winFLtrayH.exe en el inicio

jah-gzmn · 25 Septiembre, 2019 20:12

saludos amigos del foro, les cuento que al chequear el apartado de inicio en el administrador de tareas me encuentro con el proceso winFLtrayH.exe (creo que corresponde a un programa para poner claves a carpetas de windows que probé y que ya no tengo instalado), me gustaría me ayuden a quitarlo, no estoy seguro si es una infección o solo resto del programa, realice los chequeos pertinentes y todo indicaría que es la segunda opción pero uds podrán decirme con mayor seguridad !!! desde ya muchas gracias !!!

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 25/9/19
Hora del análisis: 11:22
Archivo de registro: eb884aae-df9f-11e9-aea0-94de80b8f6ac.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12645
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 18362.356)
CPU: x64
Sistema de archivos: NTFS
Usuario: JAHGZMN\GASTON

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 559817
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 4 hr, 46 min, 42 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by GASTON (Limited) on mi‚. 25/09/2019 at 16:57:05,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on mi‚. 25/09/2019 at 16:58:47,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-23.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-25-2019
# Duration: 00:00:17
# OS:       Windows 10 Pro
# Scanned:  35648
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [4742 octets] - [25/09/2019 16:59:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

JavierHF · 25 Septiembre, 2019 20:27

Hola @jah-gzmn

Bien… vamos a ver que tienes en tu equipo, ahora realiza estos pasos :

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Descargar en TU ESCRITORIO(y NO en otro lugar )

Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los dos informes en tu próxima respuesta.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Saludos, Javier.

jah-gzmn · 25 Septiembre, 2019 21:16

hola @JavierHF y muchas gracias por la pronta respuesta !!! te paso los reportes(algo que me llama mucho la atención es que veo muchas Task de avast y yo no lo utilizo (de hecho en mi anterior pedido de ayuda @Daniela me había hecho notar lo mismo y en el fix me había quitado todas las entradas de avast), sera ccleaner el culpable ? espero tu opinión !!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2019
Ran by GASTON (administrator) on JAHGZMN (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (25-09-2019 18:05:00)
Running from C:\Users\GASTON\Desktop
Loaded Profiles: GASTON (Available Profiles: defaultuser0 & GASTON)
Platform: Windows 10 Pro Version 1903 18362.356 (X64) Language: Español (México)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.5-0\MsMpEng.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\Run: [WinFLTrayH] => C:\WINDOWS\SysWow64\WinFLTrayH.ex
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152576 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F3B9B9-3F67-479D-A25A-20F5503526C1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {0B937331-8109-46FD-8BB5-46BFC4F3EDD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21820515-69BC-4BB0-A8F4-3272CBED4A3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2389F19F-9FEC-46E2-93AE-47430F806B92} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {31CEFF0F-66E5-4F58-A97D-46E6C031A249} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B661A67-30C7-4CB6-ADC1-9EB768F785C5} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {4C723588-F71F-4000-B135-106FC4147A15} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-05-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {51E74509-7402-4758-B62D-CBFE862AF09C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B2FA3BC-CE16-4EDF-907D-A1A3D8DD0F6A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {63F9EE1A-3BBB-4060-B08E-CFC8324A7D1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {76C0D739-3A3D-4B91-8A7C-98607ECCF9DB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {86ED81C6-CBF1-4BD0-8A29-B54A1CE03C38} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {8BC3AF51-7740-4369-BDBE-75713733F469} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-05-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {94A31D7D-A4B4-435D-98EF-C4E6424784F3} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CreateExplorerShellUnelevatedTask" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Motorola Device Manager Initial Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Motorola Device Manager Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4053121906-3739663058-3097000640-1001" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1522617166" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{61CFE85B-4B6A-4D81-85CE-A5B2FDF4379E}" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {BF7D1070-A995-47FC-ACE6-D941881EB4B9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {C77B6296-51C4-4F30-BCDA-E29B7A7B4C77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {D27F6134-149C-429F-A8B8-4149F2434F83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-01] (Google Inc -> Google LLC)
Task: {DEA97625-B701-45FF-A911-B3042E4B473E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC58994F-1F7F-47C7-B899-39F6F3288392} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-01] (Google Inc -> Google LLC)
Task: {EE66DC47-4933-42E6-9256-5FBF6878C18E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F2902290-BB63-45A2-9678-F4A1F2C15119} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{f7b7cb9d-f6ec-4d29-aea7-8e0426dce701}: [DhcpNameServer] 186.130.128.250 186.130.129.250

