Pc infectado

Hola Lauri. Bienvenida a Infospyware. Posiblemente el mejor foro de ayuda técnica en habla hispana.

Vamos a analizar tu equipo en busca de malewares.

:one: CCleaner

Descarga, instala y/o actualiza Ccleaner

Consulta si es necesario su manual

  • Abres Ccleaner. Pestaña Custom Clean (Limpieza personalizada). Dejas como está configurada predeterminadamente :arrow_forward: haces clic en Analyze (Analizar) y esperas que termine :arrow_forward: clic en Run Cleaner (Ejecutar Limpiador).

:two: Malewarebytes Anti-Maleware

• Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware , revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Escaneo Personalizado. Tienes instrucciones en su manual, apartado Análisis Personalizado.
  • Tras finalizar el escaneo envíame el informe que guarda Malewarebyte. Instrucciones para encontrar y enviarme el informe lo tienes en el Manual, apartado Informe del Análisis

:three: AdwCleaner

Descarga AdwCleaner | InfoSpyware en el escritorio.

• Cierra también todos los programas que tengas abiertos.

• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.)

• Pulsar en el botón Escanear , y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar .

• Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas .

• Guardas el reporte que te aparecerá y lo anexas en un mensaje.

• El informe también se puede encontrar en C:\Archivos de programa o C: Archivos de programa(x86), si el sistema es de 64 bits –Adwcleaner- AdwCleaner[CX].txt

:four: ZHPCleaner

Ejecutar ZHPCleaner siguiendo su manual. Anexas el reporte en un nuevo mensaje del foro.

:five: CCleaner

  • clic en la pestaña Registro :arrow_forward: clic en buscar problemas y esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad

imagen

Por favor no pegue directamente los informes en su mensaje de respuesta ya que quedaría ilegible y no podré analizarlos dificultando que tus problemas sean resuelto. Sigue el método 2 o 3 indicados en la siguiente guía:

Cómo pegar informes en un mensaje

Valee, haber si lo he hecho bien´¨

  1. MB
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 15/4/20
Hora del análisis: 11:36
Archivo de registro: 94773b24-7efc-11ea-92d5-6002921c1100.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.867
Versión del paquete de actualización: 1.0.22502
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.720)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-TJCA2II\redar

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 446698
Amenazas detectadas: 2
Amenazas en cuarentena: 0
Tiempo transcurrido: 10 min, 56 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
Malware.Generic.206565109, C:\USERS\REDAR\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\746\ATTACHMENTS\TEST DE RAVEN - MIDE TU COEFICIENTE INTELECTUAL[1058].ZIP, Sin acciones por parte del usuario, 1000000, 0, 1.0.22502, 13B0A3D3E1F54CDE0C4FEEF5, dds, 00677300
Malware.Generic.620245229, C:\USERS\REDAR\DOCUMENTS\WRK\LAF\MATERIAL\FILEZILLA_3.46.3_WIN64_SPONSORED-SETUP.EXE, Sin acciones por parte del usuario, 1000000, 0, 1.0.22502, 78DC2A373F9DD65124F830ED, dds, 00677300

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

2.AdwC

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-15-2020
# Duration: 00:00:09
# OS:       Windows 10 Home
# Cleaned:  7
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\SAFEMYWEB
Deleted       C:\Program Files\WebDiscoverBrowser

***** [ Files ] *****

Deleted       C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1905 octets] - [15/04/2020 11:58:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  1. ZHP
~ ZHPCleaner v2020.4.10.191 by Nicolas Coolman (2020/04/10)
~ Run by redar (Administrator)  (15/04/2020 12:31:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\redar\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\redar\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 18363)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (4)
MOVIDO carpeta: C:\Users\redar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\redar\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Program Files (x86)\Common Files\wruninstall.exe [Webroot Software, Inc. - Webroot Installer]  =>Adware.Suspect
MOVIDO carpeta: C:\Windows\Prefetch\SETUPSKYPEFORBUSINESSENTRYRET-73DD15B4.pf    =>Adware.Setupsk
MOVIDO carpeta: C:\Windows\Prefetch\SETUPSKYPEFORBUSINESSENTRYRET-98F28EDD.pf    =>Adware.Setupsk


---\\  Registro ( Claves, Valores, Datos) (2)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18d2f4fc-76cb-424f-90b6-c8e2c503b9aa}\\NameServer [Bad : 212.166.132.104,212.166.132.96]  =>Hijacker.Browser
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)


---\\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect
https://nicolascoolman.eu/2017/12/16/adware-setupsk/  =>Adware.Setupsk
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 2745
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 8/15


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto





~ End of clean in 00h02mn10s

---\\  Reporte (2)
ZHPCleaner-[S]-15042020-12_20_31.txt
ZHPCleaner-[R]-15042020-12_33_22.txt

Saludos

Además he observado:

A) Notificación con lo que empezó todo el follón:

Notif. Continúa

B) Barra de tareas:

C) Admin. archivos:

D) ZHP Pregunta sobre instalación de server??

Server.

Saludos

Gracias por los informes.

