Infeccion con mail.ru

lapcsos · 19 Septiembre, 2019 22:49

Muy buenas se me ha presentado un caso de infeccion con el adware mail.ru el cual no puede ser eliminado, tengo internet y parece navegar por momentos pero me niega la conexion en chrome y firefox. Desde ya les agradezco cualquier asistencia.

JavierHF · 19 Septiembre, 2019 23:02

Buenas @lapcsos.

Para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Completo.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos Javier.

lapcsos · 19 Septiembre, 2019 23:09

Muy bien sr. muchas gracias por su pronta respuesta!!, ni bien tenga acceso le alcanzo los logs de cada herramienta!

JavierHF · 20 Septiembre, 2019 00:00

Hola.

Perfecto, por aquí esperaremos

Saludos.

lapcsos · 20 Septiembre, 2019 22:57

Muy buenas estimado; paso a adjuntarle los logs que me ha solicitado.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/9/19
Hora del análisis: 15:19
Archivo de registro: 1f5770d8-dbd3-11e9-baaa-7085c2c01261.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12577
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.295)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 285161
Amenazas detectadas: 25
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 min, 19 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 11
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MailRuUpdater, Sin acciones por parte del usuario, [254], [403909],1.0.12577
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{60D1FF79-E8C2-44CC-B2B9-C67921F5B326}, Sin acciones por parte del usuario, [254], [403909],1.0.12577
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{60D1FF79-E8C2-44CC-B2B9-C67921F5B326}, Sin acciones por parte del usuario, [254], [403909],1.0.12577
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\TotalRecipeSearch, Sin acciones por parte del usuario, [1780], [444113],1.0.12577
PUP.Optional.MindSpark, HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TotalRecipeSearchTooltab Uninstall Internet Explorer, Sin acciones por parte del usuario, [651], [352442],1.0.12577
PUP.Optional.VisualBookmarks.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hjdkfkdkokphfploiiddakjokndinfgb, Sin acciones por parte del usuario, [2597], [712263],1.0.12577
PUP.Optional.VisualBookmarks.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Sin acciones por parte del usuario, [2597], [-1],0.0.0
PUP.Optional.VisualBookmarks.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Sin acciones por parte del usuario, [2597], [-1],0.0.0
PUP.Optional.VisualBookmarks.ChrPRST, HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\POLICIES\GOOGLE\CHROME, Sin acciones por parte del usuario, [2597], [-1],0.0.0
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, Sin acciones por parte del usuario, [254], [655213],1.0.12577
Rootkit.Agent.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\c05de1eada538eaf, Sin acciones por parte del usuario, [450], [735118],1.0.12577

Valor del registro: 4
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\TotalRecipeSearch|START PAGE, Sin acciones por parte del usuario, [1780], [444113],1.0.12577
PUP.Optional.MindSpark, HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TotalRecipeSearchTooltab Uninstall Internet Explorer|PUBLISHER, Sin acciones por parte del usuario, [651], [352442],1.0.12577
Rootkit.Agent, HKLM\SOFTWARE\MICROSOFT|MSVER1, Sin acciones por parte del usuario, [448], [678869],1.0.12577
PUP.Optional.MailRu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{60D1FF79-E8C2-44CC-B2B9-C67921F5B326}|PATH, Sin acciones por parte del usuario, [254], [403907],1.0.12577

Datos del registro: 4
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}|NameServer, Sin acciones por parte del usuario, [3079], [733165],1.0.12577
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}|NameServer, Sin acciones por parte del usuario, [3079], [733166],1.0.12577
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}|NameServer, Sin acciones por parte del usuario, [3079], [733165],1.0.12577
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}|NameServer, Sin acciones por parte del usuario, [3079], [733166],1.0.12577

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
PUP.Optional.VisualBookmarks.ChrPRST, C:\USERS\RYZEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\HJDKFKDKOKPHFPLOIIDDAKJOKNDINFGB, Sin acciones por parte del usuario, [2597], [712263],1.0.12577

Archivo: 5
PUP.Optional.MailRu, C:\WINDOWS\SYSTEM32\TASKS\MailRuUpdater, Sin acciones por parte del usuario, [254], [403909],1.0.12577
PUP.Optional.VisualBookmarks.ChrPRST, C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjdkfkdkokphfploiiddakjokndinfgb\LOG.old, Sin acciones por parte del usuario, [2597], [712263],1.0.12577
PUP.Optional.VisualBookmarks.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Sin acciones por parte del usuario, [2597], [-1],0.0.0
PUP.Optional.VisualBookmarks.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Sin acciones por parte del usuario, [2597], [-1],0.0.0
Rootkit.Agent.PUA, C:\WINDOWS\SYSTEM32\DRIVERS\C05DE1EADA538EAF.SYS, Sin acciones por parte del usuario, [450], [735118],1.0.12577

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

lapcsos · 20 Septiembre, 2019 22:59

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-08-27.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-20-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MailRuUpdater
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys

*************************

AdwCleaner_Debug.log - [77676 octets] - [17/09/2019 20:08:44]
AdwCleaner[S00].txt - [3301 octets] - [17/09/2019 20:09:47]
AdwCleaner[C00].txt - [2917 octets] - [17/09/2019 20:10:36]
AdwCleaner[S01].txt - [1755 octets] - [17/09/2019 20:13:42]
AdwCleaner[S02].txt - [10068 octets] - [18/09/2019 19:34:46]
AdwCleaner[S03].txt - [3147 octets] - [18/09/2019 19:51:08]
AdwCleaner[C03].txt - [2815 octets] - [18/09/2019 19:51:26]
AdwCleaner[S04].txt - [2164 octets] - [20/09/2019 19:36:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

lapcsos · 20 Septiembre, 2019 23:00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by Ryzen (Administrator) on 20/09/2019 at 19:39:20,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\user.js (File) 

