Necesito chequear mi portátil tras instalación de programa con "medicina"

jeshule · 7 Mayo, 2020 14:30

Hola, muchas gracias de antemano por vuestra ayuda.

Necesito chequear mi portátil. Tengo instalado Windscribe VPN, Adguard, Ccleaner y el antivirus Trend Micro. Hace unos días cometí el gran error de instalarme un programa (suit de pdf) en mi portátil desde una página de descargas, junto con su correspondiente “medicina” (Había probado antes con otras, que desinstalé). Trendmicro detectó que venía infectada la medicina por lo que eliminó la infección. Pero durante la instalación el ordenador cerró y reinició sesión por lo que tengo dudas de si está limpio o no. Tras chequearlo de nuevo con Trend Micro, no dio aviso, pero la suit para pdf está ahora instalada en mi ordenador con su correspondiente medicina y funcionando. No lo desinstalé por hacerlo con mejor seguridad. He instalado Malwarebytes, versión prueba, y chequeé el ordenador, encontrando incidencias que dejó en cuarentena. Ayer, el día 6 de mayo, Malwarebytes me avisó de una “Suplantación de identidad (phishing)” en el navagador Ópera. Y hoy he tenido una pantalla azul por un problema en el pc que requiere reiniciarse con el mensaje “lo que fue erróneo fue: tcpip.sys”.

Tengo dudas sobre la seguridad del portátil y querría vuestra ayuda para chequearlo y ver si está limpio o no.

Gracias y un saludo.

JavierHF · 7 Mayo, 2020 14:58

Hola @jeshule y Bienvenido al Foro…!!

Por favor, pon el informe con los resultados de la ejecución de Malwarebytes para poder valorarlo.

Saludos.

jeshule · 7 Mayo, 2020 15:30

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 30/4/20
Hora del análisis: 14:57
Archivo de registro: 1e10a8ca-8ae2-11ea-b1ef-ecf4bb1bf7ca.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.889
Versión del paquete de actualización: 1.0.23206
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-GU6E8EC\shule

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 305814
Amenazas detectadas: 31
Amenazas en cuarentena: 31
Tiempo transcurrido: 44 min, 54 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 6
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\WebDiscoverBrowser, En cuarentena, 1716, 253912, 1.0.23206, , ame, 
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, , , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, 194, 236865, 1.0.23206, , ame, 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, En cuarentena, 1716, 253915, 1.0.23206, , ame, 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, En cuarentena, 1716, 253915, 1.0.23206, , ame, 

Valor del registro: 2
PUP.Optional.Conduit, HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, 194, 236865, 1.0.23206, , ame, 
PUP.Optional.Conduit, HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En cuarentena, 194, 236865, 1.0.23206, , ame, 

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 9
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\USERS\SHULE\APPDATA\LOCAL\WEBDISCOVERBROWSER, En cuarentena, 1716, 181497, 1.0.23206, , ame, 
PUP.Optional.MyStart, C:\USERS\SHULE\APPDATA\ROAMING\SEARCH THE WEB, En cuarentena, 227, 594135, 1.0.23206, , ame, 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\Locales, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\PROGRAM FILES\WEBDISCOVERBROWSER, En cuarentena, 815, 348279, 1.0.23206, , ame, 

Archivo: 14
PUP.Optional.MyStart, C:\USERS\SHULE\APPDATA\ROAMING\SEARCH THE WEB\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico, En cuarentena, 227, 594135, 1.0.23206, , ame, 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\000003.log, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\LOCK, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\LOG, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, En cuarentena, 1716, 181497, , , , 
PUP.Optional.WebDiscoverBrowser, C:\Users\shule\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, En cuarentena, 1716, 181497, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\Locales\es.pak, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome.dll, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_100_percent.pak, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_200_percent.pak, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_elf.dll, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\icudtl.dat, En cuarentena, 815, 348279, , , , 
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\resources.pak, En cuarentena, 815, 348279, , , , 

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Y sobre el phising en ópera, este:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del evento de protección: 6/5/20
Hora del evento de protección: 10:59
Archivo de registro: f21d46ac-8f77-11ea-b96f-ecf4bb1bf7ca.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.889
Versión del paquete de actualización: 1.0.23450
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, C:\Program Files\Opera\68.0.3618.63\opera.exe, Bloqueado, -1, -1, 0.0.0

-Datos de sitio web-
Categoría: Suplantación de identidad (phishing)
Dominio: v181.proxmox-ams.opera.technology
Dirección IP: 185.26.182.74
Puerto: 443
Tipo: Saliente
Archivo: C:\Program Files\Opera\68.0.3618.63\opera.exe



(end)

JavierHF · 7 Mayo, 2020 15:40

Hola.

Bien… pues vas a realizar una verificación TOTAL de tu maquina.

Para hacerlo sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. Como saber si Mi Windows es de 32 o 64 Bits ?.

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Personalizado.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del programa Historial de detecciones encontrarás el informe de MBAM, que debes copiar y pegar en tu próxima respuesta, para poder analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer/Responsabilidad, pulsamos Sí/Yes
En la ventana principal pulsamos en el botón Analizar/Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(más de 64.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos.

jeshule · 8 Mayo, 2020 08:37

Hola. Estoy haciendo el Análisis Personalizado con MBAM seleccionando todas las opciones pero tengo dudas de si tenía que seleccionar c: y además, en mi caso e:, porque tengo una partición del disco duro. El escaneo tardará muchísimo. ¿Es correcto? Un saludo.

JavierHF · 8 Mayo, 2020 14:54

Hola.

Correcto.

Lo mejor es hacer una análisis de todo lo que puedas tener en el disco/particiones y lógicamente el análisis tardara más o menos en función de la cantidad de información que pueda existir en él.

Cuando hayas terminado TODOS los informes nos los pones para valorarlos.

Saludos.

jeshule · 9 Mayo, 2020 10:34

Ahí van los análisis, gracias:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 7/5/20
Hora del análisis: 18:37
Archivo de registro: 1466f62c-9081-11ea-9932-ecf4bb1bf7ca.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.896
Versión del paquete de actualización: 1.0.23576
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-GU6E8EC\shule

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Cancelado
Objetos analizados: 531022
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 17 hr, 59 min, 55 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
PUP.Optional.BundleInstaller, C:\USERS\SHULE\DOWNLOADS\ESCRITORIO VER\UTORRENT.EXE, Se eliminará al reiniciar, 504, 790622, 1.0.23576, , ame, 

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

jeshule · 9 Mayo, 2020 10:36

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-09-2020
# Duration: 00:00:14
# OS:       Windows 10 Pro
# Cleaned:  17
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\shule\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.SamsungSmartSwitch   File   C:\Users\Public\Desktop\Smart Switch.lnk
Deleted       Preinstalled.SamsungSmartSwitch   File   C:\Users\shule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\Users\shule\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Deleted       Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Deleted       Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3085 octets] - [09/05/2020 09:01:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

jeshule · 9 Mayo, 2020 10:38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by shule (Administrator) on 09/05/2020 at 10:06:30,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder) 



Registry: 2 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97EE74D2-C351-4ECE-B75A-8CD36FAE3661} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/05/2020 at 10:10:09,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jeshule · 9 Mayo, 2020 10:42