En el informe de Malewarebyte antimaleware se indica que no se “tomaron acciones”. ¿Eliminaste lo detectado por este programa?

En cuanto a al pregunta de ZHPCleaner sobre esos servidores, las direcciones IP que te indican corresponden con servidores DNS pertenecientes a Vodafone. Supongo que su conexión a internet tiene como proveedor Vodafone. En ese caso cuanto te pregunte, le dices que SI.

Ejecutemos un par de programas más ver si tienes más malewares:

:one: Realiza un escaneo en línea ESET Online Scanner

• Me envías el informe del análisis (ver el Manual).

Manual de ESET Online Scanner.

:two: Uso de Kaspersky Virus Removal Tool

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

  • Este no da reporte cuando te encuentres, si es que lo hace con alguna infección, tomas una imagen y la subes.

¿Como subir imágenes al Foro?


Extensión web Threat Shield

Por lo que veo usted tiene como antivirus WebRoot SecureAnyWhere. Y la empresa desarrolladora, WebRoot, habrá diseñado una extensión de seguridad para su navegador de internet.

Esa ventana que aparece debe ser emitida por su software WebRoot SecureAnyWhere para animarle a que instale tal extensión.

¿Has probado a desinstalar la extensión de su navegador Microsoft Edge?

No lo hice bien y voy a repetir todo desde el principio, cuando tenga los reportes los cuelgo. Esto va peor, fondo escritorio a negro, conectaba a red pero sin acceso a internet y lo último es que han desaparecido los iconos de la parte dcha. de la barra de tareas incluído el reloj.

Saludos

Bien, esperamos los resultados y los informes.

Hola Frica, vamos de nuevo con 1de2.

1.MB

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 16/4/20
Hora del análisis: 11:32
Archivo de registro: 2ed25c62-7fc5-11ea-8848-6002921c1100.json

-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.867
Versión del paquete de actualización: 1.0.22522
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.720)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-TJCA2II\redar

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 511323
Amenazas detectadas: 2
Amenazas en cuarentena: 2
Tiempo transcurrido: 13 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
Malware.Generic.206565109, C:\USERS\REDAR\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\746\ATTACHMENTS\TEST DE RAVEN - MIDE TU COEFICIENTE INTELECTUAL[1058].ZIP, En cuarentena, 1000000, 0, 1.0.22522, 13B0A3D3E1F54CDE0C4FEEF5, dds, 00678574
Malware.Generic.620245229, C:\USERS\REDAR\DOCUMENTS\WRK\LAF\MATERIAL\FILEZILLA_3.46.3_WIN64_SPONSORED-SETUP.EXE, En cuarentena, 1000000, 0, 1.0.22522, 78DC2A373F9DD65124F830ED, dds, 00678574

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

2.AdwC

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-16-2020
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1905 octets] - [15/04/2020 11:58:02]
AdwCleaner[C00].txt - [1963 octets] - [15/04/2020 11:58:49]
AdwCleaner[S01].txt - [1528 octets] - [16/04/2020 11:55:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

3.ZHP

~ ZHPCleaner v2020.4.15.192 by Nicolas Coolman (2020/04/15)
~ Run by redar (Administrator)  (16/04/2020 12:15:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\redar\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\redar\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 18363)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Program Files (x86)\Common Files\wruninstall.exe [Webroot Software, Inc. - Webroot Installer]  =>Adware.Suspect
MOVIDO carpeta: C:\Windows\Prefetch\SETUPSKYPEFORBUSINESSENTRYRET-73DD15B4.pf    =>Adware.Setupsk
MOVIDO carpeta: C:\Windows\Prefetch\SETUPSKYPEFORBUSINESSENTRYRET-98F28EDD.pf    =>Adware.Setupsk


---\\  Registro ( Claves, Valores, Datos) (1)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)


---\\  Resumen de elementos en su estación de trabajo (3)
https://nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect
https://nicolascoolman.eu/2017/12/16/adware-setupsk/  =>Adware.Setupsk
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 2744
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 8/15


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto





~ End of clean in 00h00mn23s

---\\  Reporte (5)
ZHPCleaner-[R]-15042020-12_33_22.txt
ZHPCleaner-[S]-15042020-12_20_31.txt
ZHPCleaner-[S]-15042020-12_55_33.txt
ZHPCleaner-[S]-16042020-12_13_01.txt
ZHPCleaner-[R]-16042020-12_15_47.txt

2de2 esta tarde. Saludos

No tengo acceso al AntiVirus y no se como puedo desactivarlo para ejecutar el análisis con el ESET. Alguna instrucción?

XAO

Cómo desactivar el ativirus WebRoot SecureAnywhere

  1. Localiza el icono SecureAnywhere en tu barra de tareas.

  1. Pulsa botón derecho del ratón sobre el icono y selecciona Shut down Protection .

  2. Aparecerá una ventana pidiendo confirmación para desactivarlo. Elije Yes .

  1. Depende de la configuración de tu equipo puede ser que aparezca un CAPTCHA el cual tendrás que completar.

Prueba a realizar los pasos de ESET.