Deleted the following from C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\prefs.js
user_pref(extensions.webextensions.ExtensionStorageIDB.migrated.homepage@mail.ru, true);
user_pref(extensions.webextensions.uuids, {\[email protected]\:\ef3da5a3-ac4e-4e7e-940c-a5b0997415c4\,\[email protected]\:\6f9772ac-98e8-4f17-a71c-8bb4f90



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/09/2019 at 19:41:40,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

lapcsos · 20 Septiembre, 2019 23:02


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019 01
Ran by Ryzen (administrator) on CONTADORA (20-09-2019 19:43:42)
Running from C:\Users\Ryzen\Desktop
Loaded Profiles: Ryzen (Available Profiles: Ryzen)
Platform: Windows 10 Pro Version 1903 18362.295 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0333854.inf_amd64_6dc0bbc404f76288\B334021\atiesrxx.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [830304 2018-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180448 2019-07-30] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [ActuOnLine] => C:\Program Files (x86)\Errepar\Actualidad OnLine\ActuOnLine.exe [2927104 2010-07-07] (Errepar) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRWE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-28] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BA35AB-3D29-4FE3-8C12-C340905B9799} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {0DBA5738-1E56-4B6E-AFFE-D388D2A9AB12} - System32\Tasks\EPSON L395 Series Update {1CF81808-0887-43BB-97ED-B8EE78A720B9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRWE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {1EA93FA0-6807-4438-8274-F7A95C279334} - \Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start -> No File <==== ATTENTION
Task: {57C8EB7A-B5BF-44B5-8573-2A599DBC95F8} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {62C820E0-3C62-4418-B83C-D27E3F529F6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6EE31486-90BB-4F39-8332-5D6CA42167B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {76416B8C-31FD-4871-B6D2-48852585C90A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C819BA2A-1BBD-4EB5-9083-7CA60DFDCD1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D66D0AB5-14D6-481D-837D-708E24BEE6AB} - \Microsoft\Windows\UpdateOrchestrator\AC Power Download -> No File <==== ATTENTION
Task: {DA5DB928-D050-4B8C-8877-8EC0590FF527} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E18FDA94-7DFF-454B-ABCF-29779DF3C71E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F583D21C-C765-48ED-BDF0-42DC88386E02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2019-06-25] (Piriform Ltd -> Piriform Ltd)
Task: {F96B69B0-6AD5-426A-B73A-A74B3E935214} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L395 Series Update {1CF81808-0887-43BB-97ED-B8EE78A720B9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRWE.EXE:/EXE:{1CF81808-0887-43BB-97ED-B8EE78A720B9} /F:UpdateGRUPO\CONTADORA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4c5ce223-424b-4a0e-ba56-e5e49eea5ac7}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}: [NameServer] 213.166.69.3,
Tcpip\..\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}: [NameServer] 213.166.69.3,
Tcpip\..\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ar/
SearchScopes: HKU\S-1-5-21-2936734617-3609513407-3023620558-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2d5krbea.default
FF ProfilePath: C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default [2019-09-20]
FF NetworkProxy: Mozilla\Firefox\Profiles\2d5krbea.default -> type", 0
FF HomepageOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Extension: (Security Update Tool) - C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\Extensions\{f819cd6a-0d11-4e67-9a6f-e3bdaf4eee3b}.xpi [2019-08-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-06-25] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-06-25] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.ar/
CHR Profile: C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default [2019-09-20]
CHR Extension: (Presentaciones) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-25]
CHR Extension: (Documentos) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-25]
CHR Extension: (Google Drive) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-25]
CHR Extension: (YouTube) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-25]
CHR Extension: (Hojas de cálculo) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-25]
CHR Extension: (Chrome Update Tool) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjdblhobihaknilfmfjfpidfblgajmk [2019-09-02]
CHR Extension: (Gmail) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0333854.inf_amd64_6dc0bbc404f76288\B334021\atiesrxx.exe [507152 2018-10-10] (Advanced Micro Devices, Inc. -> AMD)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-30] (ESET, spol. s r.o. -> ESET)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [830304 2018-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5775208 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0333854.inf_amd64_6dc0bbc404f76288\B334021\atikmdag.sys [47497488 2018-10-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0333854.inf_amd64_6dc0bbc404f76288\B334021\atikmpag.sys [589288 2018-10-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137688 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107400 2018-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2019-07-30] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189232 2019-07-30] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [113336 2019-07-30] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-09-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-09-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-09-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-09-20] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1131024 2018-10-23] (Realtek Semiconductor Corp. -> Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [6635848 2017-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 RtlWlanu_OldIC; C:\Windows\System32\drivers\rtwlanu_oldIC.sys [3814400 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [47496 2019-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [337632 2019-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-20 19:43 - 2019-09-20 19:44 - 000019139 _____ C:\Users\Ryzen\Desktop\FRST.txt
2019-09-20 19:43 - 2019-09-20 19:43 - 000000000 ____D C:\FRST
2019-09-20 19:41 - 2019-09-20 19:41 - 000001034 _____ C:\Users\Ryzen\Desktop\JRT.txt
2019-09-20 19:38 - 2019-09-20 19:38 - 000002050 _____ C:\Users\Ryzen\Desktop\AdwCleaner[C04].txt
2019-09-20 19:37 - 2019-09-20 19:37 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-20 19:37 - 2019-09-20 19:37 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-09-20 19:37 - 2019-09-20 19:37 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-09-20 19:37 - 2019-09-20 19:37 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-09-20 19:35 - 2019-09-20 19:35 - 000005840 _____ C:\Users\Ryzen\Desktop\malwarebytes.txt
2019-09-20 19:30 - 2019-09-20 19:19 - 001615360 _____ (Farbar) C:\Users\Ryzen\Desktop\FRST64.exe
2019-09-20 19:30 - 2019-09-20 19:18 - 001790024 _____ (Malwarebytes) C:\Users\Ryzen\Desktop\JRT.exe
2019-09-20 19:29 - 2019-09-20 19:29 - 000090368 _____ C:\Users\Ryzen\Documents\cc_20190920_192930.reg
2019-09-20 17:55 - 2019-09-20 17:55 - 000046689 _____ C:\Users\Ryzen\Downloads\lsp_190-0004-00000003.pdf
2019-09-18 19:53 - 2019-09-18 19:53 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-09-18 19:52 - 2019-09-18 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-18 19:52 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-09-18 19:52 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-18 19:44 - 2019-09-18 19:52 - 064333800 _____ (Malwarebytes ) C:\Users\Ryzen\Downloads\mb3-setup-adwc.adwc100.3.8.3.exe
2019-09-18 19:31 - 2019-09-18 19:32 - 007622344 _____ (Malwarebytes) C:\Users\Ryzen\Desktop\adwcleaner_7.4.1.exe
2019-09-18 18:59 - 2019-09-18 18:59 - 000000000 ____D C:\Users\Ryzen\AppData\Local\OneDrive
2019-09-17 20:08 - 2019-09-17 20:10 - 000000000 ____D C:\AdwCleaner
2019-09-12 19:52 - 2019-09-12 19:52 - 000000000 ____D C:\Users\Ryzen\AppData\Local\mbamtray
2019-09-12 19:52 - 2019-09-12 19:52 - 000000000 ____D C:\Users\Ryzen\AppData\Local\mbam
2019-09-12 19:52 - 2019-09-12 19:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-12 19:52 - 2019-09-12 19:52 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-12 19:34 - 2019-09-12 19:34 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\SUPERAntiSpyware.com
2019-09-12 19:33 - 2019-09-18 19:24 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-09-12 19:33 - 2019-09-12 19:33 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-09-12 19:23 - 2019-09-12 19:23 - 000000000 ____D C:\Users\Ryzen\AppData\LocalLow\Oracle
2019-09-02 21:48 - 2019-09-03 16:53 - 000000000 ____D C:\ProgramData\Porland
2019-09-02 21:27 - 2019-09-02 21:27 - 000171197 _____ C:\Users\Ryzen\Downloads\prototypetrainer.zip
2019-09-02 21:17 - 2019-09-12 19:58 - 000000000 ____D C:\ProgramData\{842629B2-CCC2-ECFB-BAD1-7860BA362131}
2019-09-02 21:17 - 2019-09-12 19:58 - 000000000 ____D C:\ProgramData\{167ACA31-2F41-7EA7-3932-24F239D57DA3}
2019-09-02 21:17 - 2019-09-02 21:17 - 000000000 ____D C:\Users\Ryzen\AppData\Local\AdvinstAnalytics
2019-09-02 21:17 - 2019-09-02 21:17 - 000000000 ____D C:\ProgramData\lgqavQQRTGS
2019-09-02 21:17 - 2019-09-02 21:17 - 000000000 ____D C:\ProgramData\Lamia
2019-09-02 21:16 - 2019-09-18 19:23 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Mail.Ru
