06-03 10:08 - 2009-07-14 04:34 - 000453922 ____R C:\Windows\system32\Drivers\etc\hosts.20200604-170002.backup
2020-06-03 09:36 - 2018-12-13 13:59 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\EurekaLog
2020-06-03 08:40 - 2013-07-29 22:55 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-06-03 08:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-06-02 09:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2020-06-02 09:28 - 2009-07-14 04:34 - 001227890 ____R C:\Windows\system32\Drivers\etc\hosts.20200602-094044.backup
2020-06-01 21:16 - 2019-09-28 13:19 - 000000000 ____D C:\Users\Usuario\Documents\Inés
2020-06-01 21:14 - 2018-12-24 22:37 - 000000000 ____D C:\Users\Usuario\Desktop\Auxilio
2020-06-01 21:13 - 2020-04-29 08:54 - 000000000 ____D C:\Users\Usuario\Desktop\Sotya
2020-06-01 18:23 - 2019-01-26 04:31 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\foobar2000
2020-06-01 16:47 - 2013-07-26 12:38 - 000001228 _____ C:\Users\Usuario\Desktop\Your Uninstaller!.lnk
2020-06-01 16:45 - 2013-07-26 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010
2020-06-01 15:20 - 2019-01-19 13:33 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-06-01 13:51 - 2019-01-31 23:35 - 000000000 ____D C:\Users\boinc_master
2020-06-01 12:48 - 2009-07-14 04:34 - 000458998 ____R C:\Windows\system32\Drivers\etc\hosts.20200602-002056.backup
2020-05-31 06:08 - 2013-07-26 10:45 - 000000000 ____D C:\ProgramData\Avira
2020-05-31 06:04 - 2016-02-26 11:54 - 000000000 ____D C:\Program Files (x86)\ClamWin
2020-05-31 05:35 - 2009-07-14 06:45 - 000423984 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-31 05:22 - 2013-07-25 20:43 - 000114512 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2020-05-31 02:21 - 2009-07-14 04:34 - 000458998 ____R C:\Windows\system32\Drivers\etc\hosts.20200601-124834.backup
2020-05-30 21:48 - 2018-12-10 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-30 21:18 - 2013-07-25 20:32 - 000001431 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-05-30 20:43 - 2009-07-14 04:34 - 000458998 ____R C:\Windows\system32\Drivers\etc\hosts.20200531-022139.backup
2020-05-30 20:41 - 2019-01-23 22:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\Downloaded Installations
2020-05-30 19:45 - 2019-12-29 21:19 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-05-30 19:44 - 2012-08-22 09:35 - 000000000 ____D C:\Windows\pss
2020-05-30 11:50 - 2013-07-27 14:09 - 000000000 ____D C:\Users\Usuario\dwhelper
2020-05-29 11:08 - 2009-07-14 07:08 - 000032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-05-26 18:47 - 2013-07-26 13:00 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2020-05-26 18:47 - 2013-07-26 11:09 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-05-26 18:47 - 2013-07-26 11:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-05-26 18:47 - 2013-07-26 11:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-26 18:47 - 2013-07-26 11:09 - 000000000 ____D C:\Windows\system32\Macromed
2020-05-18 13:24 - 2013-07-26 10:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-05-11 18:07 - 2020-05-09 12:12 - 000032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS

==================== Archivos en la raíz de algunos directorios ========

2020-05-09 09:32 - 2020-05-09 09:32 - 489039748 _____ () C:\Users\Usuario\Todo.reg
2019-01-11 00:22 - 2019-01-11 01:22 - 000007859 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.cat
2019-01-11 00:22 - 2019-01-11 01:22 - 000001167 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.inf
2019-01-11 00:22 - 2019-01-11 01:22 - 000000055 _____ () C:\Users\Usuario\AppData\Roaming\pcouffin.log
2019-10-12 21:52 - 2019-10-12 21:55 - 000004603 _____ () C:\Users\Usuario\AppData\Roaming\VoiceMeeterDefault.xml
2019-01-23 23:39 - 2019-01-23 23:39 - 000000001 _____ () C:\Users\Usuario\AppData\Local\llftool.4.40.agreement
2019-01-23 23:39 - 2019-01-23 23:39 - 000000019 _____ () C:\Users\Usuario\AppData\Local\llftool.license
2020-04-24 10:40 - 2020-04-24 10:40 - 000000762 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel
2014-08-12 11:15 - 2019-05-09 11:47 - 000007644 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2020-06-06 14:02
==================== Final de FRST.txt ========================