Para activar el antivirus, vete al Menú de Inicio de Windows. Haz clic en “Todos los programas”. Busca Webroot SecureAnywhere y ejecútalo.

Si tienes problemas para desactivarlo (recuerdo que te aparecían decenas de iconos del antivurus) yo te recomendaría que lo desinstales directamente. Luego ya te aconsejaríamos un antivirus más fiable.

Para desinstalar Webroot SecureAnywhere, según la web oficial del fabricante de su antivirus, no es necesario ninguna herramienta especial y basta con desinstalarlo como si fuera cualquier otro programa. Pero yo voy a aconsejarte que uses la herramienta Revo Uninstaller.

RevoUninstaller: Desinstalar programas adecuadamente

Información sobre Revo Uninstaller. En este enlace tienes el Manual de RevoUninstaller donde tendrás adicionalmente un ejemplo de cómo desinstalar adecuadamente un programa.

Ejecuta RevoUninstaller según el manual anteriormente dado y escoge, cuando el programa lo habilite, el Modo Avanzado .

Cómo puede ser que después de utilizar el REVO haya reiniciado y el webroot continúe instalado. Sin embargo no vuelva a aparecer en el REVO y tampoco aparezca en programas y características de W10.

Webroot sigue en el menú de inicio y en la barra de tareas: como acceso directo y tareas iniciadas.

Saludos

Es raro si. Vamos a usar uns herramienta avanzada para ver y eliminar rastros de este antivirus.

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Analizar y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

1 me gusta

Buenos días Frica. Como no tengo manera de desactivar o limpiar de mi sistema el Webroot de ninguna manera, visto que parece el causante de todos mis problemas. Qué tal si extraigo el disco duro y en caja lo conecto al portátil vía USB? Riesgo contagiar el portátil también?

Gracias por tu paciencia

Intenta descargar el programa Farbar sin desactivar el antivirus. A ver si tenermos suerte y no lo dectacta como malicioso.

La opción que planteas de extrare el disco y conectarlo a otro equipo vía USB no es viable porque el programa Farbar debe ejecutarse contra el disco que tiene el sistema operativo activo instalado.

1 me gusta

Buenos días Frica. Menudo viernes. El farbar(1/2):

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 15-04-2020
Ejecutado por redar (administrador) sobre DESKTOP-TJCA2II (Hewlett-Packard 110-333ns) (17-04-2020 18:30:31)
Ejecutado desde C:\Users\redar\Downloads
Perfiles cargados: redar (Perfiles disponibles: redar)
Platform: Windows 10 Home Versión 1909 18363.778 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: FF
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Webroot Inc. -> Webroot) [Archivo no firmado] C:\Program Files\Webroot\WRSA.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
Error al acceder al proceso -> FreemakeUtilsService.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13895912 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Phantom_Sl] => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\phantom_sl.exe [2039760 2019-09-22] (FOXIT SOFTWARE INC. ->  Foxit Software Inc)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-14] (Webroot Inc. -> Webroot) [Archivo no firmado]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\redar\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-12-13] (Google Inc (TEST) -> Epic Privacy Browser) [Archivo no firmado]
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30868464 2019-11-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\redar\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\redar\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\RunOnce: [Uninstall 19.232.1124.0010\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\redar\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\amd64"
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\RunOnce: [Uninstall 19.232.1124.0010] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\redar\AppData\Local\Microsoft\OneDrive\19.232.1124.0010"
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-06] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2018-12-31]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Ningún archivo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2018-12-31]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Ningún archivo)
CHR HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {03F2D1DF-F560-413B-97B1-E144BD190914} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {0DF1DEEE-642D-4338-8F8F-78BB345DF4F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2339967E-E515-47C0-844E-AD7F32D071DF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AFC9128-F203-461F-8FE7-0CF51C8AC5B5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {3BD7F709-5BF9-4D35-AF81-90097F681733} - System32\Tasks\hukomas\{22CD3BD7-3F3A-EF40-DEE3-3D74C6A59DCA} => C:\Users\redar\AppData\Roaming\22CD3B~1\hukomas.exe <==== ATENCIÓN
Task: {43D6D6C6-A769-49F1-9D3C-A97CB05E427C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5373A2A7-C87D-4B59-B028-4125F08E06D8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F5C9403-38AF-4BF6-B73C-9DE530F3C243} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
Task: {61BCC312-AF6F-4031-851E-9BE0F334B52E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-11-21] (Garmin International, Inc. -> )
Task: {84FD6F52-1745-470F-88B7-8957BE6D8E79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8886BBF5-C98B-4C46-9C02-700B450E305B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {892EE439-DB08-4C9A-8045-1D12584DAD04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8940B0FF-048D-4D2C-A0E5-CB95A3589F8C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2350176 2020-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D2D379A-A5E6-441C-B97C-796A858CA527} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6321D4B-5532-43E3-AD2C-AB59474FD9B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A720E5AF-E2FE-4556-9F13-BFAE1AAC1C92} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9F8AE11-FE1F-49FE-B7C7-A64F7E6D0CEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-24] (Google Inc -> Google Inc.)
Task: {CEBD69DF-600E-4745-834C-BDD72F3825C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-24] (Google Inc -> Google Inc.)
Task: {DC0D85C4-4AA4-4861-A1EE-A29CEC31B405} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5C175B0-5C31-4245-B6B6-BD97C4429EA9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-20] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{18d2f4fc-76cb-424f-90b6-c8e2c503b9aa}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c428907f-38b6-4f0a-8127-09b11925416c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131978487587268350&GUID=CB393ACE-3EFF-48B7-88C6-F1D9596C7643
HKU\S-1-5-21-3813149516-965609670-1582131489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-3813149516-965609670-1582131489-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3813149516-965609670-1582131489-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> )
BHO: Sin Nombre -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> Ningún archivo
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-14] (Webroot Inc. -> Webroot)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> )
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-01-14] (Webroot Inc. -> Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-23] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Sin Nombre - {97ab88ef-346b-4179-a0b1-7445896547a5} -  Ningún archivo
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> )
Toolbar: HKLM-x32 - Sin Nombre - {97ab88ef-346b-4179-a0b1-7445896547a5} -  Ningún archivo
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> )
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: C:\Users\redar\Downloads
Edge Session Restore: HKU\S-1-5-21-3813149516-965609670-1582131489-1001 -> está habilitado.
Edge Notifications: HKU\S-1-5-21-3813149516-965609670-1582131489-1001 -> hxxps://web.jobtoday.com

