Hola a todos,
Estaba siguiendo los pasos de la Guia de 2019. Tras descargar y ejecutar RKill, al intentar instalar Malwarebytes’ Anti-Malware, me aparece un mensaje como este:
"Esta aplicación se ha bloqueado para protegerte
Un administrador bloqueó está aplicación para que no puedas ejecutarla"
Es esto normal?
Reinicia el pc y Sobre el ejecutable de Maalwarebytes boton derecho- ejecutar como administrador, para poder instalar
Gracias por la respuesta
Sorprendentemente, he reinicado y me sigue apareciendo el mismo mensaje… Solo tengo un usuario y consequentemente, administrador, en el pc…
Puedes ponerme una captura de ese mensaje??
Realizarla
y adjuntala
Ademas este logs:
Aquí te lo dejo:
Imagen: me aparece un error que no tengo permiso para colgar imagenes, lo he colgado aquí:
**+ Log MBAR**
*---------------------------------------*
* Malwarebytes Anti-Rootkit BETA 1.10.3.1001*
* (c) Malwarebytes Corporation 2011-2012*
* OS version: 10.0.17763 Windows 10 x64*
* Account is Administrative*
* Internet Explorer version: 11.379.17763.0*
* File system is: NTFS*
* Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED*
* CPU speed: 3.199000 GHz*
* Memory total: 8505446400, free: 4926775296*
* Downloaded database version: v2019.03.31.05*
* Downloaded database version: v2019.03.31.05*
* Downloaded database version: v2018.01.20.01*
* =======================================*
* Initializing...*
* Driver version: 4.3.0.15*
* ------------ Kernel report ------------*
* 03/31/2019 18:47:13*
* ------------ Loaded modules -----------*
* \SystemRoot\system32\ntoskrnl.exe*
* \SystemRoot\system32\hal.dll*
* \SystemRoot\system32\kd.dll*
* \SystemRoot\system32\mcupdate_GenuineIntel.dll*
* \SystemRoot\System32\drivers\msrpc.sys*
* \SystemRoot\System32\drivers\ksecdd.sys*
* \SystemRoot\System32\drivers\werkernel.sys*
* \SystemRoot\System32\drivers\CLFS.SYS*
* \SystemRoot\System32\drivers\tm.sys*
* \SystemRoot\system32\PSHED.dll*
* \SystemRoot\system32\BOOTVID.dll*
* \SystemRoot\System32\drivers\FLTMGR.SYS*
* \SystemRoot\System32\drivers\clipsp.sys*
* \SystemRoot\System32\drivers\cmimcext.sys*
* \SystemRoot\System32\drivers\ntosext.sys*
* \SystemRoot\system32\CI.dll*
* \SystemRoot\System32\drivers\cng.sys*
* \SystemRoot\system32\drivers\Wdf01000.sys*
* \SystemRoot\system32\drivers\WDFLDR.SYS*
* \SystemRoot\system32\drivers\WppRecorder.sys*
* \SystemRoot\system32\drivers\SleepStudyHelper.sys*
* \SystemRoot\System32\Drivers\acpiex.sys*
* \SystemRoot\system32\drivers\mssecflt.sys*
* \SystemRoot\system32\drivers\SgrmAgent.sys*
* \SystemRoot\System32\drivers\ACPI.sys*
* \SystemRoot\System32\drivers\WMILIB.SYS*
* \SystemRoot\System32\drivers\intelpep.sys*
* \SystemRoot\system32\drivers\WindowsTrustedRT.sys*
* \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys*
* \SystemRoot\System32\drivers\pcw.sys*
* \SystemRoot\System32\drivers\msisadrv.sys*
* \SystemRoot\System32\drivers\pci.sys*
* \SystemRoot\System32\drivers\vdrvroot.sys*
* \SystemRoot\system32\drivers\pdc.sys*
* \SystemRoot\system32\drivers\CEA.sys*
* \SystemRoot\System32\drivers\partmgr.sys*
* \SystemRoot\System32\drivers\spaceport.sys*
* \SystemRoot\System32\drivers\volmgr.sys*
* \SystemRoot\System32\drivers\volmgrx.sys*
* \SystemRoot\System32\drivers\mountmgr.sys*
* \SystemRoot\System32\drivers\storahci.sys*
* \SystemRoot\System32\drivers\storport.sys*
* \SystemRoot\System32\drivers\EhStorClass.sys*
* \SystemRoot\System32\drivers\fileinfo.sys*
* \SystemRoot\System32\Drivers\Wof.sys*
* \SystemRoot\system32\drivers\wd\WdFilter.sys*
* \SystemRoot\System32\Drivers\Ntfs.sys*
* \SystemRoot\System32\Drivers\Fs_Rec.sys*
* \SystemRoot\system32\drivers\ndis.sys*
* \SystemRoot\system32\drivers\NETIO.SYS*
* \SystemRoot\System32\Drivers\ksecpkg.sys*
* \SystemRoot\System32\drivers\tcpip.sys*
* \SystemRoot\System32\drivers\fwpkclnt.sys*
* \SystemRoot\System32\drivers\wfplwfs.sys*
* \SystemRoot\System32\DRIVERS\fvevol.sys*
* \SystemRoot\System32\drivers\volume.sys*
* \SystemRoot\System32\drivers\volsnap.sys*
* \SystemRoot\System32\drivers\rdyboost.sys*
* \SystemRoot\System32\Drivers\mup.sys*
* \SystemRoot\system32\drivers\iorate.sys*
* \SystemRoot\System32\drivers\disk.sys*
* \SystemRoot\System32\drivers\CLASSPNP.SYS*
* \SystemRoot\System32\Drivers\crashdmp.sys*
* \SystemRoot\System32\drivers\cdrom.sys*
* \SystemRoot\system32\drivers\filecrypt.sys*
* \SystemRoot\system32\drivers\tbs.sys*
* \SystemRoot\System32\Drivers\Null.SYS*
* \SystemRoot\System32\Drivers\Beep.SYS*
* \SystemRoot\System32\drivers\dxgkrnl.sys*
* \SystemRoot\System32\drivers\watchdog.sys*
* \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys*
* \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys*
* \SystemRoot\system32\DRIVERS\googledrivefs2622.sys*
* \SystemRoot\System32\Drivers\Npfs.SYS*
* \SystemRoot\System32\Drivers\Msfs.SYS*
* \SystemRoot\system32\DRIVERS\tdx.sys*
* \SystemRoot\system32\DRIVERS\TDI.SYS*
* \SystemRoot\System32\DRIVERS\netbt.sys*
* \SystemRoot\system32\drivers\afunix.sys*
* \SystemRoot\system32\drivers\afd.sys*
* \SystemRoot\System32\drivers\vwififlt.sys*
* \SystemRoot\System32\drivers\pacer.sys*
* \SystemRoot\system32\drivers\netbios.sys*
* \SystemRoot\system32\DRIVERS\rdbss.sys*
* \SystemRoot\system32\drivers\csc.sys*
* \SystemRoot\system32\drivers\nsiproxy.sys*
* \SystemRoot\System32\drivers\npsvctrig.sys*
* \SystemRoot\System32\drivers\mssmbios.sys*
* \SystemRoot\System32\drivers\gpuenergydrv.sys*
* \SystemRoot\System32\Drivers\dfsc.sys*
* \SystemRoot\system32\drivers\bam.sys*
* \SystemRoot\system32\DRIVERS\ahcache.sys*
* \SystemRoot\System32\drivers\Vid.sys*
* \SystemRoot\System32\drivers\winhvr.sys*
* \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys*
* \SystemRoot\System32\drivers\kdnic.sys*
* \SystemRoot\System32\drivers\umbus.sys*
* \SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys*
* \SystemRoot\System32\drivers\HDAudBus.sys*
* \SystemRoot\System32\drivers\portcls.sys*
* \SystemRoot\System32\drivers\drmk.sys*
* \SystemRoot\System32\drivers\ks.sys*
* \SystemRoot\System32\drivers\USBXHCI.SYS*
* \SystemRoot\system32\drivers\ucx01000.sys*
* \SystemRoot\System32\drivers\TeeDriverW8x64.sys*
* \SystemRoot\System32\drivers\e1i63x64.sys*
* \SystemRoot\System32\drivers\usbehci.sys*
* \SystemRoot\System32\drivers\USBPORT.SYS*
* \SystemRoot\System32\drivers\1394ohci.sys*
* \SystemRoot\System32\drivers\serial.sys*
* \SystemRoot\System32\drivers\serenum.sys*
* \SystemRoot\System32\drivers\intelppm.sys*
* \SystemRoot\System32\drivers\ISCTD64.sys*
* \SystemRoot\System32\drivers\NdisVirtualBus.sys*
* \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys*
* \SystemRoot\System32\drivers\rdpbus.sys*
* \SystemRoot\System32\drivers\usbhub.sys*
* \SystemRoot\System32\drivers\USBD.SYS*
* \SystemRoot\system32\drivers\nvhda64v.sys*
* \SystemRoot\system32\drivers\ksthunk.sys*
* \SystemRoot\System32\drivers\UsbHub3.sys*
* \SystemRoot\system32\DRIVERS\HdAudio.sys*
* \SystemRoot\System32\drivers\hidusb.sys*
* \SystemRoot\System32\drivers\HIDCLASS.SYS*
* \SystemRoot\System32\drivers\HIDPARSE.SYS*
* \SystemRoot\System32\drivers\usbccgp.sys*
* \SystemRoot\System32\drivers\mouhid.sys*
* \SystemRoot\System32\drivers\mouclass.sys*
* \SystemRoot\System32\drivers\kbdhid.sys*
* \SystemRoot\System32\drivers\kbdclass.sys*
* \SystemRoot\System32\win32k.sys*
* \SystemRoot\System32\win32kfull.sys*
* \SystemRoot\System32\win32kbase.sys*
* \SystemRoot\System32\Drivers\dump_diskdump.sys*
* \SystemRoot\System32\Drivers\dump_storahci.sys*
* \SystemRoot\System32\Drivers\dump_dumpfve.sys*
* \SystemRoot\System32\drivers\dxgmms2.sys*
* \SystemRoot\System32\drivers\monitor.sys*
* \SystemRoot\system32\drivers\luafv.sys*
* \SystemRoot\system32\drivers\wcifs.sys*
* \SystemRoot\system32\drivers\cldflt.sys*