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 03-05-2020
Ejecutado por shule (administrador) sobre DESKTOP-GU6E8EC (Dell Inc. Latitude E5540) (09-05-2020 10:14:13)
Ejecutado desde C:\Users\shule\OneDrive\Escritorio\SPYWARE FORO
Perfiles cargados: shule (Perfiles disponibles: shule)
Platform: Windows 10 Pro Versión 1909 18363.778 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: IE
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Nitro Software, Inc. -> ) C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
(Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe <3>
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.1.2009\8.1.2009\TmsaInstance64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8474880 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Box] => C:\Program Files\Box\Box\Box.exe [6401856 2020-04-27] (Box, Inc. -> Box, Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1246368 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246112 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\EpmNews.exe [2090176 2016-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.5\bin\CleanUpUI.exe [1246400 2016-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU Yiwo Tech Development Co., Ltd.) [Archivo no firmado]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3331264 2020-01-20] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6856192 2020-04-28] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Opera Browser Assistant] => c:\program files\opera\assistant\browser_assistant.exe [3004440 2020-04-29] (Opera Software AS -> Opera Software)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1579368 2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [Amazon Photos] => C:\Users\shule\AppData\Local\Amazon Drive\AmazonPhotos.exe [9232552 2019-11-12] (Amazon Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4337000 2019-12-25] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1126568 2020-04-03] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\RunOnce: [Application Restart #3] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Degoo .lnk [2018-04-22]
ShortcutTarget: Degoo .lnk -> C:\Users\shule\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB -> Degoo Backup AB)
Startup: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-04-21]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restricción ? <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {10E74FF3-48D8-4FCF-8771-49FED39C37A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-18] (Adobe Inc. -> Adobe)
Task: {1ED4839A-11EF-4B97-8581-4A63D3D9B52E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {2191B8B6-00A3-4875-9299-66AB2FADAF77} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124776 2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {332EBF0B-C8B9-4DE2-9E81-18339AB1AAF6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3A1F884E-939F-4C12-AE8D-32472C435453} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-18] (Adobe Inc. -> Adobe)
Task: {3D1CCC04-5AE6-4AA8-A170-511E9BEB2F31} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {3E376508-DA8D-475B-96D6-F56E54557CF3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223336 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {61FE2911-86AC-4FAD-8628-E661365A4967} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {77C25CD3-0D13-4583-9FC7-6D731D0EC23B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {781111E4-CF05-40E7-8C0F-864878F2AF6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BC489DA-C113-4D3A-B216-02E4278CA40E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2729320 2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C10C6C1-9E5C-498D-8C86-7876777DD4B2} - no ruta de acceso de archivo
Task: {7CC47A45-C79C-44DB-A502-70EC8162276D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124776 2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {801F8EDD-E95E-43C8-A8D9-6F30E71E777D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-21] (Google Inc -> Google Inc.)
Task: {820D8B43-B5B2-40BB-9009-4711521DA396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-21] (Google Inc -> Google Inc.)
Task: {9812CD07-6198-45DE-8601-2FEB2C0BE011} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772528 2020-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9938FFC7-F231-4D4A-AD79-DA8C428D0376} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9D67CE0D-B706-40A3-9425-F92E2A2BD915} - System32\Tasks\Opera scheduled assistant Autoupdate 1584535514 => c:\program files\opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)
Task: {A63F5FCB-04FE-49E5-A3DB-36194A3EDEF1} - no ruta de acceso de archivo
Task: {ABDA6B54-0A6C-4792-83FD-F8F27BAAEDA8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DE0B0B03-94C6-4B56-8176-E0637FDF38F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5521517-0638-44A4-9A19-DD39350E1F0E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772528 2020-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8590032-CF61-4DF3-9C4A-6C48F52675A0} - System32\Tasks\Opera scheduled Autoupdate 1526056791 => c:\program files\opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)
Task: {E88708F6-226B-4DB6-B51C-484CDE3A924C} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223336 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA07AFC8-59A9-434A-AFBF-72FF80855B75} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {ED07029C-88E9-4EBB-905F-2DFE03F68319} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3392620272-1954517828-602887404-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2020-03-18] (Mega Limited -> Mega Limited)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\..\Interfaces\{1e912d28-53c8-41b2-ad0e-2656ae72ce50}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1e912d28-53c8-41b2-ad0e-2656ae72ce50}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90046a7b-6296-4258-8eda-2d15705bcad7}: [NameServer] 1.0.0.1,9.9.9.9
Tcpip\..\Interfaces\{90046a7b-6296-4258-8eda-2d15705bcad7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{da31cce8-dd67-4dd3-8a76-90e2c860886b}: [DhcpNameServer] 10.255.255.3

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3392620272-1954517828-602887404-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3392620272-1954517828-602887404-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Sin Nombre - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} -  Ningún archivo
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} hxxps://ar.madrid.org/sslvpn/SNX/CSHELL/extender.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)

Edge: 
======
DownloadDir: C:\Users\shule\Downloads
Edge Extension: (Office) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_2.0.0.0_neutral__8wekyb3d8bbwe [2020-03-11]
Edge Extension: (Sin Nombre) -> EdgeExtension_14C789055632B21B4008_y1xsffnhj35f6 => C:\Program Files\WindowsApps\14C78905.5632B21B4008_2.2.1077.0_x64__y1xsffnhj35f6 [no encontrado]
Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2018-05-17]
Edge Extension: (Traductor para Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2019-02-01]
Edge DefaultProfile: Default
Edge Profile: C:\Users\shule\AppData\Local\Microsoft\Edge\User Data\Default [2020-05-07]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected] [2020-04-13] [UpdateUrl:hxxps://ti-res.trendmicro.com/ti-res/toolbar/FF/prod/updates.json]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin HKU\S-1-5-21-3392620272-1954517828-602887404-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\shule\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default [2020-05-07]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Presentaciones) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
CHR Extension: (Google Drive) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2020-04-08]
CHR Extension: (Documentos) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
CHR Extension: (Google Drive) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
CHR Extension: (IBM Security Rapport) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-04]
CHR Extension: (Búsqueda personalizada EN TRIBUNALES) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepakkdomgppdclegekbahaliiaghhkf [2018-04-21]
CHR Extension: (WhatsChrome) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2018-04-21]
CHR Extension: (MEGA) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-05-01]
CHR Extension: (YouTube) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
CHR Extension: (Telegram) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2018-04-21]
CHR Extension: (PwdHash port) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfmcfhnhnpoehjoommondmlmhdoonca [2018-04-21]
CHR Extension: (Dropbox para Gmail) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-11-07]
CHR Extension: (Box) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2018-04-21]
CHR Extension: (Avast Passwords) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-02-17]
CHR Extension: (Cronómetro) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoiibkbchfmgmhlodifjceiginokllbj [2020-04-30]
CHR Extension: (Búsqueda personalizada EN TACPCM) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbceablmgfakejfaobjcdgpnologkeem [2018-04-21]
CHR Extension: (ZenMate Free VPN - Mejor VPN para Chrome) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2020-03-16]
CHR Extension: (Hojas de cálculo) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-21]
CHR Extension: (Trend Micro Password Manager) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\fokifklggehlihkifghafpekelcicmgl [2019-07-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-15]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-06]
CHR Extension: (Notificaciones WhatsApp Web) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaoholkoedbpjiangnchpfchhmageifp [2018-04-21]
CHR Extension: (Pocket) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2018-04-21]
CHR Extension: (Ghostery – Bloqueador de anuncios para privacidad) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-04-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Todo.ly) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2018-04-21]
CHR Extension: (Trend Micro Toolbar) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2020-04-27]
CHR Extension: (Gmail) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-21]
CHR Extension: (Chrome Media Router) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-24]
CHR Extension: (Fleex - Intelligent subtitles) - C:\Users\shule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocpeokkkifomeaaobopeacnnepnaldl [2019-04-21]
CHR Profile: C:\Users\shule\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-07]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf]

Opera: 
=======
OPR Notifications: hxxps://forospyware.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://www.guialowcost.es
OPR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\shule\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-04-29]
OPR Extension: (Install Chrome Extensions) - C:\Users\shule\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-27]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [179048 2019-12-25] (Adguard Software Limited -> Adguard Software Ltd)
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [384032 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [96976 2020-04-27] (Box, Inc. -> Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10610544 2020-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [367984 2019-01-31] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-28] (Dropbox, Inc -> Dropbox, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40080 2017-08-30] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223336 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223336 2020-03-30] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2141544 2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373704 2018-02-26] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-30] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\elevation_service.exe [1125264 2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc. -> Nitro Software, Inc.)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2017-03-09] (Nitro Software, Inc. -> )
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2498920 2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1127584 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2792904 2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [299776 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-12-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [251496 2015-12-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TmWscSvc; C:\Program Files\Trend Micro\Titanium\TmWscSvc\TmWscSvc.exe [406440 2019-11-05] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [61968 2015-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [480272 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [23032 2016-07-14] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [62528 2018-01-03] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136720 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2540800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2019-03-19] (Microsoft Windows -> Intel Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [62568 2015-12-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [154280 2016-10-12] (STMICROELECTRONICS S.R.L. -> STMicroelectronics)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2019-05-22] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [74760 2019-06-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [37552 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)
R1 tmeyes; C:\WINDOWS\system32\DRIVERS\tmeyes.sys [684856 2020-03-24] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-03-07] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [160544 2020-03-27] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137776 2019-05-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 VNA; C:\WINDOWS\system32\DRIVERS\vna.sys [161256 2019-01-31] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-04-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-27] (Microsoft Windows -> Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 epp; \??\F:\PortableApps\EmsisoftEmergencyKitPortable\App\EmsisoftEmergencyKitPortable\bin64\epp.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