FireFox:
========
FF DefaultProfile: a6fkf7fy.default
FF ProfilePath: C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default [2020-04-17]
FF user.js: detected! => C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\user.js [2019-07-04]
FF Session Restore: Mozilla\Firefox\Profiles\a6fkf7fy.default -> está habilitado.
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\Extensions\[email protected] [2019-12-13]
FF Extension: (LastPass: Free Password Manager) - C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\Extensions\[email protected] [2020-04-07]
FF Extension: (Wappalyzer) - C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\Extensions\[email protected] [2020-04-01]
FF Extension: (SEOquake) - C:\Users\redar\AppData\Roaming\Mozilla\Firefox\Profiles\a6fkf7fy.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2020-03-14]
FF HKLM\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi => no encontrado
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2019-05-05] [Heredado]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected] [2019-05-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi [2020-02-13] [UpdateUrl:hxxps://anywhere.webrootcloudav.com/wtsff/live/updates.json]
FF HKLM-x32\...\Firefox\Extensions: [{90ca575e-4c80-47b5-8a3b-ad862f38a292}] - C:\Program Files (x86)\SafeMyWeb\ff\safe_my_web-1.0.1-fx.xpi => no encontrado
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-09-24] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-09-24] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-09-24] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-09-24] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-3813149516-965609670-1582131489-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\redar\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-12-13] (Google Inc (TEST) -> Epic Privacy Browser) [Archivo no firmado]
FF Plugin HKU\S-1-5-21-3813149516-965609670-1582131489-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\redar\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-12-13] (Google Inc (TEST) -> Epic Privacy Browser) [Archivo no firmado]

Chrome: 
=======
CHR Profile: C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default [2020-04-16]
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Presentaciones) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-09]
CHR Extension: (Documentos) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-09]
CHR Extension: (Google Drive) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-09]
CHR Extension: (YouTube) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-09]
CHR Extension: (Foxit PDF Creator) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2020-01-14]
CHR Extension: (Full Page Screen Capture) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2020-01-14]
CHR Extension: (Hojas de cálculo) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-09]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2020-03-24]
CHR Extension: (Webroot Password Manager) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-12-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-14]
CHR Extension: (Gmail) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\redar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-05]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-09-02]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-09-02]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [483184 2019-03-29] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11600672 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-09-04] (Mixbyte Inc -> Freemake)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-04] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-04-15] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [1643224 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [2950832 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-14] (Webroot Inc. -> Webroot) [Archivo no firmado]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-12-29] (Wondershare Technology Co.,Ltd -> Wondershare)

Farbar (2/2):

  ===================== Controladores (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
    R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
    R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-02-16] (Microsoft Corporation) [Archivo no firmado]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-15] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-15] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-16] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-16] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-16] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-04-16] (Malwarebytes Inc -> Malwarebytes)
    R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek Semiconductor Corp -> Realtek )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-04-14] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-14] (Microsoft Windows -> Microsoft Corporation)
    S0 WRBoot; C:\WINDOWS\System32\drivers\WRBoot.sys [15792 2020-04-14] (Microsoft Windows Early Launch Anti-malware Publisher -> )
    R1 WRCore; C:\WINDOWS\system32\drivers\WRCore.x64.sys [148336 2019-08-09] (Webroot Inc. -> Webroot, Inc.)
    R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2020-02-04] (Webroot Inc. -> Webroot)
    R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [67912 2020-01-14] (Webroot Inc. -> Webroot)

    ==================== NetSvcs (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