* \SystemRoot\system32\drivers\storqosflt.sys*
* \SystemRoot\system32\drivers\mslldp.sys*
* \SystemRoot\System32\drivers\condrv.sys*
* \SystemRoot\system32\drivers\lltdio.sys*
* \SystemRoot\system32\drivers\rspndr.sys*
* \SystemRoot\System32\DRIVERS\wanarp.sys*
* \SystemRoot\system32\drivers\winquic.sys*
* \SystemRoot\system32\drivers\HTTP.sys*
* \SystemRoot\system32\DRIVERS\bowser.sys*
* \SystemRoot\System32\drivers\mpsdrv.sys*
* \SystemRoot\system32\DRIVERS\mrxsmb.sys*
* \SystemRoot\system32\DRIVERS\mrxsmb20.sys*
* \SystemRoot\System32\DRIVERS\srvnet.sys*
* \SystemRoot\system32\drivers\mmcss.sys*
* \SystemRoot\System32\DRIVERS\srv2.sys*
* \SystemRoot\system32\drivers\Ndu.sys*
* \SystemRoot\system32\drivers\peauth.sys*
* \SystemRoot\System32\drivers\tcpipreg.sys*
* \SystemRoot\System32\drivers\rassstp.sys*
* \SystemRoot\System32\DRIVERS\NDProxy.sys*
* \SystemRoot\System32\drivers\AgileVpn.sys*
* \SystemRoot\System32\drivers\rasl2tp.sys*
* \SystemRoot\System32\drivers\raspptp.sys*
* \SystemRoot\System32\drivers\raspppoe.sys*
* \SystemRoot\System32\DRIVERS\ndistapi.sys*
* \SystemRoot\System32\drivers\ndiswan.sys*
* \SystemRoot\system32\drivers\wd\WdNisDrv.sys*
* \SystemRoot\System32\drivers\rdpvideominiport.sys*
* \SystemRoot\System32\Drivers\TCNear.sys*
* \SystemRoot\system32\drivers\TCNearAudio.sys*
* \SystemRoot\System32\cdd.dll*
* \??\C:\Windows\system32\drivers\37453762.sys*
* ----------- End -----------*
* Done!*
* Scan started*
* Database versions:*
* main: v2019.03.31.05*
* rootkit: v2019.03.31.05*
* <<<2>>>*
* Physical Sector Size: 512*
* Drive: 0, DevicePointer: 0xffffd704e4862060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\*
* --------- Disk Stack ------*
* DevicePointer: 0xffffd704e467e8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\*
* DevicePointer: 0xffffd704e4862060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\*
* DevicePointer: 0xffffd704e45a9960, DeviceName: Unknown, DriverName: \Driver\ACPI\*
* DevicePointer: 0xffffd704e45a8060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\*
* ------------ End ----------*
* Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\*
* Upper DeviceData: 0x0, 0x0, 0x0*
* Lower DeviceData: 0x0, 0x0, 0x0*
* <<<3>>>*
* Volume: C:*
* File system type: NTFS*
* SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes*
* <<<2>>>*
* <<<3>>>*
* Volume: C:*
* File system type: NTFS*
* SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes*
* Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...*
* Done!*
* Drive 0*
* This is a System drive*
* Scanning MBR on drive 0...*
* Inspecting partition table:*
* MBR Signature: 55AA*
* Disk Signature: C7A97617*
* Partition information:*
* Partition 0 type is Primary (0x7)*
* Partition is ACTIVE.*
* Partition starts at LBA: 2048 Numsec = 1024000*
* Partition is bootable*
* Partition file system is NTFS*
* Partition 1 type is Primary (0x7)*
* Partition is NOT ACTIVE.*
* Partition starts at LBA: 1026048 Numsec = 975745024*
* Partition is not bootable*
* Partition file system is NTFS*
* Partition 2 type is Empty (0x0)*
* Partition is NOT ACTIVE.*
* Partition starts at LBA: 0 Numsec = 0*
* Partition is not bootable*
* Partition 3 type is Empty (0x0)*
* Partition is NOT ACTIVE.*
* Partition starts at LBA: 0 Numsec = 0*
* Partition is not bootable*
* Disk Size: 500107862016 bytes*
* Sector size: 512 bytes*
* Done!*
* Infected: C:\Windows\servicing\MsMpEngs.exe --> [Trojan.BitCoinMiner]*
* Infected: C:\Windows\servicing\MsMpEngs.exe --> [Trojan.BitCoinMiner]*
* File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D1623B3151F7577786B576DA3FF2BD08D6A22993.bin.79" is compressed (flags = 1)*
* File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D1623B3151F7577786B576DA3FF2BD08D6A22993.bin.7C" is compressed (flags = 1)*
* File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D1623B3151F7577786B576DA3FF2BD08D6A22993.bin.83" is compressed (flags = 1)*
* Infected: C:\Windows\servicing\OneDrive.exe --> [Trojan.Agent]*
* Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|chksum --> [Trojan.Agent]*
* Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]*
* Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]*
* Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]*
* Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]*
* Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]*
* Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]*
* Scan finished*
* Creating System Restore point...*
* Cleaning up...*
* Removal scheduling successful. System shutdown needed.*
* System shutdown occurred*
* =======================================*Tienes infecciones importantes, que bloquean el uso de antivirus
Realiza en orden y me pegas los logs
Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) 
¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.
En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST
Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.
Hola, adjunto los resultados. En el caso de ESET, no pude sacar un report detallado
ESET
03/04/2019 7:44:35
Archivos analizados: 413630
Archivos infectados: 14
Amenazas desinfectadas: 14
Tiempo total de análisis 15:45:32
Estado del análisis: Finalizado
FRST (1)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Eduard Coroleu (administrator) on DESKTOP-HJR21JK (11-04-2019 20:39:28)
Running from C:\Users\Eduard Coroleu\Desktop
Loaded Profiles: Eduard Coroleu (Available Profiles: Eduard Coroleu)
Platform: Windows 10 Pro Version 1809 17763.379 (X64) Language: Inglés (Estados Unidos)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track Hub\AudioDevMon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.55.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19031.57.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\30.1.36.2348\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1902.42.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (U)
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (U)
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (U)
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (U)
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (U)
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (U)
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (U)
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (U)
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (U)
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (U)
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (U)
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (U)
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (U)
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (U)
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (U)
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (U)
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (U)
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (U)
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (U)
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (U)
HKU\S-1-5-21-3712044348-4250658-1274445831-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\30.1.36.2348\GoogleDriveFS.exe [35780392 2019-03-20] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1968988-879e-40e5-8093-58faeb3900d1}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: yex8jqx6.default
FF ProfilePath: C:\Users\Eduard Coroleu\AppData\Roaming\Mozilla\Firefox\Profiles\yex8jqx6.default [2019-04-11]
FF Homepage: Mozilla\Firefox\Profiles\yex8jqx6.default -> hxxp://www.bing.com/?pc=COS2&ptag=D020319-N0600A915F698E57&form=CONMHP&conlogo=CT3335818
FF NewTab: Mozilla\Firefox\Profiles\yex8jqx6.default -> hxxp://www.bing.com/?pc=COS2&ptag=D020319-N0600A915F698E57&form=CONMHP&conlogo=CT3335818