2019-09-02 21:16 - 2019-09-03 16:54 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\mfmvlggvyuzx
2019-09-02 21:16 - 2019-09-02 21:17 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-08-29 19:39 - 2019-08-29 19:40 - 000037266 _____ C:\Users\Ryzen\Downloads\20127706612_001_00004_00000031(1).pdf
2019-08-29 19:36 - 2019-08-29 19:36 - 000037266 _____ C:\Users\Ryzen\Downloads\20127706612_001_00004_00000031.pdf
2019-08-26 21:25 - 2019-09-02 20:48 - 000000000 ____D C:\Users\Ryzen\Documents\Prototype
2019-08-26 20:59 - 2019-08-26 21:07 - 000000000 ____D C:\Root
2019-08-26 20:47 - 2019-08-26 20:47 - 000000000 ____D C:\Program Files (x86)\Activision
2019-08-23 16:07 - 2019-08-23 16:07 - 000461668 _____ C:\Users\Ryzen\Downloads\POLIZA_2100_64991_206.pdf
2019-08-21 20:20 - 2019-08-21 20:20 - 000087040 _____ C:\Users\Ryzen\Documents\Copia de Gastos domesticos (Autoguardado).xls
2019-08-21 20:20 - 2019-08-21 20:20 - 000000000 ____D C:\Users\Ryzen\Documents\Plantillas personalizadas de Office
2019-08-21 19:29 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2019-08-21 19:29 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2019-08-21 19:29 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2019-08-21 19:29 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2019-08-21 19:29 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2019-08-21 19:29 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-08-21 19:29 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2019-08-21 19:29 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2019-08-21 19:29 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2019-08-21 19:29 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2019-08-21 19:29 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2019-08-21 19:29 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2019-08-21 19:29 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2019-08-21 19:29 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2019-08-21 19:29 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2019-08-21 19:29 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2019-08-21 19:29 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2019-08-21 19:29 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2019-08-21 19:29 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2019-08-21 19:29 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2019-08-21 19:29 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2019-08-21 19:29 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2019-08-21 19:29 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2019-08-21 19:29 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2019-08-21 19:29 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2019-08-21 19:29 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2019-08-21 19:29 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2019-08-21 19:29 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2019-08-21 19:29 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2019-08-21 19:29 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2019-08-21 19:29 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2019-08-21 19:29 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2019-08-21 19:29 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2019-08-21 19:29 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2019-08-21 19:29 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2019-08-21 19:29 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2019-08-21 19:29 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2019-08-21 19:29 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2019-08-21 19:29 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2019-08-21 19:29 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2019-08-21 19:29 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2019-08-21 19:29 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2019-08-21 19:29 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2019-08-21 19:29 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2019-08-21 19:29 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2019-08-21 19:29 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2019-08-21 19:29 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2019-08-21 19:29 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2019-08-21 19:29 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2019-08-21 19:29 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2019-08-21 19:29 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2019-08-21 19:29 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2019-08-21 19:29 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2019-08-21 19:29 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2019-08-21 19:29 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2019-08-21 19:29 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2019-08-21 19:29 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2019-08-21 19:29 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2019-08-21 19:29 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2019-08-21 19:29 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2019-08-21 19:29 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2019-08-21 19:29 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2019-08-21 19:29 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2019-08-21 19:29 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2019-08-21 19:29 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2019-08-21 19:29 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2019-08-21 19:29 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2019-08-21 19:29 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2019-08-21 19:29 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2019-08-21 19:29 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2019-08-21 19:29 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2019-08-21 19:29 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2019-08-21 19:29 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2019-08-21 19:29 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2019-08-21 19:29 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2019-08-21 19:29 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2019-08-21 19:29 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2019-08-21 19:29 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2019-08-21 19:29 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2019-08-21 19:29 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2019-08-21 19:29 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2019-08-21 19:29 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2019-08-21 19:29 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2019-08-21 19:29 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2019-08-21 19:29 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2019-08-21 19:29 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2019-08-21 19:29 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2019-08-21 19:29 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2019-08-21 19:29 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2019-08-21 19:29 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2019-08-21 19:29 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2019-08-21 19:29 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2019-08-21 19:29 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2019-08-21 19:29 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2019-08-21 19:29 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2019-08-21 19:29 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2019-08-21 19:29 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2019-08-21 19:29 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2019-08-21 19:29 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2019-08-21 19:29 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2019-08-21 19:29 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2019-08-21 19:29 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2019-08-21 19:29 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2019-08-21 19:29 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2019-08-21 19:29 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2019-08-21 19:29 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2019-08-21 19:29 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2019-08-21 19:29 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2019-08-21 19:29 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2019-08-21 19:29 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2019-08-21 19:29 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2019-08-21 19:29 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2019-08-21 19:29 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2019-08-21 19:29 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2019-08-21 19:28 - 2019-08-21 19:28 - 000000000 ____D C:\Users\Ryzen\Downloads\directx_Jun2010_redist
2019-08-21 19:27 - 2019-08-21 19:28 - 100271992 _____ (Microsoft Corporation) C:\Users\Ryzen\Downloads\directx_Jun2010_redist.exe
2019-08-21 19:21 - 2019-08-21 19:21 - 000000000 ____D C:\Users\Ryzen\Downloads\prototype2engine
2019-08-21 19:20 - 2019-08-21 19:21 - 007375255 _____ C:\Users\Ryzen\Downloads\prototype2engine.zip
2019-08-21 19:05 - 2019-09-20 19:21 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\uTorrent
2019-08-21 19:05 - 2019-08-21 19:05 - 000000896 _____ C:\Users\Ryzen\Desktop\µTorrent.lnk
2019-08-21 18:47 - 2019-08-21 18:47 - 000000000 ____D C:\Program Files (x86)\Thief