    ==================== Un mes (creado) ===================

    (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

    2020-04-17 18:30 - 2020-04-17 18:31 - 000037906 _____ C:\Users\redar\Downloads\FRST.txt
    2020-04-17 18:29 - 2020-04-17 18:31 - 000000000 ____D C:\FRST
    2020-04-17 18:27 - 2020-04-17 18:27 - 002281472 _____ (Farbar) C:\Users\redar\Downloads\FRST64.exe
    2020-04-16 16:04 - 2020-04-16 16:04 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2020-04-16 16:04 - 2020-04-16 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
    2020-04-16 15:28 - 2020-04-16 15:28 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
    2020-04-16 15:28 - 2020-04-16 15:28 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
    2020-04-16 15:28 - 2020-04-16 15:28 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2020-04-16 15:28 - 2020-04-16 15:28 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
    2020-04-16 15:27 - 2020-04-16 15:27 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
    2020-04-16 15:27 - 2020-04-16 15:27 - 000001079 _____ C:\ProgramData\Desktop\Revo Uninstaller.lnk
    2020-04-16 15:27 - 2020-04-16 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2020-04-16 15:27 - 2020-04-16 15:27 - 000000000 ____D C:\Program Files\VS Revo Group
    2020-04-16 15:25 - 2020-04-16 15:25 - 007432520 _____ (VS Revo Group ) C:\Users\redar\Downloads\revosetup.exe
    2020-04-16 12:20 - 2020-04-16 12:21 - 000011306 _____ C:\Users\redar\Downloads\cc_20200416_122054.reg
    2020-04-16 12:00 - 2020-04-16 12:00 - 003297152 _____ (Nicolas Coolman) C:\Users\redar\ZHPCleaner.exe
    2020-04-16 11:58 - 2020-04-16 11:58 - 000001718 _____ C:\Users\redar\Desktop\AdwCleaner[C01]2.txt
    2020-04-16 11:57 - 2020-04-16 16:05 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2020-04-16 11:57 - 2020-04-16 11:57 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2020-04-16 11:57 - 2020-04-16 11:57 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2020-04-16 11:54 - 2020-04-16 11:54 - 008196784 _____ (Malwarebytes) C:\Users\redar\Downloads\adwcleaner_8.0.4(1).exe
    2020-04-16 11:52 - 2020-04-16 11:52 - 008196784 _____ (Malwarebytes) C:\Users\redar\Downloads\adwcleaner_8.0.4.exe
    2020-04-16 11:49 - 2020-04-16 11:49 - 000001989 _____ C:\Users\redar\Desktop\MB2.txt
    2020-04-16 10:45 - 2020-04-16 10:45 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2020-04-16 10:45 - 2020-04-16 10:45 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2020-04-16 10:45 - 2020-04-16 10:45 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2020-04-16 10:45 - 2020-04-16 10:45 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2020-04-16 10:45 - 2020-04-16 10:45 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2020-04-16 10:45 - 2020-04-16 10:45 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2020-04-16 10:45 - 2020-04-16 10:45 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2020-04-16 10:45 - 2020-04-16 10:45 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2020-04-16 10:45 - 2020-04-16 10:45 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2020-04-16 10:45 - 2020-04-16 10:45 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
    2020-04-16 10:45 - 2020-04-16 10:45 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2020-04-16 10:44 - 2020-04-16 10:45 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2020-04-16 10:44 - 2020-04-16 10:44 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2020-04-16 10:44 - 2020-04-16 10:44 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
    2020-04-16 10:44 - 2020-04-16 10:44 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
    2020-04-16 10:44 - 2020-04-16 10:44 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
    2020-04-16 10:44 - 2020-04-16 10:44 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2020-04-16 10:43 - 2020-04-16 10:43 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2020-04-16 10:43 - 2020-04-16 10:43 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
    2020-04-16 10:43 - 2020-04-16 10:43 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2020-04-16 10:42 - 2020-04-16 10:42 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2020-04-16 10:42 - 2020-04-16 10:42 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
    2020-04-16 10:42 - 2020-04-16 10:42 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
    2020-04-16 10:42 - 2020-04-16 10:42 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
    2020-04-16 10:41 - 2020-04-16 10:41 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
    2020-04-15 13:13 - 2020-04-15 13:13 - 000198704 _____ C:\Users\redar\Downloads\cc_20200415_131254.reg
    2020-04-15 12:33 - 2020-04-16 12:15 - 000009418 _____ C:\Users\redar\Desktop\ZHPCleaner (R).html
    2020-04-15 12:33 - 2020-04-16 12:15 - 000002846 _____ C:\Users\redar\Desktop\ZHPCleaner (R).txt
    2020-04-15 12:20 - 2020-04-16 12:13 - 000009150 _____ C:\Users\redar\Desktop\ZHPCleaner (S).html
    2020-04-15 12:20 - 2020-04-16 12:13 - 000002687 _____ C:\Users\redar\Desktop\ZHPCleaner (S).txt
    2020-04-15 12:05 - 2020-04-16 12:18 - 000000000 ____D C:\Users\redar\AppData\Roaming\ZHP
    2020-04-15 12:05 - 2020-04-16 12:00 - 000000734 _____ C:\Users\redar\Desktop\ZHPCleaner.lnk