jeshule · 9 Mayo, 2020 10:43


==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-09 10:12 - 2020-05-09 10:14 - 000000000 ____D C:\FRST
2020-05-09 09:08 - 2020-05-09 09:08 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-05-07 12:42 - 2020-05-07 12:42 - 038624346 _____ C:\Users\shule\Downloads\Rius - Filosofia Para Principiantes.PDF
2020-05-07 12:40 - 2020-05-07 12:40 - 001294878 _____ C:\Users\shule\Downloads\Contra la Teoria Monetaria Mode - Juan Ramon Rallo.epub
2020-05-07 12:40 - 2020-05-07 12:40 - 000327651 _____ C:\Users\shule\Downloads\El desajuste del mundo - Amin Maalouf.epub
2020-05-07 11:43 - 2020-05-07 11:44 - 001029620 _____ C:\Users\shule\Downloads\Loles Vives - Pacta con el diablo.epub
2020-05-07 08:21 - 2020-05-07 08:21 - 005482285 _____ C:\Users\shule\Downloads\PARA PRUEBAS 2.pdf
2020-05-07 08:18 - 2020-05-07 08:18 - 000000000 ____D C:\ProgramData\Emsisoft
2020-05-06 23:07 - 2020-05-06 23:07 - 000550653 _____ C:\Users\shule\Downloads\Vegetarianos con ciencia - Lucia Martinez Arguelles.epub
2020-05-06 23:06 - 2020-05-06 23:06 - 000526939 _____ C:\Users\shule\Downloads\Michael Lewis - Deshaciendo errores.epub
2020-05-06 18:09 - 2020-05-06 18:10 - 000069404 _____ C:\Users\shule\Downloads\PARA PRUEBAS.pdf
2020-05-06 17:30 - 2020-05-06 17:30 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-06 16:21 - 2020-05-06 16:21 - 081950856 _____ (PortableApps.com) C:\Users\shule\Downloads\PDF-XChangeEditorPortable_8.0.338.0.paf.exe
2020-05-05 13:38 - 2020-05-05 13:38 - 000001029 _____ C:\ProgramData\Escritorio\calibre - E-book management.lnk
2020-05-01 18:05 - 2020-05-01 18:05 - 005452584 _____ (IT-Finance ) C:\Users\shule\Downloads\Instalar-ProRealTime-win64 (1).exe
2020-04-30 17:41 - 2020-05-07 18:25 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-30 14:55 - 2020-04-30 14:55 - 000000000 ____D C:\Users\shule\AppData\Local\mbam
2020-04-30 14:53 - 2020-05-08 12:46 - 000000000 ____D C:\Users\shule\AppData\LocalLow\IGDump
2020-04-30 14:53 - 2020-04-30 14:53 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-04-30 14:53 - 2020-04-30 14:53 - 000002021 _____ C:\ProgramData\Escritorio\Malwarebytes.lnk
2020-04-30 14:53 - 2020-04-30 14:53 - 000000000 ____D C:\Users\shule\AppData\Local\mbamtray
2020-04-30 14:52 - 2020-04-30 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-30 14:52 - 2020-04-30 14:51 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-30 14:52 - 2020-04-30 14:51 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-04-30 14:51 - 2020-04-30 14:51 - 000000000 ____D C:\Program Files\Malwarebytes
2020-04-30 14:04 - 2020-04-30 14:04 - 016591297 _____ C:\Users\shule\Downloads\2007_Book_TheJoyOfScience.pdf
2020-04-30 13:58 - 2020-04-30 13:58 - 045767804 _____ C:\Users\shule\Downloads\2018_Book_PlantPhysiologyDevelopmentAndM.pdf
2020-04-30 13:57 - 2020-04-30 13:57 - 000710158 _____ C:\Users\shule\Downloads\Springer Ebooks.pdf
2020-04-30 13:12 - 2020-04-30 13:12 - 148556669 _____ C:\Users\shule\Downloads\2018_Book_PlantAnatomy.pdf
2020-04-30 13:08 - 2020-04-30 13:08 - 024418620 _____ C:\Users\shule\Downloads\2015_Book_IntegrativeHumanBiochemistry.pdf
2020-04-30 12:55 - 2020-04-30 12:55 - 007111755 _____ C:\Users\shule\Downloads\2014_Book_CalculusWithApplications.pdf
2020-04-30 12:52 - 2020-04-30 12:52 - 010558892 _____ C:\Users\shule\Downloads\{RL} 05-20-Historia y Vida.pdf
2020-04-30 12:52 - 2020-04-30 12:52 - 010058852 _____ C:\Users\shule\Downloads\{RL} 05-20-National Geographic.pdf
2020-04-30 10:25 - 2020-04-30 10:25 - 044221958 _____ C:\Users\shule\Downloads\_Hacemos pan_ - Alma Obregon.epub
2020-04-30 10:25 - 2020-04-30 10:25 - 004261697 _____ C:\Users\shule\Downloads\Alexander Elder - Vivir del trading .epub
2020-04-30 10:24 - 2020-04-30 10:24 - 001507601 _____ C:\Users\shule\Downloads\Ecos_del_pasado_Diana_Gabaldon.9ed7.epub
2020-04-30 07:54 - 2020-04-30 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-28 21:55 - 2020-04-28 21:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-04-28 21:55 - 2020-04-28 21:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-04-28 21:55 - 2020-04-28 21:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-04-28 21:55 - 2020-04-28 21:55 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-04-27 11:54 - 2020-04-27 11:54 - 005416279 _____ C:\Users\shule\Downloads\Yoga, un estilo de vida - Vanesa Lorenzo.epub
2020-04-24 18:00 - 2020-04-24 18:01 - 000000000 ____D C:\ProgramData\ABBYY
2020-04-24 17:18 - 2020-04-24 17:52 - 000000000 ____D C:\ProgramData\Wondershare
2020-04-24 17:10 - 2020-04-24 17:10 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-04-24 17:10 - 2020-04-16 20:51 - 000286264 _____ (Wondershare Software) C:\WINDOWS\system32\WSPDFelementMonitor.dll
2020-04-24 17:09 - 2020-04-24 17:18 - 000000000 ____D C:\Users\shule\AppData\Roaming\Wondershare
2020-04-24 17:09 - 2020-04-24 17:09 - 000001270 _____ C:\ProgramData\Escritorio\Wondershare PDFelement.lnk
2020-04-24 17:09 - 2020-04-24 17:09 - 000000000 ____D C:\Users\shule\AppData\Local\Wondershare
2020-04-24 17:09 - 2020-04-24 17:09 - 000000000 ____D C:\ProgramData\PDFelement 7
2020-04-24 17:09 - 2020-04-24 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-04-24 17:09 - 2019-12-20 15:09 - 000150736 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\TWAINDSM.dll
2020-04-24 17:09 - 2019-12-20 15:09 - 000097280 _____ C:\WINDOWS\SysWOW64\TWAINDSM32.msm
2020-04-24 17:08 - 2020-04-24 17:08 - 000000000 ____D C:\Program Files (x86)\Wondershare
2020-04-24 17:08 - 2020-04-16 20:50 - 011886648 _____ C:\WINDOWS\SysWOW64\WSPECRT.dll
2020-04-23 13:28 - 2020-04-23 13:31 - 000000000 ____D C:\Users\shule\OneDrive\Documentos\FormatFactory
2020-04-23 13:28 - 2020-04-23 13:28 - 000000000 ____D C:\Users\shule\AppData\Local\FTMod
2020-04-23 13:22 - 2020-04-23 13:22 - 000000000 ____D C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2020-04-23 13:21 - 2020-04-23 13:22 - 000000000 ____D C:\Program Files\FormatFactory
2020-04-22 09:29 - 2020-04-22 09:29 - 000664806 _____ C:\Users\shule\Downloads\4_5823359802310395809.pdf
2020-04-21 11:05 - 2020-04-21 11:05 - 000000000 ___HD C:\OneDriveTemp
2020-04-17 17:45 - 2020-04-17 17:45 - 000001074 _____ C:\ProgramData\Escritorio\EaseUS Data Recovery Wizard.lnk
2020-04-17 17:45 - 2020-04-17 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2020-04-17 17:45 - 2020-04-17 17:45 - 000000000 ____D C:\Program Files\EaseUS
2020-04-17 11:52 - 2020-04-17 11:52 - 016249800 _____ C:\Users\shule\Downloads\viajar.pdf
2020-04-16 13:48 - 2020-04-16 13:48 - 000000000 ____D C:\Users\shule\AppData\Roaming\Macromedia