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-20 19:38 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-20 19:37 - 2019-03-19 04:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-20 19:37 - 2019-03-19 01:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-09-20 19:32 - 2019-03-19 04:59 - 000436920 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-20 19:32 - 2019-03-19 04:59 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-09-20 19:23 - 2019-06-25 12:46 - 000000000 ____D C:\Program Files\CCleaner
2019-09-20 19:22 - 2019-03-19 01:50 - 000000000 ____D C:\Windows\INF
2019-09-20 19:18 - 2019-06-25 12:46 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-20 19:13 - 2019-06-25 18:14 - 000000000 ____D C:\Users\Ryzen\AppData\LocalLow\Mozilla
2019-09-20 19:12 - 2019-06-25 18:56 - 000000000 ____D C:\her
2019-09-20 18:05 - 2019-07-18 11:40 - 000000000 ____D C:\Users\Ryzen\Documents\Archivos de Outlook
2019-09-20 18:05 - 2019-07-18 11:24 - 000140800 _____ C:\Users\Ryzen\Documents\Resúmen analítico de Compras y Ventas.xls
2019-09-20 17:35 - 2019-07-18 11:24 - 000414720 _____ C:\Users\Ryzen\Documents\Retiros Particulares Farmacia.xls
2019-09-20 17:35 - 2019-07-18 11:23 - 000088064 _____ C:\Users\Ryzen\Documents\Copia de Gastos domesticos.xls
2019-09-19 17:57 - 2019-03-19 05:19 - 000000000 ____D C:\Users\Ryzen\AppData\Local\D3DSCache
2019-09-19 16:04 - 2019-07-18 11:24 - 000540160 _____ C:\Users\Ryzen\Documents\Planilla de caja.xls
2019-09-18 19:52 - 2019-03-19 01:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-09-18 19:51 - 2019-07-18 15:08 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-09-18 19:30 - 2019-06-25 18:21 - 000000000 ____D C:\Program Files\Java
2019-09-18 19:29 - 2019-03-19 05:06 - 000003368 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2936734617-3609513407-3023620558-1001
2019-09-18 19:29 - 2019-03-19 05:06 - 000000000 ___RD C:\Users\Ryzen\OneDrive
2019-09-18 19:29 - 2019-03-19 05:04 - 000002401 _____ C:\Users\Ryzen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-18 19:24 - 2019-03-19 05:04 - 000000000 ____D C:\Users\Ryzen
2019-09-18 19:23 - 2019-06-25 18:28 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Microsoft Help
2019-09-18 19:23 - 2019-06-25 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-18 19:15 - 2019-03-19 01:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-18 19:14 - 2019-06-25 18:14 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Mozilla
2019-09-18 19:14 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\registration
2019-09-18 19:04 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\system32\NDF
2019-09-17 20:10 - 2019-07-18 15:08 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\Lavasoft
2019-09-17 20:10 - 2019-07-18 15:08 - 000000000 ____D C:\ProgramData\Lavasoft
2019-09-17 19:47 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\LiveKernelReports
2019-09-17 19:47 - 2019-03-19 00:59 - 000000000 ____D C:\Windows\Panther
2019-09-10 19:48 - 2019-07-23 17:15 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\AnyDesk
2019-09-05 17:01 - 2019-03-19 05:04 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Packages
2019-09-05 16:46 - 2019-08-08 17:36 - 000000000 ____D C:\facturasdgi
2019-09-03 17:11 - 2019-06-25 18:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-09-03 17:11 - 2019-06-25 18:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-03 17:01 - 2019-03-19 01:37 - 000524288 _____ C:\Windows\system32\config\BBI(16)
2019-09-02 21:17 - 2019-03-19 01:52 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-09-02 21:17 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-09-02 21:16 - 2019-06-25 12:44 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-30 21:26 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\AppReadiness
2019-08-28 16:29 - 2019-06-25 12:46 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-28 16:29 - 2019-06-25 12:46 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-26 21:07 - 2019-03-19 05:15 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-22 15:46 - 2019-06-25 12:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-21 18:59 - 2019-07-18 15:21 - 000000000 ____D C:\Program Files (x86)\BearShare