    2020-04-15 12:05 - 2020-04-15 12:05 - 003296640 _____ (Nicolas Coolman) C:\Users\redar\Downloads\ZHPCleaner.exe
    2020-04-15 12:05 - 2020-04-15 12:05 - 000000000 ____D C:\Users\redar\AppData\Local\ZHP
    2020-04-15 11:59 - 2020-04-15 11:59 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2020-04-15 11:56 - 2020-04-15 11:58 - 000000000 ____D C:\AdwCleaner
    2020-04-15 11:27 - 2020-04-15 11:27 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
    2020-04-15 00:28 - 2020-04-15 00:28 - 000000000 ____D C:\Users\redar\Documents\My Digital Editions
    2020-04-15 00:22 - 2020-04-15 00:27 - 000000000 ____D C:\Program Files\CCleaner
    2020-04-15 00:22 - 2020-04-15 00:22 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2020-04-15 00:22 - 2020-04-15 00:22 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
    2020-04-15 00:22 - 2020-04-15 00:22 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
    2020-04-15 00:22 - 2020-04-15 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2020-04-14 23:59 - 2020-04-15 00:26 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2020-04-14 23:55 - 2020-04-14 23:55 - 000000000 ___HD C:\$SysReset
    2020-04-14 23:08 - 2020-04-14 23:09 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2020-04-14 23:08 - 2020-04-14 23:09 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2020-04-14 22:51 - 2020-04-14 22:51 - 001965536 _____ (Malwarebytes) C:\Users\redar\Downloads\MBSetup.exe
    2020-04-14 20:38 - 2020-04-14 20:38 - 001224264 _____ (Adobe Inc) C:\Users\redar\Downloads\flashplayer32au_a_install.exe
    2020-04-14 18:19 - 2020-04-14 18:20 - 000001846 _____ C:\Users\redar\Downloads\17732662F.309
    2020-04-10 21:39 - 2020-04-11 10:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2020-04-10 15:00 - 2020-04-10 15:00 - 000000000 ____D C:\Users\redar\Downloads\Nueva carpeta
    2020-04-09 16:18 - 2020-04-09 16:18 - 001654662 _____ C:\Users\redar\Downloads\2020-03-31-manual-abogado.pdf
    2020-04-08 20:07 - 2020-04-08 20:07 - 000000000 ____D C:\ProgramData\WRCore
    2020-04-08 10:45 - 2020-04-08 10:45 - 038649557 _____ C:\Users\redar\Downloads\Global_Atlas_of_Allergic_ENT.pdf
    2020-04-07 18:52 - 2020-04-07 18:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2020-04-07 18:43 - 2020-04-14 22:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2020-04-04 12:32 - 2020-04-04 12:32 - 000181129 _____ C:\Users\redar\Downloads\RS-24-cardio.pdf
    2020-04-03 12:26 - 2020-04-03 12:26 - 009796138 _____ C:\Users\redar\Downloads\ISPROX_DOSSIER_FRANQUICIA (1).pdf
    2020-03-31 21:57 - 2020-03-31 21:57 - 000038805 _____ C:\Users\redar\Downloads\Lupin the Third The Gravestone of Daisuke Jigen (2014) [720p] [BluRay] [YTS.MX] (1).torrent
    2020-03-31 19:51 - 2020-03-31 19:52 - 000154090 _____ C:\Users\redar\Downloads\bbpress-es_ES.mo
    2020-03-31 19:51 - 2020-03-31 19:51 - 000246914 _____ C:\Users\redar\Downloads\bbpress-es_ES.po
    2020-03-31 19:51 - 2020-03-31 19:51 - 000107100 _____ C:\Users\redar\Downloads\disputo-es_ES.po
    2020-03-31 19:51 - 2020-03-31 19:51 - 000002692 _____ C:\Users\redar\Downloads\disputo-es_ES.mo
    2020-03-31 16:56 - 2020-03-31 16:56 - 000000000 ____D C:\Users\redar\MEDIA
    2020-03-28 13:42 - 2020-03-28 13:42 - 000408843 _____ C:\Users\redar\Downloads\Folleto-Online20.pdf
    2020-03-28 13:26 - 2020-03-28 13:26 - 005155054 _____ C:\Users\redar\Downloads\Sexología.pdf
    2020-03-26 17:02 - 2020-03-26 17:02 - 000046959 _____ C:\Users\redar\Downloads\confirmacionDelPedido_93801958.pdf
    2020-03-25 11:45 - 2020-03-25 11:45 - 000776681 _____ C:\Users\redar\Downloads\SPANISH_RHINOLIGHT-BROCHURE.pdf
    2020-03-25 10:56 - 2020-03-25 10:56 - 000086157 _____ C:\Users\redar\Downloads\The Gentlemen (2019) [1080p] [WEBRip] [5.1] [YTS.MX].torrent
    2020-03-25 10:56 - 2020-03-25 10:56 - 000038805 _____ C:\Users\redar\Downloads\Lupin the Third The Gravestone of Daisuke Jigen (2014) [720p] [BluRay] [YTS.MX].torrent
    2020-03-24 12:28 - 2020-03-24 12:28 - 000000999 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
    2020-03-24 12:28 - 2020-03-24 12:28 - 000000999 _____ C:\ProgramData\Desktop\calibre 64bit - E-book management.lnk
    2020-03-24 12:28 - 2020-03-24 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
    2020-03-24 12:28 - 2020-03-24 12:28 - 000000000 ____D C:\Program Files\Calibre2
    2020-03-24 12:25 - 2020-03-24 12:27 - 123936768 _____ C:\Users\redar\Downloads\calibre-64bit-4.12.0.msi
    2020-03-22 23:31 - 2020-03-22 23:31 - 000000000 ____D C:\Users\redar\Downloads\cache
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2020-03-22 00:48 - 2020-03-22 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
    2020-03-20 23:03 - 2020-03-20 23:03 - 001923718 _____ C:\Users\redar\Downloads\F_orientacion%20laboral.pdf
    2020-03-19 14:55 - 2020-03-19 14:55 - 000282114 _____ C:\Users\redar\Downloads\null.pdf
    2020-03-19 00:23 - 2020-03-19 00:23 - 000056022 _____ C:\Users\redar\Downloads\22190_BI.pdf
    2020-03-18 21:14 - 2020-03-18 21:14 - 000000549 _____ C:\Users\redar\Downloads\2018__12__Detective-Dee_-The-Four-Heavenly-Kings-(torrent0).zip
    2020-03-18 14:00 - 2020-03-18 14:00 - 000000000 ____D C:\Users\redar\Documents\Plantillas personalizadas de Office