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Eduard Coroleu\AppData\Roaming\Mozilla\Firefox\Profiles\yex8jqx6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-05]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-29] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-29] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://web.whatsapp.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default [2019-04-11]
CHR Extension: (Presentaciones) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-03]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2019-02-03]
CHR Extension: (Documentos) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-03]
CHR Extension: (Google Drive) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-03]
CHR Extension: (YouTube) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-03]
CHR Extension: (Hojas de cálculo) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-03]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-03]
CHR Extension: (Player para ver Movistar+) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2019-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-02-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-03]
CHR Extension: (Gmail) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-03]
CHR Extension: (Chrome Media Router) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-04]
CHR Profile: C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-04-05]
CHR Extension: (Presentaciones) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-05]
CHR Profile: C:\Users\Eduard Coroleu\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-05]
CHR HKU\S-1-5-21-3712044348-4250658-1274445831-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
S2 MBAMService; C:\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MTrackHubAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track Hub\AudioDevMon.exe [595032 2017-02-09] (INMUSIC BRANDS INC -> M-Audio)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 googledrivefs2622; C:\Windows\System32\DRIVERS\googledrivefs2622.sys [122920 2019-01-30] (Google LLC -> Google, Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2016-07-26] (Intel(R) Smart Connect software -> )
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MTRACKHUB; C:\Windows\system32\DRIVERS\MAudioMTrackHub.sys [569968 2017-02-09] (Microsoft Windows Hardware Compatibility Publisher -> M-Audio)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 TCNear; C:\Windows\System32\Drivers\TCNear.sys [238480 2016-11-23] (TC Group A/S -> TC Electronic)
S3 TCNearAudio; C:\Windows\system32\drivers\TCNearAudio.sys [48912 2016-11-23] (TC Group A/S -> TC Electronic)
S3 TCNearMidi; C:\Windows\system32\drivers\TCNearMidi.sys [32912 2016-11-23] (TC Group A/S -> TC Electronic)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [343520 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FRST (2)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-11 20:39 - 2019-04-11 20:40 - 000016384 _____ C:\Users\Eduard Coroleu\Desktop\FRST.txt
2019-04-11 20:39 - 2019-04-11 20:39 - 000000000 ____D C:\FRST
2019-04-11 20:38 - 2019-04-11 20:38 - 002434048 _____ (Farbar) C:\Users\Eduard Coroleu\Desktop\FRST64.exe
2019-04-09 18:23 - 2019-04-09 18:23 - 000115698 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-05 at 17.31.42.jpeg
2019-04-09 17:13 - 2019-04-09 17:13 - 000011903 _____ C:\Users\Eduard Coroleu\Downloads\entrenaments personals.xlsx
2019-04-09 16:24 - 2019-04-09 16:24 - 000128053 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-09 at 11.39.34.jpeg
2019-04-09 16:20 - 2019-04-09 16:20 - 000048642 _____ C:\Users\Eduard Coroleu\Downloads\Sin título (1).pdf
2019-04-09 08:55 - 2019-04-09 08:55 - 000155455 _____ C:\Users\Eduard Coroleu\Downloads\Publicat CONVENIO 2018 - 2020 (2) (1) (1).pdf
2019-04-09 08:50 - 2019-04-09 08:50 - 000048642 _____ C:\Users\Eduard Coroleu\Downloads\Sin título.pdf
2019-04-08 21:06 - 2019-04-08 21:06 - 000228225 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.01 (4).jpeg
2019-04-08 21:06 - 2019-04-08 21:06 - 000226771 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.26.58 (1).jpeg
2019-04-08 21:06 - 2019-04-08 21:06 - 000166941 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.01 (3).jpeg
2019-04-08 21:06 - 2019-04-08 21:06 - 000154377 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.01 (2).jpeg
2019-04-08 21:06 - 2019-04-08 21:06 - 000044639 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.02 (1).jpeg
2019-04-08 20:55 - 2019-04-08 20:55 - 000166941 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.01 (1).jpeg
2019-04-08 20:55 - 2019-04-08 20:55 - 000044639 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.02.jpeg
2019-04-08 20:54 - 2019-04-08 20:54 - 000228225 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.27.01.jpeg
2019-04-08 20:54 - 2019-04-08 20:54 - 000226771 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-04-04 at 15.26.58.jpeg
2019-04-08 19:59 - 2019-04-08 19:59 - 033046104 _____ (M-Audio) C:\Users\Eduard Coroleu\Downloads\Install_M-Audio_M-Track_Hub_1.0.3.exe
2019-04-08 19:59 - 2019-04-08 19:59 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-08 19:59 - 2019-04-08 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2019-04-08 19:59 - 2019-04-08 19:59 - 000000000 ____D C:\ProgramData\inMusic
2019-04-08 19:59 - 2019-04-08 19:59 - 000000000 ____D C:\Program Files\M-Audio
2019-04-08 19:59 - 2019-04-08 19:59 - 000000000 ____D C:\Program Files (x86)\M-Audio
2019-04-08 08:28 - 2019-04-08 08:28 - 030223486 _____ C:\Users\Eduard Coroleu\Downloads\Promo padel primavera 2019 (1).mp4
2019-04-08 08:19 - 2019-04-08 08:19 - 000166504 _____ C:\Users\Eduard Coroleu\Downloads\ALTA INTEGRADA SETEMBRE 2018 A AGOST DE 2019 NOELIA GARCIA.xlsx
2019-04-08 08:02 - 2019-04-08 08:02 - 000016686 _____ C:\Users\Eduard Coroleu\Downloads\Abonats.ods
2019-04-07 12:49 - 2019-04-07 12:49 - 000000000 ____D C:\Users\Eduard Coroleu\Documents\League of Legends
2019-04-07 12:46 - 2019-04-07 12:46 - 000000000 ____D C:\ProgramData\Riot Games
2019-04-07 12:45 - 2019-04-07 12:45 - 000000741 _____ C:\Users\Public\Desktop\League of Legends.lnk
2019-04-07 12:45 - 2019-04-07 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2019-04-07 12:44 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2019-04-07 12:44 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2019-04-07 12:44 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2019-04-07 12:44 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2019-04-07 12:44 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2019-04-07 12:43 - 2019-04-07 12:43 - 000000000 ____D C:\Riot Games
2019-04-07 12:42 - 2019-04-07 12:42 - 099134728 _____ (Riot Games, Inc) C:\Users\Eduard Coroleu\Downloads\League of Legends installer EUW.exe
2019-04-07 12:40 - 2019-04-07 12:40 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-07 12:40 - 2019-04-07 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-04-05 16:25 - 2019-04-05 16:25 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Roaming\Google
2019-04-05 16:14 - 2019-04-05 16:14 - 000257083 _____ C:\Users\Eduard Coroleu\Downloads\Horari AADD setmana santa 2019 CEM EL PAPIOL.pdf
2019-04-04 07:33 - 2019-04-04 07:33 - 030223486 _____ C:\Users\Eduard Coroleu\Downloads\Promo padel primavera 2019.mp4
2019-04-01 14:40 - 2019-04-01 14:40 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Local\ESET
2019-04-01 14:39 - 2019-04-01 14:39 - 007666296 _____ (ESET spol. s r.o.) C:\Users\Eduard Coroleu\Downloads\ESETOnlineScanner_ESL.exe
2019-04-01 14:39 - 2019-04-01 14:39 - 007665272 _____ (ESET spol. s r.o.) C:\Users\Eduard Coroleu\Downloads\esetonlinescanner_esn.exe
2019-03-31 19:39 - 2019-03-31 19:39 - 000002110 _____ C:\Users\Eduard Coroleu\Desktop\Rkill 2.txt