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDF-XChange IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
BHO-x32: PDF-XChange IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM - PDF-XChange IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM-x32 - PDF-XChange IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange Standard\PXCIEAddin.x86.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: C:\Users\GASTON\Downloads
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.17.0_neutral__d55gg7py3s0m0 [2019-08-25]
Edge Extension: (McAfee® WebAdvisor) -> EdgeExtension_5A894077McAfeeWebAdvisor_wafk5atnkzcwy => C:\Program Files\WindowsApps\5A894077.McAfeeWebAdvisor_2.0.22033.0_x86__wafk5atnkzcwy [2019-08-31]
Edge Extension: (Traductor para Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2019-08-25]

FireFox:
========
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-09-01] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-09-01] (Google Inc -> Google LLC)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4053121906-3739663058-3097000640-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4053121906-3739663058-3097000640-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4053121906-3739663058-3097000640-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR Profile: C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default [2019-09-25]
CHR Extension: (Presentaciones) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-01]
CHR Extension: (Documentos) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-01]
CHR Extension: (Google Drive) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-09-01]
CHR Extension: (YouTube) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-01]
CHR Extension: (Hojas de cálculo) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-09-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-01]
CHR Extension: (Gmail) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\GASTON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe [481656 2018-05-22] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082536 2019-04-16] (Microsoft Corporation -> Microsoft Corporation)
R2 CmService; C:\WINDOWS\System32\CmService.dll [820536 2019-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1390904 2019-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [3388928 2019-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [41992 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3498296 2019-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\NisSrv.exe [3003832 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.5-0\MsMpEng.exe [103168 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 FLServiceH; C:\WINDOWS\SysWOW64\WinFLServiceH.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmdag.sys [44682104 2018-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmpag.sys [552824 2018-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [36368 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 l2bridge; C:\WINDOWS\System32\drivers\l2bridge.sys [58384 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1409024 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [39736 2019-08-14] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [39736 2019-08-14] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [349920 2019-09-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-25 18:05 - 2019-09-25 18:06 - 000024707 _____ C:\Users\GASTON\Desktop\FRST.txt
2019-09-25 18:04 - 2019-09-25 18:05 - 000000000 ____D C:\FRST
2019-09-25 18:02 - 2019-09-25 18:02 - 001615872 _____ (Farbar) C:\Users\GASTON\Desktop\FRST64.exe
2019-09-25 16:59 - 2019-09-25 16:59 - 000001387 _____ C:\Users\GASTON\Desktop\AdwCleaner[S00].txt
2019-09-25 16:59 - 2019-09-25 16:59 - 000000000 ____D C:\AdwCleaner
2019-09-25 16:58 - 2019-09-25 16:58 - 000000558 _____ C:\Users\GASTON\Desktop\JRT.txt
2019-09-25 16:56 - 2019-09-25 16:56 - 000001548 _____ C:\Users\GASTON\Desktop\mbam scan.txt
2019-09-25 10:29 - 2019-09-25 11:21 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-09-25 10:24 - 2019-09-25 10:24 - 000797760 _____ C:\Users\GASTON\Desktop\delfix.exe
2019-09-25 10:23 - 2019-09-25 10:23 - 001790024 _____ (Malwarebytes) C:\Users\GASTON\Desktop\JRT.exe
2019-09-25 10:21 - 2019-09-25 10:22 - 007636680 _____ (Malwarebytes) C:\Users\GASTON\Desktop\adwcleaner_7.4.1.exe
2019-09-20 22:59 - 2019-09-20 23:00 - 000000000 ____D C:\Users\GASTON\Desktop\trabajo practico gzmn
2019-09-14 19:39 - 2019-09-14 19:39 - 000001665 _____ C:\Users\GASTON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SWTFU2.lnk
2019-09-13 19:40 - 2019-09-14 19:35 - 000000700 ___SH C:\Users\GASTON\AppData\Local\systemFLH.dat
2019-09-13 19:39 - 2019-09-14 19:35 - 000000020 ___SH C:\Users\GASTON\AppData\Local\settingsFLH.dat
2019-09-13 19:34 - 2019-09-13 19:34 - 000040960 _____ C:\WINDOWS\SysWOW64\nwsftUninstallh.exe
2019-09-11 09:26 - 2019-09-11 09:26 - 025445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 018019328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 007014912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 005916672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 003817472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-09-11 09:26 - 2019-09-11 09:26 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-09-11 09:26 - 2019-09-11 09:26 - 002494232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000516752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000362056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000291848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-09-11 09:26 - 2019-09-11 09:26 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-09-11 09:25 - 2019-09-11 09:26 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 022626304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 017787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 008011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 007902912 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 007582752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 007261648 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 006516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 006081744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 005848840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 005762032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 004857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 004562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 