    ==================== Un mes (modificado) ==================

    (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

    2020-04-17 18:26 - 2020-02-16 02:00 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3813149516-965609670-1582131489-1001
    2020-04-17 18:26 - 2020-02-16 01:52 - 000002397 _____ C:\Users\redar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-04-17 18:26 - 2018-07-14 17:35 - 000000000 ___RD C:\Users\redar\OneDrive
    2020-04-17 18:25 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-04-17 18:22 - 2018-10-15 16:23 - 000000000 ____D C:\Users\redar\AppData\LocalLow\Mozilla
    2020-04-17 18:21 - 2018-07-16 22:21 - 000000000 __SHD C:\Users\redar\IntelGraphicsProfiles
    2020-04-16 16:30 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-04-16 16:10 - 2020-02-16 01:59 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-04-16 16:10 - 2019-03-19 13:59 - 000788560 _____ C:\WINDOWS\system32\perfh00A.dat
    2020-04-16 16:10 - 2019-03-19 13:59 - 000155850 _____ C:\WINDOWS\system32\perfc00A.dat
    2020-04-16 16:09 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
    2020-04-16 16:05 - 2019-12-18 14:31 - 000000000 ____D C:\Program Files\Webroot
    2020-04-16 16:04 - 2020-02-16 02:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-04-16 16:04 - 2020-02-16 01:51 - 000441512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-04-16 16:04 - 2019-12-18 14:31 - 000275080 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2020-04-16 16:04 - 2019-12-18 14:31 - 000231472 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2020-04-16 16:04 - 2019-09-12 08:55 - 000000416 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
    2020-04-16 16:04 - 2019-09-11 12:02 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
    2020-04-16 16:04 - 2019-09-10 18:16 - 000000150 _____ C:\WINDOWS\SysWOW64\winsevr.dat
    2020-04-16 16:04 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2020-04-16 16:04 - 2018-12-31 11:09 - 000000000 ____D C:\ProgramData\WRData
    2020-04-16 16:03 - 2020-02-16 01:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Provisioning
    2020-04-16 16:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
    2020-04-16 15:31 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2020-04-16 15:08 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-04-16 12:00 - 2020-02-16 01:52 - 000000000 ____D C:\Users\redar
    2020-04-16 09:06 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
    2020-04-15 11:34 - 2019-07-21 11:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-04-15 11:34 - 2019-07-21 11:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-04-15 11:33 - 2019-07-21 11:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2020-04-15 11:33 - 2019-07-21 11:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2020-04-15 00:29 - 2020-01-03 18:26 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
    2020-04-15 00:29 - 2020-01-03 18:26 - 000000000 ____D C:\Users\redar\AppData\Roaming\Notepad++
    2020-04-15 00:29 - 2019-12-28 18:38 - 000000000 ____D C:\Users\redar\AppData\Roaming\FileZilla
    2020-04-15 00:29 - 2018-10-03 22:58 - 000000000 ____D C:\Users\redar\AppData\Roaming\uTorrent
    2020-04-15 00:28 - 2020-02-15 19:11 - 000000000 ___DC C:\WINDOWS\Panther
    2020-04-15 00:28 - 2019-06-19 15:53 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
    2020-04-15 00:28 - 2019-06-19 15:53 - 000002245 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk
    2020-04-15 00:28 - 2019-06-19 15:53 - 000002245 _____ C:\ProgramData\Desktop\Adobe Digital Editions 4.5.lnk
    2020-04-15 00:28 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-04-14 23:49 - 2018-07-14 17:35 - 000000000 ____D C:\Users\redar\AppData\Local\PlaceholderTileLogoFolder
    2020-04-14 23:05 - 2018-07-14 16:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2020-04-14 23:04 - 2018-07-14 17:32 - 000000000 ____D C:\Users\redar\AppData\Local\Packages
    2020-04-14 22:56 - 2018-12-24 16:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-04-14 22:51 - 2018-07-15 22:14 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2020-04-14 22:50 - 2019-03-19 06:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2020-04-14 20:56 - 2019-12-18 14:31 - 000015792 _____ C:\WINDOWS\system32\Drivers\WRBoot.sys
    2020-04-13 11:03 - 2020-03-17 10:31 - 000000000 ____D C:\Users\redar\Documents\AEAT
    2020-04-11 10:51 - 2020-01-24 09:38 - 000001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2020-04-10 15:31 - 2019-11-03 22:17 - 000000000 ____D C:\Users\redar\AppData\Local\TvVodafone-data
    2020-04-10 15:29 - 2019-11-22 21:07 - 000000000 ____D C:\Users\redar\Downloads\MEDIA
    2020-04-09 19:05 - 2018-07-14 18:29 - 000000000 ____D C:\Users\redar\AppData\Roaming\vlc
    2020-04-08 21:15 - 2018-07-14 17:50 - 000000000 ____D C:\Users\redar\AppData\Local\PackageStaging
    2020-04-08 20:41 - 2020-03-09 20:33 - 000000000 ____D C:\Users\redar\AppData\LocalLow\uTorrent
    2020-04-08 20:40 - 2019-03-24 17:17 - 000000000 ____D C:\Users\redar\AppData\Local\BitTorrentHelper
    2020-04-07 18:52 - 2018-12-24 16:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2020-04-06 20:44 - 2018-12-24 16:21 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-04-04 12:14 - 2019-11-22 21:22 - 000000000 ____D C:\Users\redar\Documents\BIKE
    2020-04-02 22:34 - 2019-11-11 16:53 - 000000000 ____D C:\Users\redar\Documents\GARAJE MAMA
    2020-03-29 18:18 - 2018-12-13 20:21 - 000000000 ____D C:\Users\redar\AppData\Local\Epic Privacy Browser
    2020-03-26 16:57 - 2018-07-14 17:32 - 000000000 ____D C:\Users\redar\AppData\Local\Publishers
    2020-03-24 12:36 - 2019-03-28 23:59 - 000000000 ____D C:\Users\redar\Biblioteca de calibre
    2020-03-22 23:11 - 2020-02-13 10:54 - 000000000 ____D C:\Users\redar\Documents\ADMIN
    2020-03-22 00:49 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-03-22 00:47 - 2018-12-09 19:43 - 000000000 ____D C:\Program Files\Microsoft Office
    2020-03-20 22:56 - 2020-02-16 02:00 - 000003622 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-03-20 22:56 - 2020-02-16 02:00 - 000003498 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Archivos en la raíz de algunos directorios ========