2020-04-16 11:57 - 2020-04-16 11:57 - 005099613 _____ C:\Users\shule\Downloads\{RL} 04-20-Compra Maestra n457.pdf
2020-04-16 11:56 - 2020-04-16 11:56 - 009706998 _____ C:\Users\shule\Downloads\{RL} 05-20-De Viajes.pdf
2020-04-16 10:52 - 2020-04-16 10:52 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 10:52 - 2020-04-16 10:52 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 10:52 - 2020-04-16 10:52 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 10:52 - 2020-04-16 10:52 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 10:51 - 2020-04-16 10:51 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 10:51 - 2020-04-16 10:51 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 10:51 - 2020-04-16 10:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 17:14 - 2020-05-09 08:52 - 000000000 ____D C:\Users\shule\Downloads\ESCRITORIO VER
2020-04-15 16:53 - 2020-04-15 16:56 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-15 16:53 - 2020-04-15 16:55 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 13:35 - 2020-04-15 13:35 - 011453567 _____ C:\Users\shule\Downloads\Traders. Georg.pdf
2020-04-15 10:23 - 2020-04-15 10:23 - 000000000 ____D C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-14 18:35 - 2020-04-14 18:37 - 000000000 ____D C:\Chess Tactics, Level 1
2020-04-14 18:35 - 2020-04-14 18:35 - 000000000 ____D C:\Users\shule\AppData\Roaming\ChessOK
2020-04-14 18:35 - 2020-04-14 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chess Tactics, Level 1
2020-04-13 19:48 - 2019-12-17 12:50 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2020-04-13 19:48 - 2019-12-17 12:50 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2020-04-13 19:07 - 2020-04-21 17:45 - 000002364 _____ C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-04-13 19:06 - 2020-04-13 19:06 - 000000000 ____D C:\Users\shule\OneDrive\Documentos\samsung
2020-04-13 19:06 - 2020-04-13 19:06 - 000000000 ____D C:\Users\shule\AppData\Roaming\Microsoft Teams
2020-04-13 19:06 - 2020-04-13 19:06 - 000000000 ____D C:\Users\shule\AppData\Local\Samsung
2020-04-13 19:04 - 2020-05-09 09:06 - 000000000 ____D C:\Users\shule\AppData\Roaming\Samsung
2020-04-13 19:00 - 2020-05-09 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2020-04-13 19:00 - 2016-05-17 23:49 - 004659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2020-04-13 19:00 - 2016-05-17 23:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2020-04-13 18:59 - 2020-05-09 09:06 - 000000000 ____D C:\Program Files (x86)\Samsung
2020-04-13 18:57 - 2020-04-13 18:57 - 000000000 ____D C:\Users\shule\AppData\Local\Downloaded Installations
2020-04-13 15:49 - 2020-04-13 15:49 - 000000000 ____D C:\Program Files\Samsung
2020-04-13 15:49 - 2019-12-17 12:49 - 000069120 _____ (Nokia) C:\WINDOWS\system32\nmwcdclsx64.dll
2020-04-13 15:48 - 2020-04-13 18:59 - 000000000 ____D C:\ProgramData\Samsung
2020-04-13 15:07 - 2020-04-13 15:07 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-13 15:07 - 2020-04-13 15:07 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-13 15:07 - 2020-04-13 15:07 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-13 15:07 - 2020-04-13 15:07 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-13 15:07 - 2020-04-13 15:07 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-13 15:07 - 2020-04-13 15:07 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-13 15:07 - 2020-04-13 15:07 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-13 15:07 - 2020-04-13 15:07 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-13 15:07 - 2020-04-13 15:07 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-13 15:07 - 2020-04-13 15:07 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-13 15:06 - 2020-04-13 15:06 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-13 15:06 - 2020-04-13 15:06 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-13 15:06 - 2020-04-13 15:06 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-13 15:06 - 2020-04-13 15:06 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-13 15:06 - 2020-04-13 15:06 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-13 15:06 - 2020-04-13 15:06 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-13 15:06 - 2020-04-13 15:06 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-13 15:06 - 2020-04-13 15:06 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-13 15:05 - 2020-04-13 15:05 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-13 15:05 - 2020-04-13 15:05 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-13 15:05 - 2020-04-13 15:05 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-13 15:04 - 2020-04-13 15:04 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-13 15:04 - 2020-04-13 15:04 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-13 15:04 - 2020-04-13 15:04 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-13 15:04 - 2020-04-13 15:04 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-13 15:04 - 2020-04-13 15:04 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-13 15:04 - 2020-04-13 15:04 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-13 15:04 - 2020-04-13 15:04 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-13 11:00 - 2020-04-14 15:17 - 000001832 _____ C:\Users\shule\AppData\Local\SLC_shule.prx
2020-04-13 10:59 - 2020-04-13 10:59 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2020-04-13 10:57 - 2020-04-13 10:59 - 000000000 ___HD C:\WINDOWS\AxInstSV
2020-04-13 10:31 - 2020-04-13 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISL Light
2020-04-13 10:30 - 2020-04-30 18:02 - 000000000 ____D C:\Users\shule\AppData\Local\ISL Online Cache
2020-04-13 10:30 - 2020-04-13 10:30 - 000000000 ____D C:\Program Files (x86)\ISL Online
2020-04-11 19:26 - 2020-04-11 19:26 - 001857414 _____ C:\Users\shule\Downloads\FDAX + FDAX Regelwerk 2020.pdf
2020-04-11 16:10 - 2020-04-11 16:10 - 030650963 _____ C:\Users\shule\Downloads\Oxigeno   2019-08-26.pdf
2020-04-11 16:10 - 2020-04-11 16:10 - 029760067 _____ C:\Users\shule\Downloads\{RL} 04-20-Oxigeno (1).pdf
2020-04-11 16:10 - 2020-04-11 16:10 - 026641786 _____ C:\Users\shule\Downloads\07-08-19-Oxigeno.pdf
2020-04-11 12:10 - 2020-04-11 12:10 - 000845010 _____ C:\Users\shule\Downloads\270320.guia_faqs_situacion_comercio_estado_de_alarma.pdf
2020-04-11 11:20 - 2020-04-22 12:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-11 11:20 - 2020-04-11 11:21 - 000000000 ____D C:\SkillbOffice
2020-04-11 11:20 - 2020-04-11 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETg

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-05-09 10:15 - 2020-02-11 18:18 - 000000000 ____D C:\ProgramData\Adguard
2020-05-09 10:13 - 2019-06-03 18:32 - 000000000 ____D C:\Users\shule\AppData\Local\DP_Tower_3.7
2020-05-09 10:07 - 2019-08-09 23:42 - 000000000 ____D C:\Users\shule
2020-05-09 10:05 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-09 09:50 - 2019-08-10 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-09 09:47 - 2019-08-10 10:19 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-05-09 09:23 - 2018-04-21 09:14 - 000000000 __SHD C:\Users\shule\IntelGraphicsProfiles
2020-05-09 09:23 - 2018-04-21 09:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-05-09 09:12 - 2019-03-19 06:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-05-09 09:09 - 2020-02-11 18:18 - 000000000 ____D C:\Program Files (x86)\Adguard
2020-05-09 09:08 - 2019-08-10 10:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-09 09:08 - 2018-04-21 09:09 - 000000000 ____D C:\ProgramData\Validity
2020-05-09 09:06 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-05-07 18:25 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-05-07 18:25 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-07 18:25 - 2018-07-29 12:28 - 000000000 ____D C:\Users\shule\AppData\Local\CrashDumps
2020-05-07 15:56 - 2020-03-16 11:42 - 000000000 ____D C:\Users\shule\AppData\Roaming\WhatsApp
2020-05-07 13:49 - 2018-05-11 18:39 - 000000000 ____D C:\Program Files\Opera
2020-05-07 13:47 - 2018-04-21 09:16 - 000000000 ___RD C:\Users\shule\OneDrive
2020-05-07 13:46 - 2018-05-17 09:23 - 000000000 ___RD C:\Users\shule\OneDrive - Madrid Digital
2020-05-07 12:48 - 2019-11-15 15:24 - 000000000 ____D C:\WINDOWS\SysWOW64\TmAMSI
2020-05-07 12:04 - 2019-06-03 18:32 - 000000000 ____D C:\ProgramData\TMDP_Log
2020-05-07 11:57 - 2019-11-15 15:24 - 000000000 ____D C:\WINDOWS\system32\TmAMSI
2020-05-07 10:49 - 2019-01-31 18:52 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Drive.lnk
2020-05-06 21:39 - 2018-04-21 10:35 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-06 21:39 - 2018-04-21 10:35 - 000002258 _____ C:\ProgramData\Escritorio\Google Chrome.lnk
2020-05-06 20:19 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-06 20:19 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-06 15:06 - 2018-04-21 17:58 - 000000424 __RSH C:\ProgramData\ntuser.pol
2020-05-06 12:03 - 2018-04-21 11:21 - 000000000 ___RD C:\Users\shule\Dropbox
2020-05-06 10:41 - 2018-04-22 10:07 - 000000000 ____D C:\Users\shule\AppData\Local\Degoo
2020-05-05 13:38 - 2018-04-22 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-05-05 13:38 - 2018-04-22 01:00 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-05-05 11:40 - 2018-05-02 10:25 - 000000000 ____D C:\Users\shule\AppData\Local\NitroSpoolDir
2020-05-05 11:40 - 2018-05-02 10:24 - 000000000 ____D C:\Users\shule\AppData\Roaming\Nitro
2020-05-05 10:36 - 2020-03-16 11:41 - 000000000 ____D C:\Users\shule\AppData\Local\WhatsApp
2020-05-05 08:36 - 2018-04-21 10:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-05-04 08:31 - 2020-03-16 12:49 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-05-01 17:58 - 2020-04-08 14:40 - 000004170 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1584535514
2020-05-01 17:00 - 2020-04-07 15:51 - 000000000 ____D C:\Users\shule\AppData\Local\Deployment
2020-05-01 13:06 - 2019-06-03 18:00 - 000000000 ____D C:\ProgramData\Trend Micro
2020-05-01 11:58 - 2019-08-10 10:19 - 000003966 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526056791
2020-05-01 11:58 - 2018-05-11 18:39 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2020-04-30 18:31 - 2018-04-21 09:14 - 000000000 ____D C:\Users\shule\AppData\Local\Packages
2020-04-30 17:25 - 2020-03-26 11:34 - 000000000 ____D C:\Users\shule\AppData\Local\ElevatedDiagnostics
2020-04-30 17:25 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-30 16:48 - 2018-04-21 11:16 - 000000000 ____D C:\Users\shule\AppData\Roaming\KeePass
2020-04-30 14:52 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-30 08:10 - 2020-03-30 14:13 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-04-30 07:56 - 2018-04-21 11:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-04-28 07:30 - 2018-04-21 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-27 20:03 - 2019-08-24 16:32 - 000000000 ____D C:\Users\shule\AppData\Local\Adobe
2020-04-27 20:02 - 2018-04-21 14:34 - 000000000 ____D C:\Users\shule\AppData\Local\PlaceholderTileLogoFolder
2020-04-27 08:59 - 2019-09-17 15:45 - 000000000 ____D C:\Users\shule\AppData\LocalLow\Temp
2020-04-27 07:53 - 2020-03-30 14:12 - 000003652 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-04-27 07:53 - 2020-03-30 14:12 - 000003528 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-04-24 17:57 - 2020-04-01 17:00 - 000396952 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2020-04-24 17:32 - 2019-08-10 09:42 - 000441304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-24 17:29 - 2018-04-21 12:24 - 000000000 ____D C:\Users\shule\AppData\Roaming\Nozbe
2020-04-23 13:28 - 2018-04-21 12:21 - 000000000 ____D C:\Users\shule\AppData\Roaming\vlc
2020-04-23 08:15 - 2019-03-13 20:50 - 000051569 _____ C:\Users\shule\OneDrive\Documentos\DAX. Niveles.xlsx
2020-04-22 13:44 - 2019-08-10 10:02 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-22 13:44 - 2019-03-19 13:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat
2020-04-22 13:44 - 2019-03-19 13:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat
2020-04-17 17:46 - 2018-04-21 11:00 - 000000000 ____D C:\ProgramData\SystemAcCrux
2020-04-16 11:07 - 2019-03-19 14:01 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-16 11:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 11:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 11:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 11:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 11:02 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-16 08:18 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-15 17:13 - 2018-04-22 01:07 - 000000000 ____D C:\Users\shule\OneDrive\Documentos\My Digital Editions
2020-04-15 12:31 - 2020-03-16 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-15 12:31 - 2020-03-16 10:07 - 000000000 ____D C:\Program Files (x86)\Java
2020-04-15 12:28 - 2020-03-16 10:08 - 000114344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-04-15 10:23 - 2020-03-31 14:03 - 000000000 ____D C:\Users\shule\AppData\Roaming\Zoom
2020-04-15 09:54 - 2020-03-16 11:41 - 000000000 ____D C:\Users\shule\AppData\Local\SquirrelTemp
2020-04-13 16:10 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-13 16:10 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-13 16:10 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-13 10:59 - 2019-03-19 06:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2020-04-11 16:58 - 2018-05-30 18:29 - 000000000 ____D C:\JESUS