2019-03-31 19:37 - 2019-03-31 19:37 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Local\mbamtray
2019-03-31 19:37 - 2019-03-31 19:37 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Local\mbam
2019-03-31 19:36 - 2019-04-11 20:38 - 000000000 ____D C:\Anti-Malware
2019-03-31 19:36 - 2019-03-31 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-31 19:36 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-03-31 19:36 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-31 18:47 - 2019-03-31 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-31 18:47 - 2019-03-31 18:47 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\37453762.sys
2019-03-31 18:46 - 2019-03-31 19:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-03-31 18:46 - 2019-03-31 19:25 - 000000000 ____D C:\Users\Eduard Coroleu\Desktop\mbar
2019-03-31 18:45 - 2019-03-31 18:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Eduard Coroleu\Downloads\mbar-1.10.3.1001.exe
2019-03-29 22:42 - 2019-03-31 19:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-24 21:30 - 2019-03-31 19:39 - 000002110 _____ C:\Users\Eduard Coroleu\Desktop\Rkill.txt
2019-03-24 21:29 - 2019-03-24 21:29 - 062402408 _____ (Malwarebytes ) C:\Users\Eduard Coroleu\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9800.exe
2019-03-24 21:28 - 2019-03-24 21:28 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Eduard Coroleu\Downloads\rkill.exe
2019-03-18 22:19 - 2019-03-18 22:19 - 000000000 ____D C:\Users\Eduard Coroleu\Downloads\Christchurch Shooting
2019-03-14 07:59 - 2019-03-14 07:59 - 000230679 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-12 at 19.56.47.jpeg
2019-03-14 07:59 - 2019-03-14 07:59 - 000095980 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-12 at 19.56.49.jpeg
2019-03-14 07:48 - 2019-03-14 07:48 - 000125938 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-13 at 14.49.05 (2).jpeg
2019-03-14 07:47 - 2019-03-14 07:47 - 000141381 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-13 at 14.49.05 (1).jpeg
2019-03-14 07:47 - 2019-03-14 07:47 - 000137284 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-13 at 14.49.04.jpeg
2019-03-14 07:47 - 2019-03-14 07:47 - 000051266 _____ C:\Users\Eduard Coroleu\Downloads\WhatsApp Image 2019-03-13 at 14.49.05.jpeg
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Windows\SysWOW64\DESKTOP-HJR21JK$
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\ESET
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Common Files\adaware
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\BullGuard Ltd
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\AVAST Software
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\G DATA
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Baidu Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Avira
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\AVG
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\360
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\eset.temp
2019-03-14 07:04 - 2019-03-14 07:04 - 026810368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 024616960 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 023440896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 019284480 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 019023872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 015224320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 012857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 012151296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 008875008 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 007897088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 007882240 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 007251456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 006548168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 006069760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 005915936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 005436184 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 004920832 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 004689408 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003761664 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003744256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003729808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 003656192 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003652656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003566080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003551408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003504128 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003427840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 003108864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002942464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002926904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 002871312 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 002776712 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002752360 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002700792 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002689536 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002626360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002447360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002323688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002278240 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002275680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002127360 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002073240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 002001408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001994760 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001969464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 001969152 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001860608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001782272 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001711616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001701376 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001697744 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-03-14 07:04 - 2019-03-14 07:04 - 001644048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001590072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001572176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001481488 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001468440 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 001457544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001360696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 001341880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-03-14 07:04 - 2019-03-14 07:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001307648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001294856 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001289192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001272552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdrecordcpu.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001258808 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-03-14 07:04 - 2019-03-14 07:04 - 001224704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001221944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001180248 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001179168 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 001131520 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001098128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001077912 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001072720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001047040 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 001001472 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2019-03-14 07:04 - 2019-03-14 07:04 - 000981816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000918032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000908800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2019-03-14 07:04 - 2019-03-14 07:04 - 000866152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000808464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000782968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000772608 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000772408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000764216 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000735760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000726416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000655160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000652824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000649272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000621568 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000619832 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000599040 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000591832 _____ C:\Windows\SysWOW64\InputHost.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000560128 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000553784 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000549376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000548864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000525312 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000519992 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000495104 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\ResourceMapper.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-03-14 07:04 - 2019-03-14 07:04 - 000460304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000453944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000449024 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000421688 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-03-14 07:04 - 2019-03-14 07:04 - 000411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000383288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000322576 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MbbCx.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000279376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000272648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ttdwriter.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000263360 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000262456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000181248 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000147256 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000134144 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-03-14 07:04 - 2019-03-14 07:04 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2019-03-14 07:04 - 2019-03-14 07:04 - 000071184 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2019-03-14 07:04 - 2019-03-14 07:04 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\SecureBioSysprep.dll
2019-03-14 07:03 - 2019-03-14 07:04 - 005566464 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 017520640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 009683256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 009670656 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 007688088 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 007647256 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 007556392 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 005296640 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 004588744 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 004245280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 003983360 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 003660288 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 003399168 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 003382272 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 003378488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 002842112 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002766648 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002720768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 002637312 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 002630656 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002488320 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 002437344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002199864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002187776 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002141184 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002044416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002021584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 002013696 _____ C:\Windows\system32\rdpnano.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001931264 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001884672 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001844448 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001830200 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001751352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001742104 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001715712 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001672704 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001656832 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001641400 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001612600 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001604096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001563336 _____ (Microsoft Corporation) C:\Windows\system32\ttdrecordcpu.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001522488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001496064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001479480 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001403920 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001296576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001267712 _____ (Microsoft Corporation) C:\Windows\system32\APMon.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001259320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 001221120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 001208320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001199104 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001191512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001177088 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001121280 _____ (Microsoft Corporation) C:\Windows\system32\ApplySettingsTemplateCatalog.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 001087800 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001078072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001056272 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001054200 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 001052160 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001043256 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 001022616 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000955392 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000926208 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000895048 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000888320 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000888120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000883712 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000871792 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000865568 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000860160 _____ C:\Windows\system32\MBR2GPT.EXE