ferdv77 · 10 Junio, 2020 10:44


Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 06-06-2020
Ejecutado por Usuario (10-06-2020 12:26:08)
Ejecutado desde C:\Users\Usuario\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-07-25 18:31:53)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-3736251313-4123297334-1401593606-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3736251313-4123297334-1401593606-1004 - Limited - Enabled)
Invitado (S-1-5-21-3736251313-4123297334-1401593606-501 - Limited - Disabled)
Usuario (S-1-5-21-3736251313-4123297334-1401593606-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Avira Antivirus (Disabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AV: Kaspersky Security Cloud (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Security Cloud (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Avira Antivirus (Disabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Reader 9.5.5 - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIDA64 Business Edition v2.85 (HKLM-x32\...\AIDA64 Business Edition_is1) (Version: 2.85 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{8C1DA63E-3B80-46B5-64CC-8BE27A0C3FB4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ant Video downloader (Native messaging host) (HKLM-x32\...\{41A57734-2ED5-449A-BAF0-F0B356417716}) (Version: 4.7 - Ant.com)
Arasan 21.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Argente Utilities 1.0.6.2 (HKLM-x32\...\Argente Utilities_is1) (Version: 1.0.6.2 - Argente Software)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.3.1.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2006.1895 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.2.0.1945 - Avira Operations GmbH & Co. KG)
Bigasoft Total Video Converter 4.2.5.5242 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
calibre (HKLM-x32\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
CrystalDiskMark 6.0.2 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.2 - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Descargar de Antena 3 versión 1.0 (HKLM-x32\...\{B58E7A36-09A3-4514-9020-EA8D5AE2F92F}_is1) (Version: 1.0 - Televisión a la carta)
DreamChess 0.2.0 (HKLM-x32\...\DreamChess) (Version:  - )
Dual Smart Solution (HKLM-x32\...\{E61F7C73-277C-44CE-87C4-B574BF0F3803}) (Version: 2.7 - LG Soft India Pvt Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
foobar2000 v1.4.2 (HKLM-x32\...\foobar2000) (Version: 1.4.2 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Free PDF Compressor (HKLM-x32\...\{BFA49A14-EC18-4071-BC13-B43043B09222}_is1) (Version:  - freepdfcompressor.com)
FreeUndelete 2.1.36867.1 (HKLM-x32\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
gbrainy 2.06 (HKLM-x32\...\gbrainy) (Version: 2.06 - )
Glary Utilities 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd)
GoToMeeting 10.9.1.17359 (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\GoToMeeting) (Version: 10.9.1.17359 - LogMeIn, Inc.)
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.2 - HexChat)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Información del sistema de Creative (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Inkscape 0.92.5 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.5.0 - Inkscape project)
Instalable DNIe (HKLM\...\{D2CE0562-13E0-4FC9-85F2-CA3D0392310E}) (Version: 14.0.2 - Cuerpo Nacional de Policía)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{882BDE19-AA38-4442-964D-7D34BFBB091A}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.63 - IVONA Software Sp. z o.o.)
Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junior Icon Editor (HKLM-x32\...\Junior Icon Editor) (Version: 4.37 - SibCode)
Kodi (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Kodi) (Version:  - XBMC Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Loquendo TTS: Carmen (Spanish) (HKLM-x32\...\LoqTTS-Carmen_is1) (Version:  - )
Loquendo TTS: Diego (Spanish) (HKLM-x32\...\LoqTTS-Diego_is1) (Version:  - )
Loquendo TTS: Esperanza (Spanish-Mexican) (HKLM-x32\...\LoqTTS-Esperanza_is1) (Version:  - )
Loquendo TTS: Francisca (Spanish-Chilean) (HKLM-x32\...\LoqTTS-Francisca_is1) (Version:  - )
Loquendo TTS: Jorge (Spanish) (HKLM-x32\...\LoqTTS-Jorge_is1) (Version:  - )
Loquendo TTS: Juan (Spanish) (HKLM-x32\...\LoqTTS-Juan_is1) (Version:  - )