==================== Files in the root of some directories ================

2014-05-09 19:44 - 2009-10-19 06:47 - 000073728 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelp9.exe
2014-05-09 19:44 - 2009-10-19 06:48 - 000016384 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelpps9.dll
2014-05-09 19:44 - 2007-10-15 10:11 - 001507328 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\VFP9ENU.DLL
2014-05-09 19:44 - 2009-04-03 12:01 - 004734976 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vfp9r.dll
2014-05-09 19:44 - 2007-10-15 10:15 - 001187840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\VFP9RENU.DLL
2014-05-09 19:44 - 2007-10-15 10:47 - 001228800 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vfp9resn.dll

==================== FLock ================

2019-03-19 05:03 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

lapcsos · 20 Septiembre, 2019 23:03

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
Ran by Ryzen (20-09-2019 19:45:28)
Running from C:\Users\Ryzen\Desktop
Windows 10 Pro Version 1903 18362.295 (X64) (2019-03-19 08:01:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2936734617-3609513407-3023620558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2936734617-3609513407-3023620558-503 - Limited - Disabled)
Invitado (S-1-5-21-2936734617-3609513407-3023620558-501 - Limited - Enabled)
Ryzen (S-1-5-21-2936734617-3609513407-3023620558-1001 - Administrator - Enabled) => C:\Users\Ryzen
WDAGUtilityAccount (S-1-5-21-2936734617-3609513407-3023620558-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Account Soft -  Componentes 9 (HKLM-x32\...\Account_Soft) (Version: 9 - Account Soft)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Baja o recambio de memoria de Controladores Fiscales v.1.01 (HKLM-x32\...\ST5UNST #15) (Version:  - )
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Nombre de su organización) Hidden
BP-AyP (HKLM-x32\...\ST5UNST #2) (Version:  - )
C.I.T.I. Compras (HKLM-x32\...\ST5UNST #14) (Version:  - )
C.I.T.I. Ventas (HKLM-x32\...\ST5UNST #12) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
Compensaciones y Volantes de Pago (HKLM-x32\...\ST5UNST #11) (Version:  - )
Diagnóstico de impresoras Samsung (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{816185C8-7C13-4650-9AB4-FC2EC9651A77}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
EPSON L395 Series Printer Uninstall (HKLM\...\EPSON L395 Series) (Version:  - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{9ABD2971-9B8B-4958-9100-4EAFCC32A86D}) (Version: 3.0.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Errepar Actualidad OnLine (HKLM-x32\...\Actualidad OnLine) (Version:  - )
ESET Security (HKLM\...\{EC96F234-2A42-4D7D-9C33-443566F72BF5}) (Version: 12.2.23.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Formulario Multinota (HKLM-x32\...\ST5UNST #16) (Version:  - )
Ganancias personas físicas (HKLM-x32\...\ST5UNST #19) (Version:  - )
GMP V900 - R2 (HKLM-x32\...\ST5UNST #3) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GPFBP V1801 - R0 (HKLM-x32\...\ST5UNST #4) (Version:  - )
GPJ v16.0 R3 (HKLM-x32\...\ST5UNST #6) (Version:  - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I.V.A. (HKLM-x32\...\ST5UNST #7) (Version:  - )
Informe para Fines Fiscales (HKLM-x32\...\ST5UNST #5) (Version:  - )
Juego Prototype(TM) (HKLM-x32\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manual Epson L395 (HKLM-x32\...\UsersGuideManual Epson L395_is1) (Version: 1.0 - Epson America, Inc.)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 69.0 (x64 es-AR) (HKLM\...\Mozilla Firefox 69.0 (x64 es-AR)) (Version: 69.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Nombre de su organización)
Participaciones Societarias (HKLM-x32\...\ST5UNST #20) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plan de Facilidades de Pago R.G.984 v300 r2 (HKLM-x32\...\ST5UNST #21) (Version:  - )
Prototype(TM) (HKLM-x32\...\{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8560 - Realtek Semiconductor Corp.)
Régimen de Asistencia Financiera (HKLM-x32\...\ST5UNST #18) (Version:  - )
Regimen de Información de Compras y Ventas V.1.0 R.6 (HKLM-x32\...\ST5UNST #13) (Version:  - )
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
S.I.Ap. (HKLM-x32\...\ST5UNST #1) (Version:  - )
S.I.J.P. Retenciones y Percepciones (HKLM-x32\...\ST5UNST #8) (Version:  - )
Samsung C410 Series (HKLM-x32\...\Samsung C410 Series) (Version: 1.15 (12/06/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SICORE (HKLM-x32\...\ST5UNST #10) (Version:  - )
SICOSS (HKLM-x32\...\ST5UNST #9) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
TP-Link TL-WN8200ND Driver (HKLM-x32\...\{32887DD5-7B1E-46C1-9D01-FCDD363B6A8F}) (Version: 1.0.0 - TP-Link)
Transferencias de Inmuebles (HKLM-x32\...\ST5UNST #17) (Version:  - )
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)