2019-03-14 07:03 - 2019-03-14 07:03 - 000850760 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000836096 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000833064 _____ C:\Windows\system32\InputHost.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000831288 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000817464 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000790328 _____ (Microsoft Corporation) C:\Windows\system32\upshared.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000773120 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000760832 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000757664 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000745984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000743224 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000714240 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000691712 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000661816 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000649528 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000646656 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000646632 _____ (Microsoft Corporation) C:\Windows\system32\msvcp_win.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000622080 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000605496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000604336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\dsound.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000566272 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-03-14 07:03 - 2019-03-14 07:03 - 000511800 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000508216 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000505656 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000484976 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000479232 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000463672 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000449368 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000444728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000435712 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000419128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000407552 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000395064 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000383288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000367616 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000355360 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\BioCredProv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000336744 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000330464 _____ (Microsoft Corporation) C:\Windows\system32\ttdwriter.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000300344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BioCredProv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000246584 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\ptpprov.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\SecureTimeAggregator.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000202552 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000196608 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000195896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\winbio.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\ngctasks.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000174392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppvVemgr.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000169784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000138960 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbio.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\DolbyMATEnc.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000115152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000104248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000095544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000035640 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-03-14 07:03 - 2019-03-14 07:03 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
2019-03-14 07:03 - 2019-03-14 07:03 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-03-14 07:03 - 2019-03-14 07:03 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-11 20:31 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-11 20:20 - 2019-02-02 23:15 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\LocalLow\Mozilla
2019-04-11 20:12 - 2018-11-14 19:06 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-04-11 09:26 - 2019-02-02 22:55 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-10 21:13 - 2019-02-02 23:18 - 000750162 _____ C:\Windows\system32\perfh00A.dat
2019-04-10 21:13 - 2019-02-02 23:18 - 000147334 _____ C:\Windows\system32\perfc00A.dat
2019-04-10 21:13 - 2018-11-14 19:16 - 001684176 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-10 21:13 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-04-10 19:59 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-10 19:59 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-04-10 19:57 - 2019-02-03 08:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 07:49 - 2018-11-14 19:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-04-09 07:39 - 2019-02-03 08:22 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-08 08:03 - 2019-02-02 12:30 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Local\Packages
2019-04-07 12:37 - 2019-02-03 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-05 17:14 - 2019-02-03 14:49 - 000000000 ____D C:\Users\Eduard Coroleu\Documents\Personal
2019-04-03 01:26 - 2019-02-03 08:39 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-04-01 16:32 - 2018-09-15 08:09 - 000000000 ____D C:\Windows\servicing
2019-04-01 16:20 - 2019-02-03 08:25 - 000000000 ____D C:\Users\Eduard Coroleu\Downloads\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]
2019-03-31 19:36 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-03-31 19:26 - 2019-02-02 23:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-31 19:26 - 2018-11-14 19:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-31 19:26 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-03-31 15:34 - 2019-02-02 22:51 - 000003392 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3712044348-4250658-1274445831-1002
2019-03-31 15:34 - 2019-02-02 22:51 - 000000000 ___RD C:\Users\Eduard Coroleu\OneDrive
2019-03-31 15:34 - 2019-02-02 12:29 - 000002420 _____ C:\Users\Eduard Coroleu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-31 13:54 - 2019-02-03 13:28 - 000000000 ____D C:\Users\Eduard Coroleu\Desktop\Heroes of Might and Magic 3 Complete
2019-03-31 12:56 - 2019-02-02 23:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-29 09:42 - 2019-02-03 08:22 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-29 09:42 - 2019-02-03 08:22 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-19 19:38 - 2019-02-03 08:22 - 000000000 ____D C:\Users\Eduard Coroleu\AppData\Roaming\uTorrent
2019-03-14 07:40 - 2019-02-02 12:30 - 000000000 ___RD C:\Users\Eduard Coroleu\3D Objects
2019-03-14 07:40 - 2018-11-14 19:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-14 07:40 - 2018-11-14 19:06 - 000440512 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-14 07:22 - 2018-09-15 11:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\TextInput
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\oobe