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
MiniTool Partition Wizard Free 12 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Firefox 76.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 76.0.1 (x86 es-ES)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OneClickFirewall (HKLM\...\OneClickFirewall) (Version: 1.0.0.2 - hxxp://winaero.com)
Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Python 3.8.1 (64-bit) (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\{edfa99b7-1514-493a-aeaf-a37eeec724d2}) (Version: 3.8.1150.0 - Python Software Foundation)
Python 3.8.1 Core Interpreter (64-bit) (HKLM\...\{F94E2016-28A6-4FCC-B5A1-D2D9757AF26A}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Development Libraries (64-bit) (HKLM\...\{913F572C-BF38-4E44-9065-7E1B024D43FB}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Documentation (64-bit) (HKLM\...\{3FE61A1E-16AE-4702-81A6-C9F6CE3586EB}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Executables (64-bit) (HKLM\...\{D6160A7A-D48F-48A6-8E5D-FECBE5901D82}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 pip Bootstrap (64-bit) (HKLM\...\{912206BD-EA52-4586-8A89-BD7716E5BD50}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Standard Library (64-bit) (HKLM\...\{7E83F4DD-B376-4158-90C3-4E9AE54D0AB3}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Tcl/Tk Support (64-bit) (HKLM\...\{96BBA29C-F949-4DF7-9221-EEE7F7D66377}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Test Suite (64-bit) (HKLM\...\{64A5FC80-95DB-4CA0-AA8A-C4D652BBC96E}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python 3.8.1 Utility Scripts (64-bit) (HKLM\...\{F0D5C7E7-4ECE-425F-BD33-8091DB57A31F}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{41A9BB87-60B8-47C3-BB79-6EC186827EC7}) (Version: 3.8.6925.0 - Python Software Foundation)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
RealSpeak Solo para Castellano, Isabel (HKLM-x32\...\{3D263D43-FFA4-4B03-9663-6868AABC1AFC}) (Version: 4.00.0000 - ScanSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
RecordPad, grabadora de audio (HKLM-x32\...\Recordpad) (Version: 7.06 - NCH Software)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Sp5 (HKLM-x32\...\{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (HKLM-x32\...\{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}) (Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (HKLM-x32\...\{E415C943-37E5-473F-8BAE-043C56734124}) (Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (HKLM-x32\...\{6C3959C6-943E-44B3-BAAD-570B04B134E5}) (Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (HKLM-x32\...\{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}) (Version: 6.0.3122.0 - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot Anti-Beacon (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 2.1 - Safer-Networking Ltd.)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
SSD Utility (HKLM-x32\...\{83C7BFA7-172B-45B3-B339-C66B6F370344}) (Version: 3.1.3276 - Toshiba Memory Corporation)
System Stability Tester (win64) (HKLM\...\{17D407A5-AC63-4367-8032-9EB0C9307EDA}) (Version: 1.5.1 - (c) 2005-2012 Lucas Tsatiris)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Tetris (HKLM-x32\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.41 - Crystal Office Systems)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.29 - VSO Software)
VueScan (HKLM\...\VueScan) (Version:  - )
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (04/08/2018 1.0.2.8) (HKLM\...\7B3391C6362BF89258FE123715A1CB82A8286DF6) (Version: 04/08/2018 1.0.2.8 - Dirección General de la Policía)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Data Recovery(Build 6.2.1.0) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.2.1.0 - Wondershare Software Co.,Ltd.)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
ZoneAlarm Antivirus (HKLM-x32\...\{C09F780D-FB1F-4AA2-8C91-A50CCB21EEFD}) (Version: 14.0.508.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6E211806-E08D-4262-925D-22D64B47A875}) (Version: 14.0.508.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.508.000 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{03A3594F-F081-46BB-A366-C654EC5508C2}) (Version: 14.0.508.000 - Check Point Software Technologies Ltd.) Hidden