==================== Archivos en la raíz de algunos directorios ========

2020-02-11 18:19 - 2020-03-30 15:38 - 000000257 _____ () C:\ProgramData\fontcacheev1.dat
2019-06-03 18:29 - 2019-06-03 18:29 - 000000036 _____ () C:\Users\shule\AppData\Local\housecall.guid.cache
2020-04-13 11:00 - 2020-04-14 15:17 - 000001832 _____ () C:\Users\shule\AppData\Local\SLC_shule.prx

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================

jeshule · 9 Mayo, 2020 10:45

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 03-05-2020
Ejecutado por shule (09-05-2020 10:16:12)
Ejecutado desde C:\Users\shule\OneDrive\Escritorio\SPYWARE FORO
Windows 10 Pro Versión 1909 18363.778 (X64) (2019-08-10 08:20:41)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-3392620272-1954517828-602887404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3392620272-1954517828-602887404-503 - Limited - Disabled)
Invitado (S-1-5-21-3392620272-1954517828-602887404-501 - Limited - Disabled)
shule (S-1-5-21-3392620272-1954517828-602887404-1001 - Administrator - Enabled) => C:\Users\shule
WDAGUtilityAccount (S-1-5-21-3392620272-1954517828-602887404-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Trend Micro Maximum Security (Disabled - Up to date) {AFEE279F-FAE7-BAEE-3A88-4BF7277B8551}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Trend Micro Maximum Security (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
AdGuard (HKLM-x32\...\{43a690de-0274-44ff-bec7-36ab94cdde0a}) (Version: 7.3.3048.0 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.3.3048.0 - Adguard Software Ltd) Hidden
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.8 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Amazon Kindle (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Photos (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Amazon Photos) (Version: 6.2.3 - Amazon.com, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.5 - Gobierno de España)
Box (HKLM\...\{601D96E8-8C7B-47A9-A2BD-B1289B1882D3}) (Version: 2.14.377 - Box, Inc.)
calibre (HKLM-x32\...\{54B7D91C-A982-420A-84E5-245DCD036C17}) (Version: 4.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.64 - Piriform)
Check Point Deployment Shell (HKLM-x32\...\{b4416d73-0a36-4adb-8ca7-d489d5b6ac97}) (Version: 8.00.0000 - Check Point)
Check Point SSL Network Extender Service (HKLM-x32\...\{b578376e-d19a-4237-895f-99a311977669}) (Version: 7.01.0000 - CheckPoint)
Chess Tactics, Level 1 version 2.0.4 (HKLM-x32\...\Chess Tactics, Level 1_is1) (Version: 2.0.4 - )
Degoo (HKLM-x32\...\{4E14AF91-8D5C-45B6-AE7D-421154C54C19}) (Version: 1.0.2611 - Degoo Backup AB)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 96.4.172 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 11.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 10.6 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.6 - CHENGDU YIWO Tech Development Co., Ltd)
ePUBee DRM Removal (HKLM-x32\...\ePUBee DRM Removal) (Version: 3.1.5.2 - ePUBee Inc.)
ePUBee Magic (HKLM-x32\...\ePUBee Magic) (Version: 1.0.0.11 - ePUBee)
Fleex player (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\8a32ca80fc8b1f22) (Version: 2.5.5.1 - fleex SAS)
FormatFactory 5.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.1.0.0 - Free Time)
G@TA 2020 (HKLM-x32\...\Programa de Ayuda G@TA 2020 - MODELOS 650 651_is1) (Version: Programa de Ayuda para la Gestión Telemática de Tributos Autonómicos G@TA 2020 650 651. - Comunidad de Madrid)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
IG ProRealTime (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\IGProRealTime_is1) (Version: 1.16 - IT-Finance)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
ISL Light 4.4.1906.22 (HKLM-x32\...\ISL Light_is1) (Version: 4.4.1906.22 - ISL Online)
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
KeePass Password Safe 2.44 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.44 - Dominik Reichl)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.21 - )
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.12730.20236 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{E34002C7-8CE7-3F76-B36C-09FA973BC4F6}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nitro Pro (HKLM\...\{DED283CF-9FC6-4AC2-9D25-86A5E7740E16}) (Version: 11.0.3.173 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.12730.20206 - Microsoft Corporation) Hidden
Opera Stable 68.0.3618.63 (HKLM-x32\...\Opera 68.0.3618.63) (Version: 68.0.3618.63 - Opera Software)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6070 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.5.0 - Synaptics Incorporated)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 16.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 5.0.0.1081 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\WhatsApp) (Version: 2.2017.6 - WhatsApp)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 7.5.3) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.5.3.4801 - Wondershare Software Co.,Ltd.)
Zoom (HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.2.169.0_x64__rz1tebttyb220 [2020-04-20] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-06] (Microsoft Studios) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Nozbe -> C:\Program Files\WindowsApps\Nozbe.47214B7E292B1_3.13.0.0_x64__ax8krzgmkswhw [2020-03-01] (NOZBE MICHAL SLIWINSKI)
Office browser extension -> C:\Program Files\WindowsApps\Microsoft.OfficeOnline_2.0.0.0_neutral__8wekyb3d8bbwe [2020-03-11] (Microsoft Corporation)
One Calendar -> C:\Program Files\WindowsApps\64885BlueEdge.OneCalendar_2020.229.1.0_x64__8kea50m9krsh2 [2020-03-11] (Code Spark)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.9.0_x64__8wekyb3d8bbwe [2020-03-11] (Microsoft Corporation)
Save to Pocket -> C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2018-05-17] (Read It Later, Inc)
Trend Micro Security -> C:\Program Files\WindowsApps\14C78905.5632B21B4008_2.2.1086.0_x64__y1xsffnhj35f6 [2020-04-28] (Trend Micro Inc.)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{04271989-C4D2-1ED3-6567-9609DD11B023} -> [OneDrive - Madrid Digital] => C:\Users\shule\OneDrive - Madrid Digital [2018-05-17 09:23]
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\shule\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{AAC82831-F89C-E2CF-FE4E-1468275C8542}\InprocServer32 -> no ruta de acceso de archivo
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\shule\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\shule\Dropbox [2018-04-21 11:21]
SSODL: EldosMountNotificator-cbfs6 - {22969C9E-BDFA-4E62-8C08-E650B0526A5B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {3ED2E2A3-D782-4B90-B5D0-E91C58431FDD} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {22969C9E-BDFA-4E62-8C08-E650B0526A5B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {3ED2E2A3-D782-4B90-B5D0-E91C58431FDD} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {22969C9E-BDFA-4E62-8C08-E650B0526A5B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {3ED2E2A3-D782-4B90-B5D0-E91C58431FDD} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {22969C9E-BDFA-4E62-8C08-E650B0526A5B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {3ED2E2A3-D782-4B90-B5D0-E91C58431FDD} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [     FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ShellIconOverlayIdentifiers: [    BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {98FA708F-1249-4184-86DC-70854D8E3835} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [    BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.14.377.dll [2020-04-27] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {98FA708F-1249-4184-86DC-70854D8E3835} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.232.1124.0010\amd64\FileSyncShell64.dll [2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-03-19] (Free Time) [Archivo no firmado]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-04-16] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [Archivo no firmado]
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> Ningún archivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [Archivo no firmado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.232.1124.0010\amd64\FileSyncShell64.dll [2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-03-19] (Free Time) [Archivo no firmado]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [Archivo no firmado]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.232.1124.0010\amd64\FileSyncShell64.dll [2020-03-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> Ningún archivo
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [Archivo no firmado]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

ShortcutWithArgument: C:\Users\shule\Downloads\ESCRITORIO VER\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Cronómetro.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eoiibkbchfmgmhlodifjceiginokllbj
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\WhatsChrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\shule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno

==================== Módulos cargados (Lista blanca) =============

2018-04-21 10:59 - 2016-03-07 18:08 - 001291264 _____ () [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2018-04-21 10:59 - 2004-10-05 03:08 - 000055808 _____ () [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2019-06-03 18:33 - 2017-01-26 13:35 - 001078272 _____ () [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2019-06-03 18:33 - 2017-02-23 01:31 - 000079872 _____ () [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2019-06-03 18:33 - 2017-02-23 01:31 - 001922560 _____ () [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2019-06-03 18:33 - 2017-02-23 02:31 - 004834816 _____ () [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000026768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000061072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000021648 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000021696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000414400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2018-04-21 10:59 - 2017-09-11 14:28 - 000085136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000026304 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000074432 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000079040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000183440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000163520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000018112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000188608 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000024768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2018-04-21 10:59 - 2017-02-21 17:19 - 000083136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000091840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000019648 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000022720 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000141456 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000029376 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2018-04-21 10:59 - 2017-08-30 12:25 - 000367760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000032912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000296592 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000195776 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000221376 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000162448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000034448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2018-04-21 10:59 - 2017-09-04 17:39 - 000699024 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000487568 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2018-04-21 10:59 - 2017-08-30 12:26 - 000844944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000064192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000078528 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000114368 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000052416 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000021648 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000026816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000160400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000085648 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000070800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000072848 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000058560 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000210112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000305808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000149184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000066240 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000210112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2018-04-21 10:59 - 2017-08-30 12:27 - 000074896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll
2018-04-21 10:59 - 2017-08-30 12:27 - 000585872 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000045248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000090816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2018-04-21 10:59 - 2017-08-30 12:27 - 000055952 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000054464 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000142016 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000138432 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2018-04-21 10:59 - 2017-09-04 17:43 - 000688272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
2018-04-21 10:59 - 2016-12-06 02:43 - 000022208 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000731280 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000046736 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000235152 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000103104 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000575632 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000046272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000161472 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000019648 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000120976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000251536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
2018-04-21 10:59 - 2017-08-30 12:26 - 000138896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000028864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000095424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000124096 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
2018-04-21 10:59 - 2017-08-30 12:27 - 000113296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
2018-04-21 10:59 - 2016-12-06 02:44 - 000044736 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
2018-04-21 10:59 - 2008-11-25 17:18 - 000892928 _____ (Free Software Foundation) [Archivo no firmado] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2017-11-01 22:58 - 2017-11-01 22:58 - 001141248 _____ (Robert Simpson, et al.) [Archivo no firmado] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2019-06-03 18:33 - 2017-02-23 01:31 - 068185600 _____ (The NWJS Community) [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\nw.dll
2019-06-03 18:33 - 2017-02-23 01:31 - 000421888 _____ (The NWJS Community) [Archivo no firmado] C:\Program Files\Trend Micro\TMIDS\tower\nw_elf.dll
2017-11-15 13:16 - 2017-11-15 13:16 - 000250368 _____ (Windows (R) Codename Longhorn DDK provider) [Archivo no firmado] C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll

jeshule · 9 Mayo, 2020 10:47

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\madrid.org -> hxxps://gestiona.madrid.org
IE trusted site: HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\sharepoint.com -> hxxps://aiccm-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2020-05-07 18:13 - 2020-05-07 18:13 - 000000834 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\AutoFirma\AutoFirma
HKU\S-1-5-21-3392620272-1954517828-602887404-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKU\S-1-5-21-3392620272-1954517828-602887404-1001\...\StartupApproved\Run: => "Amazon Photos"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [UDP Query User{CF096EC4-49D0-4C63-94A8-E37129266461}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{A6479BD2-7B20-4BD9-B9A3-283248EBCCB8}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{4D9EDADB-4D33-4F8F-B508-4BE0AAE4D2C0}] => (Allow) C:\Users\shule\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9F12E91F-792B-48E8-8C79-DA9756768C0B}] => (Allow) C:\Users\shule\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{971F6E50-9A9C-49FC-8CFA-F563C31CC354}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe (Kovid Goyal -> )
FirewallRules: [TCP Query User{1EB8878A-7AFD-4531-8ACD-0F6DB86CA94B}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe (Kovid Goyal -> )
FirewallRules: [{F154D2A2-CC9D-4694-909D-DE90E9AC4C94}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{332FB940-DAFB-4035-B3F8-B2782BDFAFA9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{72210953-6802-49E3-82E7-3D7BC36401A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5181A93-C8FF-448E-AB8E-1C6B8821F641}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DA2EEC78-B52F-484E-B01B-1EDBF37F0CC5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
FirewallRules: [{250AA479-59DD-4670-AFB7-8EA89C416F52}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
FirewallRules: [{FFC7D16D-8D56-4DE0-A9EF-E9F0E10BCED2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
FirewallRules: [{6B6DEE49-4AA6-4FC0-A395-F7327B52A3C5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Archivo no firmado]
FirewallRules: [{76D6F488-A280-4697-B4F9-85D5F665C5A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
FirewallRules: [{F8884227-3E6B-4BF4-B6F5-72D7057E25B3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
FirewallRules: [{39493E08-4719-47B6-A4B0-E39094A86D37}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
FirewallRules: [{2BEA0F10-094B-4F42-8107-506B39FC02D0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Archivo no firmado]
FirewallRules: [TCP Query User{72847AD5-772A-4D37-A167-4820B76A36F4}C:\users\shule\appdata\local\degoo\degoo.exe] => (Allow) C:\users\shule\appdata\local\degoo\degoo.exe (Degoo Backup AB -> Degoo Backup AB)
FirewallRules: [UDP Query User{622D94AA-325A-4615-BE12-2053B03054C5}C:\users\shule\appdata\local\degoo\degoo.exe] => (Allow) C:\users\shule\appdata\local\degoo\degoo.exe (Degoo Backup AB -> Degoo Backup AB)
FirewallRules: [{CD0695A8-2060-440D-AD48-0629C9D762FF}] => (Block) C:\users\shule\appdata\local\degoo\degoo.exe (Degoo Backup AB -> Degoo Backup AB)
FirewallRules: [{FB949C00-DBE1-4194-A832-F65CE70F18DC}] => (Block) C:\users\shule\appdata\local\degoo\degoo.exe (Degoo Backup AB -> Degoo Backup AB)
FirewallRules: [{F086CE72-D523-4EA8-B047-0C7238FE0A1D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8E652BBA-AE51-44F2-AD4A-BA38CDF678AD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7C8BA4C2-6356-484A-899A-CF49FFD6387F}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [TCP Query User{454C9218-BD66-44DE-8736-5BA08105B7CB}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0373D779-9592-4D7F-9883-35BA5C6CA8C3}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [{B9188BCA-C54A-4AA4-972A-2A211CC116EA}] => (Allow) C:\Users\shule\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{116D7826-6363-405E-BBE9-F0F5DA1AF08D}] => (Allow) C:\Users\shule\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{3B9990F6-828B-47B7-BAC3-C81E3D96F6C6}] => (Allow) C:\Users\shule\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{D18A2F74-CE5B-4D3F-9A7B-3611811958F6}] => (Allow) C:\Users\shule\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3DB2BE37-1E3A-4042-AE96-E9A73197D313}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0283578E-5E11-4B59-87B0-828EA797099D}] => (Allow) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [TCP Query User{C6A775FF-B0BE-4459-997A-9BA67B7DC930}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{78C8934B-8002-4DAB-9041-E7A98074FC58}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B13AAB19-8E4B-45B4-BE5F-CF694F04F647}C:\users\shule\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\shule\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{00906B90-22D9-40B6-B86C-745D38723EDF}C:\users\shule\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\shule\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{935ECF6F-A131-4410-87D9-43F105CE3EAE}] => (Allow) c:\program files\opera\67.0.3575.137\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5584AB98-442C-4DF5-BA2D-16276C95F07F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{EE89CFED-F4A3-4757-B9C0-A0740BF4CD00}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E45E237D-2219-4B91-BB0F-836CDF420BCC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6AC66D81-5DA3-4FC7-B262-7810908B086D}] => (Allow) c:\program files\opera\68.0.3618.63\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{785AF057-131A-4A24-9E90-12AEEA09DF81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

08-05-2020 15:09:04 Punto de control programado
09-05-2020 09:05:32 AdwCleaner_BeforeCleaning_09/05/2020_09:05:31
09-05-2020 10:06:30 JRT Pre-Junkware Removal

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (05/09/2020 10:12:11 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8796,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/09/2020 09:32:50 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3700,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/09/2020 09:16:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3664,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/09/2020 09:06:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.

Error: (05/09/2020 09:06:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]

Error: (05/09/2020 09:06:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.

Error: (05/09/2020 09:06:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]

Error: (05/09/2020 08:51:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.


Errores del sistema:
=============
Error: (05/09/2020 09:06:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Adguard Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Check Point SSL Network Extender terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Reiniciar el servicio.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Disco virtual terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SAMSUNG Mobile Connectivity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio WindscribeService se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SAMSUNG Mobile Connectivity Service V2 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/09/2020 09:06:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio SynTPEnh Caller Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2020-04-28 17:50:42.152
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.313.2507.0
Versión anterior de inteligencia de seguridad: 1.313.1638.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 1.1.16900.4
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2020-04-28 17:50:42.152
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.313.2507.0
Versión anterior de inteligencia de seguridad: 1.313.1638.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 1.1.16900.4
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80004004
Descripción del error: Operación anulada 

Date: 2020-04-28 17:48:51.895
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.313.2507.0
Versión anterior de inteligencia de seguridad: 1.313.1638.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.16900.4
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2020-04-28 17:48:51.895
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.313.2507.0
Versión anterior de inteligencia de seguridad: 1.313.1638.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.16900.4
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2020-04-28 07:32:20.586
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.313.1638.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión actual del motor: 
Versión anterior del motor: 1.1.16900.4
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2020-05-09 09:54:49.129
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.119
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.110
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.100
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.091
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.079
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.068
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-09 09:54:49.059
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Microsoft signing level requirements.

==================== Información de la memoria =========================== 

BIOS: Dell Inc. A05 02/20/2014
Placa base: Dell Inc. 0H3FM5
Procesador: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Porcentaje de memoria en uso: 39%
RAM física total: 8097.48 MB
RAM física disponible: 4913.06 MB
Virtual total: 14753.48 MB
Virtual disponible: 11499.68 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:233.97 GB) (Free:23.3 GB) NTFS
Drive e: (DATOS) (Fixed) (Total:230.66 GB) (Free:38.13 GB) NTFS

\\?\Volume{0008229d-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{0008229d-0000-0000-0000-20943a000000}\ () (Fixed) (Total:0.79 GB) (Free:0.3 GB) NTFS
\\?\Volume{4bd08f5b-2571-11e9-93c0-ecf4bb1bf7ca}\ () () (Total:0 GB) (Free:0 GB) 

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0008229D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=804 MB) - (Type=27)
Partition 4: (Not Active) - (Size=230.7 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================

Gracias otra vez. Un saludo.