Web Companion (HKLM-x32\...\{2f6cbdb0-2936-40d1-9e70-42a7a744d4bc}) (Version: 4.8.2021.3909 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.9.7.0_x86__kgqvnymyfvs32 [2019-09-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.19.5.0_x86__kgqvnymyfvs32 [2019-09-18] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Studios) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.136.0_x64__dt26b99r8h8gj [2019-09-18] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0 [2019-09-18] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{60B43C17-3750-4888-B8E2-1F2DF3CB42EB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A65212C0-2868-41B2-9560-84D48D7A16B6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1AFFCD21-B326-41E0-80CA-F0B4CDC1FF3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F4C0DD0D-7AAD-49FA-B8CF-93B2C5B8B5CB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{26E02BD4-3AE9-4DCE-98AA-19DFA3BF1ED0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{FADFFCBB-61D9-46B2-A801-5C8F01A9CEA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{E0A864BE-A4F4-4EC4-BDAC-3CB4E5694AF4}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF81ECBA-8D01-4BE5-8039-1A60A5CE6DFA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5705EB20-5335-47BF-851F-1A0F33908C51}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{240EB671-3C06-4259-927A-9C6783AAF486}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B380DCB-89DC-4624-931A-F8282C0E4614}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D43503AA-8B9D-48A5-B3DC-88B68B178B8B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{E0E191E4-5032-4348-BF2A-94FBABD1545A}C:\program files (x86)\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare\bearshare.exe No File
FirewallRules: [UDP Query User{CDE48745-E62D-4CCC-966C-45027B9E5E84}C:\program files (x86)\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare\bearshare.exe No File
FirewallRules: [TCP Query User{9EE4BCBF-C538-4FE4-99AF-58641FB002F2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{E0993BEA-41FF-4A59-9E14-81A5FC22EE49}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{9EE5B22E-D201-4482-BE3A-9A673CA7A99D}C:\users\ryzen\desktop\anydesk.exe] => (Allow) C:\users\ryzen\desktop\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{42A92FB4-2A47-46F4-AC04-3CEEBEE1B519}C:\users\ryzen\desktop\anydesk.exe] => (Allow) C:\users\ryzen\desktop\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [{350103D3-005D-44CC-B594-AE089BD829F2}] => (Allow) C:\Users\Ryzen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{82FEE491-A92C-4085-A977-AF16F52F77B8}] => (Allow) C:\Users\Ryzen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{064C7BDA-83F8-4601-B376-5D49B1337A26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9F1AE880-9B8A-429C-BD9F-97E08B232EAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72638072-BC78-43B1-87B2-33B9F033DA5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{374A8185-DDE1-43E5-96C3-628FBC1033E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{544FB219-2FA1-4A70-AA05-A19F9EF8AB2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94863CDB-81A5-4B78-A2BE-7594A4FEBACE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{538AFBB2-A3B1-4362-9A0E-17E492DF613D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F32A803F-0D9E-4CA4-A073-C7F1160E39F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10078826-6EC0-4E7B-B89B-7D100D6726FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.114.475.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

26-08-2019 20:47:26 Instalado Juego Prototype(TM)
05-09-2019 18:44:55 Punto de control programado
12-09-2019 19:45:24 Removed Online Application
18-09-2019 19:12:53 Operación de restauración
20-09-2019 19:39:20 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2019 07:14:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1838, marca de tiempo: 0x5d13b12f
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Identificador del proceso con errores: 0x262c
Hora de inicio de la aplicación con errores: 0x01d57000adbd1a3e
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: d0d20663-a2fc-4c34-9929-f716ea6bc110
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (09/18/2019 07:46:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa adwcleaner_7.4.1.exe (versión 7.4.1.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 2a48

Hora de Inicio: 01d56e71116d5cd6

Hora de finalización: 4294967295

Ruta de la aplicación: C:\her\adwcleaner_7.4.1.exe

Id. de informe: a66cdabe-c84a-4802-ab4e-2b9eef9e2b67

Nombre completo del paquete con errores: 

Id. de la aplicación relativa al paquete con errores: 

Tipo de bloqueo: Top level window is idle

Error: (09/18/2019 07:24:49 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (Punto de control programado). Información adicional: 0xc0000022.