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GoToMeeting\17359\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [Archivo no firmado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ningún archivo
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2014-09-29] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-06-01] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [Archivo no firmado]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-05-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ningún archivo

==================== Codecs (Lista blanca) ====================

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Módulos cargados (Lista blanca) =============

2013-07-25 20:42 - 2012-05-30 14:55 - 000059904 _____ ( () [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000007168 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000032768 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IAStorIcon.resources.dll
2013-07-25 20:42 - 2012-05-30 14:56 - 000004608 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\es-ES\IntelVisualDesign.resources.dll
2013-07-25 20:42 - 2012-05-30 14:55 - 000176128 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2013-07-25 20:42 - 2012-05-30 14:55 - 001319424 _____ ( (Intel Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ ( (Microsoft Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2013-07-25 20:43 - 2013-07-25 20:43 - 000225280 _____ ( (Microsoft Corporation) [Archivo no firmado])  [El archivo está en uso ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2013-11-08 11:18 - 2017-03-14 17:51 - 001714688 _____ () [Archivo no firmado] C:\Program Files\TeraCopy\TeraCopy64.dll
2013-11-08 11:18 - 2011-10-26 19:41 - 000318976 _____ () [Archivo no firmado] C:\Program Files\TeraCopy\TeraCopyExt64.dll
2019-07-02 20:26 - 2019-07-02 20:26 - 000172544 ____H () [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\59287b78c3ec80a796fc72e83bac8716\IsdiInterop.ni.dll
2015-08-04 01:14 - 2015-08-04 01:14 - 000004608 _____ (Advanced Micro Devices, Inc.) [Archivo no firmado] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamesp.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll
2019-07-02 20:26 - 2019-07-02 20:26 - 000014336 ____H (Intel Corp.) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f39005543919a2bd9bbf96f2173ba9d\IAStorCommon.ni.dll
2013-07-25 20:42 - 2012-05-30 14:43 - 000279552 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2013-07-25 20:44 - 2013-07-18 10:42 - 000073728 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-05-09 09:47 - 2020-05-09 09:47 - 000229376 _____ (Intel Corporation) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\969c90941cf6f8fe7fec9da7cf0d5ad3\IAStorDataMgr.ni.dll
2020-05-09 09:47 - 2020-05-09 09:47 - 000489472 _____ (Intel Corporation) [Archivo no firmado] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c7e9c41295d9d7a77590986b08fac83\IAStorUtil.ni.dll
2015-08-11 03:38 - 2015-08-11 03:38 - 000986112 _____ (Microsoft Corporation) [Archivo no firmado] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2020-05-31 05:18 - 2020-05-31 05:18 - 000913920 _____ (ServiceStack) [Archivo no firmado] C:\Windows\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\1c451b416fc7b4c8b1ecd15a4bb91187\ServiceStack.Text.ni.dll
2017-02-12 02:28 - 2015-09-28 20:08 - 000255488 _____ (Sysprogs OU) [Archivo no firmado] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Hay 7947 más sitios.

IE trusted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\1-2005-search.com -> www.1-2005-search.com

Hay 12764 más sitios.


==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-14 04:34 - 2020-06-04 17:42 - 000453980 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Hay 15607 más lineas.