003724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 003701248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 003372448 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 002861568 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-09-11 09:25 - 2019-09-11 09:25 - 002723840 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002426024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 002284032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002120272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001691136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001664168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001439232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001413624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001394488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001261256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001192096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 001158656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001149200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 001073168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000909736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000810808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000680976 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000676632 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000596008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000589600 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000561680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000541264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000454736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000431448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000401208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000338800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000334936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000267496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ManageCI.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000146416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000141840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000120344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2019-09-11 09:25 - 2019-09-11 09:25 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000020944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-09-11 09:25 - 2019-09-11 09:25 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKOR.DLL
2019-09-11 09:25 - 2019-09-11 09:25 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2019-09-11 09:25 - 2019-09-11 09:25 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-09-11 09:25 - 2019-09-11 09:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-09-03 14:53 - 2019-09-03 14:53 - 000000000 ____D C:\Users\GASTON\AppData\Roaming\Google
2019-09-01 21:08 - 2019-09-19 17:13 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-01 21:07 - 2019-09-01 21:08 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-01 21:07 - 2019-09-01 21:07 - 000003556 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-09-01 21:07 - 2019-09-01 21:07 - 000003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-31 17:08 - 2019-08-31 17:08 - 019811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 007196160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 006236160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 005091840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 005041664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 004538368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 003916048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 003750912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 003738376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 003498296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 003388928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002771520 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002743808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002703360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002562048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002224952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 002095104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001957000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001913088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001845616 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001815040 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001716776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001616568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001531656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001510744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001488216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001390904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeAgent.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001305608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-31 17:08 - 2019-08-31 17:08 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001154952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001122816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 001105480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000904704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\opengl32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000902456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandbox.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000820536 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmService.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000781912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000776704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000775768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcIsoCtnr.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000727752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputHost.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000677176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000628400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000593112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2019-08-31 17:08 - 2019-08-31 17:08 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000515448 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000511488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000510984 _____ (Microsoft Corporation)