Error: (09/18/2019 07:24:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4716,R,98) SRUJet: Error -1811 (0xfffff8ed) al abrir un archivo de registro C:\Windows\system32\SRU\SRU00520.log.

Error: (09/17/2019 06:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: firefox.exe, versión: 69.0.0.7178, marca de tiempo: 0x5d6491ca
Nombre del módulo con errores: ntdll.dll, versión: 10.0.18362.267, marca de tiempo: 0xc00f8a30
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f9269
Identificador del proceso con errores: 0x1090
Hora de inicio de la aplicación con errores: 0x01d56d9f649bbef0
Ruta de acceso de la aplicación con errores: C:\Program Files\Mozilla Firefox\firefox.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: ca83d42e-27c9-4330-9a19-bc5bda5624ae
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (09/11/2019 10:38:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SearchUI.exe (versión 10.0.18362.267) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 34c

Hora de Inicio: 01d568fda4db6c3d

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Id. de informe: b7de689e-a70b-4c26-a694-78c44cd93505

Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: CortanaUI

Tipo de bloqueo: Cross-thread

Error: (09/09/2019 09:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: prototypef.exe, versión: 1.0.0.1, marca de tiempo: 0x49ef07ae
Nombre del módulo con errores: prototypeenginef.dll, versión: 1.0.0.1, marca de tiempo: 0x49ef9366
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00a9b392
Identificador del proceso con errores: 0x1c14
Hora de inicio de la aplicación con errores: 0x01d5676cdf138a4d
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Activision\Prototype\prototypef.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Activision\Prototype\prototypeenginef.dll
Identificador del informe: a137f525-19d8-46cd-8f99-4cb9583797bf
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (09/09/2019 09:15:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: prototypef.exe, versión: 1.0.0.1, marca de tiempo: 0x49ef07ae
Nombre del módulo con errores: prototypeenginef.dll, versión: 1.0.0.1, marca de tiempo: 0x49ef9366
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00a9b392
Identificador del proceso con errores: 0x534
Hora de inicio de la aplicación con errores: 0x01d5676ca8b5409a
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Activision\Prototype\prototypef.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Activision\Prototype\prototypeenginef.dll
Identificador del informe: 852c38ad-161e-43c1-a8c4-c19e0431e22c
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (09/20/2019 07:39:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Realtek Audio Universal Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (09/20/2019 07:37:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Realtek Audio Universal Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (09/20/2019 07:37:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/20/2019 07:37:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio EpsonCustomerResearchParticipation se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/20/2019 07:37:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Epson Scanner Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/20/2019 07:37:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/20/2019 07:21:15 PM) (Source: DCOM) (EventID: 10000) (User: CONTADORA)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/20/2019 07:12:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Google Update Servicio (gupdate) no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.


CodeIntegrity:
===================================

Date: 2019-09-20 19:39:44.281
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:44.264
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:39.581
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:31.042
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:31.035
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:30.252
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:30.248
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2019-09-20 19:39:30.223
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.00 11/22/2018
Motherboard: ASRock A320M-HDV R4.0
Processor: AMD Ryzen 5 2400G with Radeon Vega Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7097.91 MB
Available physical RAM: 4744.84 MB
Total Virtual: 8249.91 MB
Available Virtual: 6045.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:320.84 GB) NTFS

\\?\Volume{77a5ba3f-f7b3-45a0-947a-4a763db9b790}\ (Recuperación) (Fixed) (Total:0.52 GB) (Free:0.13 GB) NTFS
\\?\Volume{a6d7bca4-26f0-4378-9480-b4ff31a7065f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

lapcsos · 20 Septiembre, 2019 23:04

He reiniciado el equipo y vuelto a conectar a Internet y la infección no desaparece tanto en chrome como firefox y me redirecciona a otras webs que no he solicitado.

JavierHF · 20 Septiembre, 2019 23:07

Hola.

El informe de Malwarebyes indica “Sin acciones por parte del usuario” y deberías haberlo enviado TODO a la cuarentena para que fueran eliminados.

Repítelo y pones el nuevo informe obtenido con Malwarebytes.

Saludos.

lapcsos · 20 Septiembre, 2019 23:14

Si , efectivamente los mande a todos a cuarentena y reinicie el equipo como me pidio el programa, no tengo idea porque dice eso. pero repito el proceso.

lapcsos · 20 Septiembre, 2019 23:18

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/9/19
Hora del análisis: 20:14
Archivo de registro: 67aa30fe-dbfc-11e9-a7ec-7085c2c01261.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.625
Versión del paquete de actualización: 1.0.12581
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.295)
CPU: x64
Sistema de archivos: NTFS
Usuario: CONTADORA\Ryzen

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 285137
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 1 min, 5 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 2
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}|NameServer, Sustituido, [3079], [733165],1.0.12581
Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}|NameServer, Sustituido, [3079], [733165],1.0.12581

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

lapcsos · 20 Septiembre, 2019 23:26

Volví a probar y la pc ya quedo sin conexión, ahora ya no se conecta a la red.