2015-03-19 21:02 - 2015-03-19 21:02 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Users\Usuario\AppData\Local\Smartbar\Application\;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AVP20.0 => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeraCopyService => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dual Smart Solution.lnk => C:\Windows\pss\Dual Smart Solution.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Guard.lnk => C:\Windows\pss\Guard.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartClock.lnk => C:\Windows\pss\SmartClock.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: agt7me => rundll32.exe "C:\Program Files (x86)\agt7me\agt7me.dll",agt7me
MSCONFIG\startupreg: Clam Sentinel => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
MSCONFIG\startupreg: ClamWin => "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
MSCONFIG\startupreg: Eraser => "C:\Program Files\Eraser\Eraser.exe" -atRestart
MSCONFIG\startupreg: FastAccess Web Alert => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: MTPW => "C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe"
MSCONFIG\startupreg: MTSM => "C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe" --auto
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => C:\Users\Usuario\AppData\Roaming\NVIDIA\dllhost.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{79C3168E-9CF4-4830-87DD-98BDE43CD5EA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{AFE0C61C-6A36-44CC-AF79-C0CFB80CC871}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{5CFA12E2-563C-47EC-BD5C-42FC54DFE676}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{B6C189FC-9523-4D9E-8CDD-B34568AF81BA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{8D591030-ACCF-4E74-8191-754B860C86CB}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Archivo no firmado]
FirewallRules: [{B69D8E64-218C-4D18-ABC6-0CD57A2D574B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Archivo no firmado]

==================== Puntos de Restauración =========================

09-06-2020 15:06:23 Punto de control programado
09-06-2020 21:26:35 Python 3.8.1 (64-bit)

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: kldisk
Description: kldisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: kldisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: KLwtp - WFP callout traffic inspector
Description: KLwtp - WFP callout traffic inspector
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: klwtp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (06/10/2020 12:18:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/09/2020 08:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: vsmon.exe, versión: 14.0.508.0, marca de tiempo: 0x55c9573c
Nombre del módulo con errores: MSVCR90.dll, versión: 9.0.30729.6161, marca de tiempo: 0x4dace5b9
Código de excepción: 0xc0000417
Desplazamiento de errores: 0x0006ccd5
Id. del proceso con errores: 0x630
Hora de inicio de la aplicación con errores: 0x01d63e853b372b97
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
Ruta de acceso del módulo con errores: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Id. del informe: 2d8d01da-aa7b-11ea-8e45-bc5ff46df346

Error: (06/09/2020 07:42:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/09/2020 01:51:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/08/2020 11:58:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/08/2020 08:33:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/08/2020 08:26:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/08/2020 08:24:19 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Usuario-PC)
Description: No se pudo cerrar la aplicación o el servicio 'ZoneAlarm Privacy Service'.


Errores del sistema:
=============
Error: (06/10/2020 12:18:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
klbackupflt
klgse
klwtp

Error: (06/10/2020 12:17:28 PM) (Source: klgse) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/10/2020 12:17:28 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (06/09/2020 08:54:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (06/09/2020 08:51:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (06/09/2020 08:47:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (06/09/2020 08:45:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (06/09/2020 08:45:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.


Windows Defender:
===================================
Date: 2019-02-13 23:15:30.657
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{3C965762-5C7F-47DF-9CF1-A8B03F6DBCC1}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Usuario-PC\Usuario

Date: 2019-01-26 22:53:23.890
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=207199
Nombre:BrowserModifier:Win32/KipodToolsCby
Id.:207199
Gravedad:Alta
Categoría:Modificador de explorador
Ruta de acceso encontrada:containerfile:I:\WesternDigitalHD\LG HD\Titín\Downloads\iLividSetupV1.exe;file:I:\WesternDigitalHD\LG HD\Titín\Downloads\iLividSetupV1.exe->(7zSfx)->iLividSetupV1.res->InstallHelper.dll
Tipo de detección:Concreto
Origen de detección:Sistema
Estado:Desconocido
Usuario:NT AUTHORITY\SYSTEM
Nombre de proceso:

Date: 2018-12-21 16:13:50.853
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{03012458-2A46-449C-83D1-8DC292373FDE}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:Usuario-PC\Usuario