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-03-14 07:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-03-14 07:05 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-03-14 07:03 - 2018-11-14 19:14 - 002865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-03-14 07:00 - 2019-02-02 23:30 - 000000000 ____D C:\Windows\system32\MRT
2019-03-14 06:58 - 2019-02-02 23:30 - 127411920 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Eduard Coroleu (11-04-2019 20:41:28)
Running from C:\Users\Eduard Coroleu\Desktop
Windows 10 Pro Version 1809 17763.379 (X64) (2019-02-02 10:24:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3712044348-4250658-1274445831-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3712044348-4250658-1274445831-503 - Limited - Disabled)
Eduard Coroleu (S-1-5-21-3712044348-4250658-1274445831-1002 - Administrator - Enabled) => C:\Users\Eduard Coroleu
Guest (S-1-5-21-3712044348-4250658-1274445831-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3712044348-4250658-1274445831-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3712044348-4250658-1274445831-1002\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 30.1.36.2348 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
M-Audio M-Track Hub 1.0.3 (HKLM\...\{1E2AD4A2-FF6A-4A32-BF5F-37E8000656B1}) (Version: 1.0.3 - M-Audio)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3712044348-4250658-1274445831-1002\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 66.0.2 (x64 es-ES)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0 - Mozilla)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{53cb36d8-c56c-49c9-bccd-50f3a8063e00}) (Version: 4.6.1974.3869 - Lavasoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3712044348-4250658-1274445831-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\30.1.36.2348\drivefsext.dll [2019-03-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A874047-EE25-43A5-BEB6-FDF4D714F0CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1B97A42D-3AC4-4E59-A5B8-736DA5D14861} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2741ABC3-1DED-4E20-8FCE-5E8E147E76D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {32937D59-F6BF-44E2-80FA-C3964FA724FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {37E7826D-5AC9-4A01-8333-77280D14B7D4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {628E2717-1CD9-494E-9863-CAE759AF5BFD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6A5BCCA0-5875-4D98-9D84-D030CAF01405} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {81E4A013-204F-4262-8F14-83AFA87EB7C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {95A0F76A-16AE-4FEE-B326-66A4595F090B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {986BF8DD-60F7-4488-A24B-5B0216D15651} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9F8F6171-A685-4041-A2A9-6706AFDFA419} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A97D9F12-2344-428D-A394-04CC49D0FCFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D80E7101-6577-4526-A637-9C3CF0F3DF6A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E4D83956-4696-4430-ADE4-0571F7B74DED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F544422F-B1A6-4950-B561-A4E3F9629712} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2019-02-02 22:56 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-02-02 22:55 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3712044348-4250658-1274445831-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3712044348-4250658-1274445831-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 09:31 - 2018-09-15 09:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3712044348-4250658-1274445831-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A537325B-8A68-4DBB-B5CC-445CC84EF5D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{98B05328-7187-4F9E-AE3E-4EDDDAE5F413}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2565BB4D-CDE2-4021-B42B-EB428EC933CE}] => (Allow) C:\Users\Eduard Coroleu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{757F74CF-C56C-4FA2-9BEB-61A09EA5CE28}] => (Allow) C:\Users\Eduard Coroleu\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{94211B40-0765-4403-A88E-621F089D857E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{377FCF77-EF04-497D-B48D-967F6C4F7D33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF6CA02A-CE9C-40FC-8D88-65D4F3B62488}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B80EA976-9FAF-450C-91B8-836B8DA2E867}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05509F07-ED18-4618-B890-1F06CC335493}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2CF4BC75-C264-4FD4-A2AB-C8172019F29C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{F26C0AB4-7ABA-4EEA-B4B1-8885E6132AF0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{283D998E-FD83-4128-B624-31CF284CB084}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
14-03-2019 06:58:39 Windows Update
03-04-2019 00:36:45 Scheduled Checkpoint
08-04-2019 19:58:34 Removed TC Electronic TC Near
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/09/2019 07:39:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: DeviceControlServer.exe, versión: 1.0.1.14055, marca de tiempo: 0x589c796b
Nombre del módulo con errores: MSVCR110.dll, versión: 11.0.51106.1, marca de tiempo: 0x5098858e
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000a326c
Identificador del proceso con errores: 0x2210
Hora de inicio de la aplicación con errores: 0x01d4ee34ef68e143
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\M-Audio\M-Track Hub\DeviceControlServer.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\MSVCR110.dll
Identificador del informe: 63329510-f954-40b6-9ba3-db7c53ae5573
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (04/08/2019 07:56:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/07/2019 12:44:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (03/31/2019 07:25:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (03/31/2019 03:46:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (03/22/2019 10:02:14 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (03/14/2019 07:47:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: netcfg.exe, versión: 0.0.0.0, marca de tiempo: 0x5ba4a260
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17763.348, marca de tiempo: 0x53015794
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x0011c632
Identificador del proceso con errores: 0x8ac
Hora de inicio de la aplicación con errores: 0x01d4da29698b8067
Ruta de acceso de la aplicación con errores: C:\Windows\servicing\netcfg.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\KERNELBASE.dll
Identificador del informe: 3c3be633-71f4-476f-aeb0-3916f72341c0
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (03/14/2019 07:47:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: netcfg.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.__Error.WinIOError()
at System.Console+ControlCHooker.Unhook()
at System.Console+ControlCHooker.Finalize()
System errors:
=============
Error: (04/11/2019 01:29:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/11/2019 08:38:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/10/2019 08:59:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/10/2019 08:58:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/10/2019 07:54:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/09/2019 03:09:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/09/2019 02:59:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HJR21JK)
Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
y APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
al usuario DESKTOP-HJR21JK\Eduard Coroleu con SID (S-1-5-21-3712044348-4250658-1274445831-1002) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (04/09/2019 02:58:27 PM) (Source: googledrivefs2622) (EventID: 2) (User: )
Description: Warning: mount point creation is being forced.