JavierHF · 9 Mayo, 2020 22:22

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{AAC82831-F89C-E2CF-FE4E-1468275C8542}\InprocServer32 -> no ruta de acceso de archivo
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Ningún archivo
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restricción ? <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {1ED4839A-11EF-4B97-8581-4A63D3D9B52E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {3D1CCC04-5AE6-4AA8-A170-511E9BEB2F31} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {7C10C6C1-9E5C-498D-8C86-7876777DD4B2} - no ruta de acceso de archivo
Task: {A63F5FCB-04FE-49E5-A3DB-36194A3EDEF1} - no ruta de acceso de archivo
Toolbar: HKLM - Sin Nombre - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - Ningún archivo
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 epp; \??\F:\PortableApps\EmsisoftEmergencyKitPortable\App\EmsisoftEmergencyKitPortable\bin64\epp.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX/Corregir y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

jeshule · 10 Mayo, 2020 11:12

Hola. Llegado al punto en que “Pulsaremos en el numero “5” del teclado para poder acceder al modo a prueba de fallos con funciones de red de windows” el equipo se reinicia y a continuación pide contraseña de usuario y no me reconoce la contraseña con la que normalmente entro en el ordenador “la contraseña no es correcta. Inténtalo de nuevo”. Me impide continuar con el siguiente paso. Un saludo.

Edito: Si inicio normalmente, la contraseña la coge sin problemas.

JavierHF · 10 Mayo, 2020 14:38

Hola.

Como usuario tienes creada una cuenta de Microsoft…??

jeshule · 10 Mayo, 2020 15:48

Sí tengo cuenta. ¿La contraseña que pide puede ser esa y no la de entrada en el pc? Porque con encendido normal no la pide.

Edito: Ok, Ok. He entrado con la contraseña de de la cuenta de Microsoft. Sigo con el proceso. Ahora reporto el informe. Gracias.

Al iniciar en modo a prueba de fallos con funciones de red de windows, no me dejó ejecurar FRST64.exe que lo tenía en el escritorio, dando el siguiente mensaje:

. Tuve que grabarlo en un pendrive junto con el fichero FIXLOG.TXT y copiarlo en el escritorio ya en modo prueba de fallos. Este es el informe de FRST64:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 03-05-2020
Ejecutado por shule (10-05-2020 17:20:59) Run:1
Ejecutado desde C:\Users\shule\OneDrive\Escritorio\SPYWARE FORO
Perfiles cargados: shule (Perfiles disponibles: shule)
Modo de Inicio: Safe Mode (with Networking)
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{AAC82831-F89C-E2CF-FE4E-1468275C8542}\InprocServer32 -> no ruta de acceso de archivo
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Ningún archivo
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> Ningún archivo
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restricción ? <==== ATENCIÓN
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {1ED4839A-11EF-4B97-8581-4A63D3D9B52E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {3D1CCC04-5AE6-4AA8-A170-511E9BEB2F31} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {7C10C6C1-9E5C-498D-8C86-7876777DD4B2} - no ruta de acceso de archivo
Task: {A63F5FCB-04FE-49E5-A3DB-36194A3EDEF1} - no ruta de acceso de archivo
Toolbar: HKLM - Sin Nombre - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - Ningún archivo
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 epp; \??\F:\PortableApps\EmsisoftEmergencyKitPortable\App\EmsisoftEmergencyKitPortable\bin64\epp.sys [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
HKU\S-1-5-21-3392620272-1954517828-602887404-1001_Classes\CLSID\{AAC82831-F89C-E2CF-FE4E-1468275C8542} => eliminado correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => eliminado correctamente
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => eliminado correctamente
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => eliminado correctamente
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => eliminado correctamente
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => eliminado correctamente
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => eliminado correctamente
HKLM\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} => eliminado correctamente
C:\WINDOWS\system32\GroupPolicy\Machine => movido correctamente
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido correctamente
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido correctamente
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ED4839A-11EF-4B97-8581-4A63D3D9B52E}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED4839A-11EF-4B97-8581-4A63D3D9B52E}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3D1CCC04-5AE6-4AA8-A170-511E9BEB2F31}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1CCC04-5AE6-4AA8-A170-511E9BEB2F31}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7C10C6C1-9E5C-498D-8C86-7876777DD4B2}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C10C6C1-9E5C-498D-8C86-7876777DD4B2}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63F5FCB-04FE-49E5-A3DB-36194A3EDEF1}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63F5FCB-04FE-49E5-A3DB-36194A3EDEF1}" => eliminado correctamente
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97EE74D2-C351-4ECE-B75A-8CD36FAE3661}" => eliminado correctamente
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
C:\Program Files\VideoLAN\VLC\npvlc.dll => movido correctamente
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => no encontrado
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => no encontrado
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN" => no encontrado
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => no encontrado
HKLM\SOFTWARE\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fagakgcelolinfnkfgekcnedpaklfcok => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf => eliminado correctamente
HKLM\System\CurrentControlSet\Services\dgderdrv => eliminado correctamente
dgderdrv => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\epp => eliminado correctamente
epp => servicio eliminado correctamente
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3392620272-1954517828-602887404-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 13 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 12 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::88be:6a96:a0f3:707a%3
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.20
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Conexi¢n de  rea local* 13:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : home

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 12:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= Final de CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34686098 B
Java, Flash, Steam htmlcache => 1126 B
Windows/system/drivers => 11359767 B
Edge => 326791 B
Chrome => 90395678 B
Firefox => 0 B
Opera => 51939687 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 7312 B
LocalService => 182598 B
NetworkService => 624236258 B
shule => 824150250 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 17:21:40 ====

Gracias por la ayuda. Un saludo.

JavierHF · 10 Mayo, 2020 16:30

Hola.

Perfecto.

Es raro que hayas tenido ese problema con FRST.exe desde el modo seguro, SI ya fue usado en el modo normal de windows, en el modo seguro también debería haberse ejecutado sin mas problemas.

Pero bueno… YA solo queda que nos digas como sigue TU equipo en relación al problema planeado inicialmente.

Saludos.

jeshule · 10 Mayo, 2020 16:55

El equipo va ahora más fluido, tarda menos el arranque y conecta rápido con la red o wifi. Estaba con la mosca detrás de la oreja por si tenía algún malware o no. Ha sido un buen trabajo por tu parte.

Por otro lado sigue saliendo el mensaje de MBAM, sobre ópera:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del evento de protección: 10/5/20
Hora del evento de protección: 18:46
Archivo de registro: d0ea7eaa-92dd-11ea-9837-ecf4bb1bf7ca.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.896
Versión del paquete de actualización: 1.0.23650
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.778)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, C:\Program Files\Opera\68.0.3618.63\opera.exe, Bloqueado, -1, -1, 0.0.0

-Datos de sitio web-
Categoría: Suplantación de identidad (phishing)
Dominio: v181.proxmox-ams.opera.technology
Dirección IP: 185.26.182.74
Puerto: 443
Tipo: Saliente
Archivo: C:\Program Files\Opera\68.0.3618.63\opera.exe

(end)

¿qué debo hacer con los archivos que hay en cuarentena?

jeshule · 10 Mayo, 2020 17:16

Sobre el asunto del navegador Opera, resulta que tenía varias pestañas abiertas en el navegador que al cerrarlo y abrirlo de nuevo, cargan las páginas donde las dejaste. Pues resulta que una de ellas daba una advertencia de seguridad y al cerrarla, ya no sale el aviso en MBAM cuando vuelvo a abrir Opera. Seguro que esa página era la que daba el problema de phishing. Problema resuelto.

Una ultima duda: ¿Puedo usar la secuencia de chequeo (la del mensaje 4 de este post) de vez en cuando para limpiar el ordenador?

Buen trabajo, JavierHF.

Muchas gracias por tu ayuda.