JavierHF · 21 Septiembre, 2019 08:14

Hola.

Después de volver a usar Malwarebytes has Reiniciado .?

Reinicia de todas maneras de nuevo y comprueba si tienes conexión .

La conexión a Internet la haces por wifi o por cable .??

Prueba de ambas maneras para descartar y nos comentas.

Todavía tengo que revisar los informes de FRST para darte indicaciones.

Espero tus comentarios

Saludos

lapcsos · 21 Septiembre, 2019 12:14

Muy buenas, volvi a reiniciar y la conexion se restablecio, pero cuando navego por firefox vuelve a marcar la infeccion.de una web llamada myprotectpc.com.

JavierHF · 21 Septiembre, 2019 14:39

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1EA93FA0-6807-4438-8274-F7A95C279334} - \Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start -> No File <==== ATTENTION
Task: {D66D0AB5-14D6-481D-837D-708E24BEE6AB} - \Microsoft\Windows\UpdateOrchestrator\AC Power Download -> No File <==== ATTENTION
Tcpip\..\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}: [NameServer] 213.166.69.3,
Tcpip\..\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}: [NameServer] 213.166.69.3,
FF NetworkProxy: Mozilla\Firefox\Profiles\2d5krbea.default -> type", 0
FF HomepageOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Extension: (Security Update Tool) - C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\Extensions\{f819cd6a-0d11-4e67-9a6f-e3bdaf4eee3b}.xpi [2019-08-27]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
2019-09-02 21:16 - 2019-09-18 19:23 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Mail.Ru
2019-09-02 21:16 - 2019-09-03 16:54 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\mfmvlggvyuzx
2019-09-02 21:16 - 2019-09-02 21:17 - 000000000 ____D C:\ProgramData\Mail.Ru
2014-05-09 19:44 - 2009-10-19 06:47 - 000073728 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelp9.exe
2014-05-09 19:44 - 2009-10-19 06:48 - 000016384 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelpps9.dll
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

lapcsos · 21 Septiembre, 2019 15:26

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
Ran by Ryzen (21-09-2019 12:15:09) Run:1
Running from C:\Users\Ryzen\Desktop
Loaded Profiles: Ryzen (Available Profiles: Ryzen)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1EA93FA0-6807-4438-8274-F7A95C279334} - \Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start -> No File <==== ATTENTION
Task: {D66D0AB5-14D6-481D-837D-708E24BEE6AB} - \Microsoft\Windows\UpdateOrchestrator\AC Power Download -> No File <==== ATTENTION
Tcpip\..\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}: [NameServer] 213.166.69.3,
Tcpip\..\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}: [NameServer] 213.166.69.3,
FF NetworkProxy: Mozilla\Firefox\Profiles\2d5krbea.default -> type", 0
FF HomepageOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\2d5krbea.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF Extension: (Security Update Tool) - C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\Extensions\{f819cd6a-0d11-4e67-9a6f-e3bdaf4eee3b}.xpi [2019-08-27]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
2019-09-02 21:16 - 2019-09-18 19:23 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Mail.Ru
2019-09-02 21:16 - 2019-09-03 16:54 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\mfmvlggvyuzx
2019-09-02 21:16 - 2019-09-02 21:17 - 000000000 ____D C:\ProgramData\Mail.Ru
2014-05-09 19:44 - 2009-10-19 06:47 - 000073728 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelp9.exe
2014-05-09 19:44 - 2009-10-19 06:48 - 000016384 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\foxhhelpps9.dll
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA93FA0-6807-4438-8274-F7A95C279334}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66D0AB5-14D6-481D-837D-708E24BEE6AB}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\AC Power Download" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7202f8f4-d373-4b58-9e53-d961b79f316d}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8c9ee129-6f79-4fb8-8497-030297c1ebb2}\\NameServer" => removed successfully
Firefox Proxy settings were reset.
"Firefox HomepageOverride ([email protected]) " => removed successfully
"Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => removed successfully
C:\Users\Ryzen\AppData\Roaming\Mozilla\Firefox\Profiles\2d5krbea.default\Extensions\{f819cd6a-0d11-4e67-9a6f-e3bdaf4eee3b}.xpi => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
C:\Users\Ryzen\AppData\Local\Mail.Ru => moved successfully
C:\Users\Ryzen\AppData\Roaming\mfmvlggvyuzx => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
C:\Program Files (x86)\Common Files\foxhhelp9.exe => moved successfully
C:\Program Files (x86)\Common Files\foxhhelpps9.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2936734617-3609513407-3023620558-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19714552 B
Java, Flash, Steam htmlcache => 422 B
Windows/system/drivers => 11020 B
Edge => 66048 B
Chrome => 21130166 B
Firefox => 60792449 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 59090 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Ryzen => 78349804 B

RecycleBin => 2268078261 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:15:42 ====

lapcsos · 21 Septiembre, 2019 15:28

EStoy probando el equipo en estos instantes, si se vuelve a presentar algun mensaje de infeccion le estare avisando, desde ya le agradezco por tomarse la molestia en ayudarme, mil gracias!!

JavierHF · 21 Septiembre, 2019 16:00

Hola.

Entendido, comprueba tu equipo durante 24 horas más.

Y de momento , Por Favor, mientras estemos desinfectando/arreglando tu maquina :

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…)

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo/arreglarlo siguiendo nuestras indicaciones.

Cuando vuelvas y nos comentes los resultados te daremos los últimos pasos que debes hacer con el equipo.

Saludos.