Windows Defender:
===================================
Date: 2019-04-02 20:21:25.424
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {CE45288E-3C05-454E-AF58-F91FB543D597}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-04-01 19:37:41.633
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:ALisp/Kenilfe.K&threatid=2147657574&enterprise=0
Nombre: Worm:ALisp/Kenilfe.K
Id.: 2147657574
Gravedad: Severe
Categoría: Worm
Ruta de acceso: containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d37\d69\61677; file:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d37\d69\61677->[Fas]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-HJR21JK\Eduard Coroleu
Nombre de proceso: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Versión de firma: AV: 1.291.836.0, AS: 1.291.836.0, NIS: 1.291.836.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1
Date: 2019-04-01 19:37:41.077
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:ALisp/Kenilfe.K&threatid=2147657574&enterprise=0
Nombre: Worm:ALisp/Kenilfe.K
Id.: 2147657574
Gravedad: Severe
Categoría: Worm
Ruta de acceso: file:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d37\d69\61677->[Fas]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-HJR21JK\Eduard Coroleu
Nombre de proceso: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Versión de firma: AV: 1.291.836.0, AS: 1.291.836.0, NIS: 1.291.836.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1
Date: 2019-04-01 19:37:33.688
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:ALisp/Kenilfe.K&threatid=2147657574&enterprise=0
Nombre: Worm:ALisp/Kenilfe.K
Id.: 2147657574
Gravedad: Severe
Categoría: Worm
Ruta de acceso: file:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d37\d69\61677->[Fas]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-HJR21JK\Eduard Coroleu
Nombre de proceso: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Versión de firma: AV: 1.291.836.0, AS: 1.291.836.0, NIS: 1.291.836.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1
Date: 2019-04-01 19:36:18.764
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:ALisp/Kenilfe.K&threatid=2147657574&enterprise=0
Nombre: Worm:ALisp/Kenilfe.K
Id.: 2147657574
Gravedad: Severe
Categoría: Worm
Ruta de acceso: containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d10\d126\61583; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d19\d135\61592; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d1\d117\61574; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d23\d139\61596; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d27\d143\61600; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d31\d147\61604; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d38\d3\61611; containerfile:_C:\Users\Eduard Coroleu\AppData\Local\Google\DriveFS\ZWNvcm9sZXVAbGxvcGdlc3Rpby5jYXQ\content_cache\d4
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-HJR21JK\Eduard Coroleu
Nombre de proceso: C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
Versión de firma: AV: 1.291.836.0, AS: 1.291.836.0, NIS: 1.291.836.0
Versión de motor: AM: 1.1.15800.1, NIS: 1.1.15800.1
Date: 2019-03-14 06:50:12.939
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.289.1122.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80070422
Descripción del error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Date: 2019-02-02 22:33:49.494
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.285.669.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15600.4
Código de error: 0x80240016
Descripción del error: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-04-11 08:37:21.109
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-11 08:37:20.684
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-11 08:37:03.844
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-11 08:36:59.213
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-11 08:36:58.582
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-10 19:57:06.268
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-10 19:57:05.111
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-04-10 19:56:17.648
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8111.43 MB
Available physical RAM: 3979.08 MB
Total Virtual: 10287.43 MB
Available Virtual: 3869.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.27 GB) (Free:191.93 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:30 GB) (Free:6.94 GB) FAT32
\\?\Volume{c7a97617-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C7A97617)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================El PC va un poco más rápido. No obstante, me extraña mucho que con el ordenador que tenga, se me relentice al navegar o incluso en un juego que no pide mucha demanda como es el League of Legends, no tenga ni 60 fps estables…
Como dije, tienes infecciones y por ello el pc va mal.
Al final del manual del Eset se indica donde esta guardad una copia del log completo. Pegamelo en tu próxima respuesta y a continuación.
Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :
Para hacerlo descarga Delfix en tu escritorio.
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
En el equipo con los demas programas cerrados:
Inicio >>> Ejecutar >>>Escribes notepad.exe.
Ahora copia y pega estos archivos dentro del Notepad:
Start
CreateRestorePoint:
CloseProcesses:
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (U)
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (U)
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (U)
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (U)
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (U)
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (U)
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (U)
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (U)
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (U)
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (U)
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (U)
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (U)
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (U)
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (U)
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (U)
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (U)
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (U)
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (U)
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (U)
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (U)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\ESET
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Common Files\adaware
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\BullGuard Ltd
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\AVAST Software
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\G DATA
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Baidu Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Avira
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\AVG
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\360
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\eset.temp
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<
Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)
Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta, comentado como va el problema, y para ello abre Malwarebytes o reinstalalo si no se abre y me dices si ahora funciona
Hola,
Buscando en la carpeta de “Temp” no hay ningun log.txt (…)
Te adjunto el log dle FRST:
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Eduard Coroleu (13-04-2019 19:34:54) Run:1
Running from C:\Users\Eduard Coroleu\Desktop
Loaded Profiles: Eduard Coroleu (Available Profiles: Eduard Coroleu)
Boot Mode: Safe Mode (minimal)
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (U)
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (U)
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (U)
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (U)
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (U)
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (U)
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (U)
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (U)
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (U)
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (U)
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (U)
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (U)
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (U)
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (U)
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (U)
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (U)
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (U)
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (U)
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (U)
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (U)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\ESET
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Common Files\adaware
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\BullGuard Ltd
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files\AVAST Software
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\G DATA
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Baidu Security
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\Avira
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\AVG
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\Program Files (x86)\360
2019-03-14 07:47 - 2019-03-14 07:47 - 000000000 ____D C:\eset.temp
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18AA37360A0698E6A1F54A9E8268FB127B70E189 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1B581436B0ED7536755B8B1C81112509A5AAF6ED => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1F25DF887B158E34E2FCB13171924610C8F6BA2F => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2CC344E13934A69AA993E80C8E20FF0ACCB33F1E => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2F56FF8F95EE69A27C05DBB35924F847C86A66B4 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31F5EE85DA34AD374D43776B54F6686E7E922737 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42A8984E8B9C51F6B7274866F8726CA1E9057FAA => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5CA5F811E011742B05D014D03F85848D81F41A63 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\622271AF668F99BD94AC12E5EBF86E48FD50AECB => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76FBABF1EADED3B91DD7A76A6678301F1F87AA97 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9900CFAABC45B4247F9D78EE7E12B102D25EA325 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A32249E9A6B9CF5C36B0749C81613524D37C594 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BEBFAE20957D4DE689A8B962AEE358EFE39F195F => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BF9254919794C1075EA027889C5D304F1121C653 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E64232B7757A335C032414C6888633CC498E7CD6 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\Trend Micro Installer => moved successfully
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
C:\ProgramData\Kaspersky Lab => moved successfully
C:\Program Files\ESET => moved successfully
C:\Program Files\Common Files\adaware => moved successfully
C:\Program Files\BullGuard Ltd => moved successfully
C:\Program Files\Bitdefender Agent => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\Program Files (x86)\G DATA => moved successfully
C:\Program Files (x86)\CheckPoint => moved successfully
C:\Program Files (x86)\Baidu Security => moved successfully
C:\Program Files (x86)\Avira => moved successfully
C:\Program Files (x86)\AVG => moved successfully
C:\Program Files (x86)\360 => moved successfully
C:\eset.temp => moved successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3712044348-4250658-1274445831-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3712044348-4250658-1274445831-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores
========= End of CMD: =========
========= netsh advfirewall reset =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est ejecutando e intenta la solicitud de nuevo.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est ejecutando e intenta la solicitud de nuevo.
========= End of CMD: =========
========= netsh int ipv4 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41232887 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6321659 B
Edge => 3906131 B
Chrome => 466368699 B
Firefox => 1099305435 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 70516 B
NetworkService => 0 B
Eduard Coroleu => 11598788 B
RecycleBin => 3146388 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:36:02 ====Vale, ahora dime si funciona Malwarebytes y como va el pc en general