    2020-04-16 12:00 - 2020-04-16 12:00 - 003297152 _____ (Nicolas Coolman) C:\Users\redar\ZHPCleaner.exe

    ==================== SigCheck ============================

    (No existe una corrección automática para los archivos que no pasan la verificación.)

    ==================== Final de FRST.txt ========================

Cuando paso el ESSET el fondo del escritorio se pasa a negro, en los acessos directos la imagen se ve doble. El cursor apenas responde, no puedo guardar el reporte porque al hacer click encima de la opción guardar, no hace nada . Y tampoco puedo abrir el menú inicio teniendo que apagar el pc del botón. Saludos

Es posible que su antivirus esté interfiriendo y ambos antivirus actuando produzca ese cocktel de problemas. Vamos a dejar ESET, de momento nuestra prioridad es eliminar el antivirus de WebRoot.

Cuanto tengas el informe Additions.txt me lo envias por favor.

Por favor no se olvide de enviarme el informe Additions.txt. Sin él no podré analizar el resultado del programa FRST.

Hola, el informe no lo podía obtener. El disco esta fuera del pc conectado en una base por usb a otro ordenador. He podido desistalar el WR con el desistalador de W10. Luego con una busqueda he ido eliminando manualmente cualquier elemento con extensión WR, por cierto he visto un elambkup, que desconozco si pertenece a los archivos de WR.

Si quieres le puedo pasar al disco los programas que me digas, antes de volver a conectar el disco a su ordenador y cruzar los dedos.

Saludos

Claro el programa FRST tal como te dije es mejor ejecutarlos con el disco-problema como principal.

A ver en ese caso puedes realizar los pasos que te indiqué en este mensaje:

ESET Online Scanner y Kaspersky …

Asegúrate de seleccionar la unidad donde estaba instalado el antivirus de WebRoot.

Hola, he tenido que hacer un volcado de datos y formatear. Algún consejo para elegir un AV decente? Muchas gracias por todo.