CodeIntegrity:
===================================

Date: 2020-05-15 02:32:01.983
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.917
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.856
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.795
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.738
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.678
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.620
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2020-05-15 02:32:01.560
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\eagleGet.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. P1.00 08/22/2012
Placa base: ASRock B75M-GL R2.0
Procesador: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Porcentaje de memoria en uso: 54%
RAM física total: 7394.81 MB
RAM física disponible: 3368.25 MB
Virtual total: 7392.95 MB
Virtual disponible: 3137.41 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:13.42 GB) NTFS
Drive d: (Toshiba 2GB) (Fixed) (Total:1863.01 GB) (Free:118.94 GB) NTFS
Drive f: (SO) (Fixed) (Total:97.66 GB) (Free:28.37 GB) NTFS
Drive g: (Backup) (Fixed) (Total:833.85 GB) (Free:20.31 GB) NTFS
Drive i: (Toshiba1000) (Fixed) (Total:931.51 GB) (Free:707.28 GB) NTFS

\\?\Volume{bf7ad58a-f54f-11e2-af5f-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1CBECC65)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 0A5624AB)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.8 GB) - (Type=0F Extended)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0631EE4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================

Daniela · 14 Junio, 2020 23:23

Hola

Descarga, instala y ejecuta Revo Uninstaller

Desinstala SpyBot. Elige el modo avanzado de desinstalación.

Tienes dos antivirus, Kasperski y Avira, desinstala uno de ellos con su herramienta:

MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe( en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Run: [] => [X]
Task: {3DD391BE-E64D-449B-874E-31DC302907F8} - \{A4F6DD8F-01B6-4956-8BC1-662F14150094} -> Ningún archivo <==== ATENCIÓN
Task: {FAE500C1-5C4B-4598-ABA5-3590E6F3B704} - \{94B9516E-4183-4012-8D5C-2D9CA7BF5E80} -> Ningún archivo <==== ATENCIÓN
BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ningún archivo
BHO-x32: Sin Nombre -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> Ningún archivo
BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ningún archivo
Toolbar: HKLM - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ningún archivo
Toolbar: HKLM-x32 - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ningún archivo
FF Extension: (Sin Nombre) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{88ca97ee-69be-4604-bde1-1669f0dfe769}.xpi [2020-01-08]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMChameleon" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCIÓN
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCIÓN (Rootkit!/Servicio bloqueado)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ningún archivo
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ningún archivo
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Inicia en modo seguro para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX/Corregir y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

ferdv77 · 15 Junio, 2020 22:36


Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 06-06-2020
Ejecutado por Usuario (16-06-2020 00:31:37) Run:6
Ejecutado desde C:\Users\Usuario\Desktop
Perfiles cargados: Usuario
Modo de Inicio: Safe Mode (minimal)
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricci�n <==== ATENCI�N
HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\...\Run: [] => [X]
Task: {3DD391BE-E64D-449B-874E-31DC302907F8} - \{A4F6DD8F-01B6-4956-8BC1-662F14150094} -> Ning�n archivo <==== ATENCI�N
Task: {FAE500C1-5C4B-4598-ABA5-3590E6F3B704} - \{94B9516E-4183-4012-8D5C-2D9CA7BF5E80} -> Ning�n archivo <==== ATENCI�N
BHO-x32: Sin Nombre -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Ning�n archivo
BHO-x32: Sin Nombre -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> Ning�n archivo
BHO-x32: Sin Nombre -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Ning�n archivo
Toolbar: HKLM - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ning�n archivo
Toolbar: HKLM-x32 - Sin Nombre - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Ning�n archivo
FF Extension: (Sin Nombre) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{88ca97ee-69be-4604-bde1-1669f0dfe769}.xpi [2020-01-08]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCI�N
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCI�N (Rootkit!/Servicio bloqueado)
"MBAMChameleon" => servicio no pudo ser desbloqueado. <==== ATENCI�N
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCI�N
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ning�n archivo
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} =>  -> Ning�n archivo
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => eliminado correctamente
"HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DD391BE-E64D-449B-874E-31DC302907F8}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD391BE-E64D-449B-874E-31DC302907F8}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4F6DD8F-01B6-4956-8BC1-662F14150094}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAE500C1-5C4B-4598-ABA5-3590E6F3B704}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAE500C1-5C4B-4598-ABA5-3590E6F3B704}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94B9516E-4183-4012-8D5C-2D9CA7BF5E80}" => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F904093-6E18-4536-BF5F-B03689CF00F0} => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => eliminado correctamente
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF293C5A-9F37-49FD-91C4-2B867063FC54}" => eliminado correctamente
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF293C5A-9F37-49FD-91C4-2B867063FC54}" => eliminado correctamente
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\nikggb16.default-release-1\Extensions\{88ca97ee-69be-4604-bde1-1669f0dfe769}.xpi => movido correctamente
HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => eliminado correctamente
"ESProtectionDriver" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-31] (Malwarebytes Corporation -> Malwarebytes) <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMChameleon" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMFarflt" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
"MBAMWebProtection" => servicio no pudo ser desbloqueado. <==== ATENCI�N => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => system32\DRIVERS\mwac.sys <==== ATENCI�N (Rootkit!/Servicio bloqueado) => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ZLAVShExt => eliminado correctamente
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ZLAVShExt => eliminado correctamente
C:\ProgramData\TEMP => ":1CE11B51" ADS eliminado correctamente
C:\ProgramData\TEMP => ":5C321E34" ADS eliminado correctamente
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3736251313-4123297334-1401593606-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= Final de CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= Final de CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= Final de CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= Final de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18760897 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1988972 B
Edge => 0 B
Chrome => 0 B
Firefox => 434774706 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 66285 B
LocalService => 132513 B
NetworkService => 132513 B
Usuario => 14542392 B
boinc_master => 14542392 B

RecycleBin => 12168278 B
EmptyTemp: => 482.1 MB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 00:31:47 ===

ferdv77 · 15 Junio, 2020 22:40

Hola, el sistema sigue sin dejarme borrar los archivos de inicio, lo intentaré con el revo a ver si me deja…en el revo no aparecen. Siguen apareciendo en el “Your Uninstaller!”.

ferdv77 · 16 Junio, 2020 11:02

Ya lo he solucionado. Tuve un rato para dedicarle al pc: eliminé programas antiguos gracias al Revo, desinstalé servicios con desinstaladores específicos (Kaspersky, FlexNet Licensing) o sin ellos y me atreví a modificar el registro porque parece ser que también eran restos de algunos programas y sólo quedaban las claves.

Dejé instalado el Avira, porque fue el único que pudo salvarme de una infección muy fuerte hace algunos años ya, el ZoneAlarm 14 (conseguí desactivar el firewall de windows sin que se queje el Avira de estar desprotegido), el SpywareBlaster y de vez en cuando pasaré el adwcleaner, mbar y Malwarebytes. Creo que será suficiente ¿Alguna sugerencia?

Muchas gracias por tu atención, en cuanto solucioné el problema lo colgué aquí, espero no haberte robado mucho tiempo.

Saludos.

P.D. Incluso llegué a pensar que algún software me había clonado el arranque del sistema operativo, y por eso no podía desinstalar nada, porque no recuerdo tener dos windows 7 instalados que, aparentemente, son el mismo…

imagen

Daniela · 16 Junio, 2020 22:47

Hola

Por supuesto que no

No te hace falta más programas, son suficientes, AdwCleaner hay que descargarlo cada vez que lo quieras utilizar, hay nuevas versiones cada poco tiempo.

No tienes dos windows instalados, el que tienes marcado en azul es el modo rápido de arranque, puedes deshabilitarlo si quieres en esa pantalla.

Nos comentas si sigue todo bien.

Un saludo

ferdv77 · 17 Junio, 2020 05:19

Quedo muy agradecido.

¡Gracias guapa!

Cuídate mucho.

Daniela · 17 Junio, 2020 05:46

Hola @ferdv77

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte

Nos alegramos que se te haya resuelto Damos el tema por solucionado.

Solucionado

Un saludo

Daniela · 17 Junio, 2020 05:46