jah-gzmn · 25 Septiembre, 2019 21:18

C:\WINDOWS\system32\systemreset.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000488056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiagn.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000442304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000401832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000316216 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngctasks.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glu32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmclient.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCenter.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000167136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000145720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000145208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\madrid.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000085008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-08-31 17:08 - 2019-08-31 17:08 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-08-31 17:08 - 2019-08-31 17:08 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000069944 _____ C:\WINDOWS\system32\cmdiag.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000067584 _____ C:\WINDOWS\system32\cmimageworker.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edpnotify.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInput.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInput1_4.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000042512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInput1_4.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecerts.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000021544 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fvecerts.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000019984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2019-08-31 17:08 - 2019-08-31 17:08 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2019-08-31 17:08 - 2019-08-31 17:08 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 007839120 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 006408704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 006162432 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 004009472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 003551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 003353088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 002551096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 002466512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 002032640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001754232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-31 17:07 - 2019-08-31 17:07 - 001601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001509728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 001482256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-31 17:07 - 2019-08-31 17:07 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 001068560 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001065984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputHost.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000944664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000913168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000889960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000683008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000441360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000411128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000237880 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000182288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000147184 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000117048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-08-31 17:07 - 2019-08-31 17:07 - 000106296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInput.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-08-31 17:07 - 2019-08-31 17:07 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2019-08-31 17:07 - 2019-08-31 17:07 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 006226352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 004551352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 003947520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 002119168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 001744400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 001686528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 001259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 001094144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 001091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000905728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000731960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000722288 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000478264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000352232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000252944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wosc.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApproveChildRequest.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000225080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000149504 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2019-08-31 17:06 - 2019-08-31 17:06 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo-overrides.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000055304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2019-08-31 17:06 - 2019-08-31 17:06 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-08-31 17:06 - 2019-08-31 17:06 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2019-08-31 14:49 - 2019-08-31 14:49 - 000059378 _____ C:\Users\GASTON\Documents\Librogzmn.pdf
2019-08-31 13:37 - 2019-08-31 17:56 - 000012530 _____ C:\Users\GASTON\Documents\Libro1.xlsx
2019-08-28 21:16 - 2019-08-28 21:16 - 000076216 _____ C:\Users\GASTON\Documents\LIQUIDACION DE SUELDOS - copia.pdf
2019-08-27 18:49 - 2019-08-27 18:49 - 000000000 ____D C:\Users\GASTON\AppData\Roaming\Macromedia
2019-08-27 17:32 - 2019-08-27 17:32 - 000000000 ____D C:\Users\GASTON\AppData\LocalLow\AMD

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-25 17:59 - 2016-11-09 13:56 - 000000000 ____D C:\Program Files (x86)\Steam
2019-09-25 17:54 - 2019-07-23 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-25 17:26 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-25 17:22 - 2019-07-23 19:42 - 000004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61CFE85B-4B6A-4D81-85CE-A5B2FDF4379E}
2019-09-25 17:20 - 2019-07-23 19:38 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-25 17:20 - 2019-03-19 08:49 - 000786462 _____ C:\WINDOWS\system32\perfh00A.dat
2019-09-25 17:20 - 2019-03-19 08:49 - 000155296 _____ C:\WINDOWS\system32\perfc00A.dat
2019-09-25 17:20 - 2019-03-19 01:50 - 000000000 ____D C:\WINDOWS\INF
2019-09-25 17:15 - 2019-07-23 20:02 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-09-25 17:15 - 2019-07-23 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-25 17:15 - 2019-03-19 01:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-09-25 11:20 - 2017-05-10 16:41 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-09-25 07:14 - 2019-03-19 01:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-25 07:14 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-24 18:08 - 2019-07-23 19:42 - 000002298 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-09-24 17:50 - 2019-07-23 18:47 - 000000000 ____D C:\Users\GASTON
2019-09-20 17:38 - 2018-02-28 19:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-20 17:38 - 2017-11-09 08:19 - 000000000 ____D C:\Users\GASTON\AppData\Local\Packages
2019-09-18 19:16 - 2017-03-23 18:42 - 000000000 ____D C:\Users\GASTON\AppData\Roaming\AIMP
2019-09-18 17:15 - 2016-11-09 11:30 - 000000000 ____D C:\Users\GASTON\AppData\Local\ElevatedDiagnostics
2019-09-14 19:21 - 2018-05-10 04:24 - 000000000 ____D C:\Users\GASTON\AppData\Local\D3DSCache
2019-09-13 19:10 - 2019-07-23 19:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-09-13 19:01 - 2019-04-27 23:38 - 000000000 ____D C:\Users\GASTON\Documents\cv gzmn
2019-09-13 19:01 - 2017-05-20 15:28 - 000000000 ____D C:\Users\GASTON\Documents\comprobantes de pago
2019-09-13 18:59 - 2018-09-25 21:11 - 000000000 ____D C:\Users\GASTON\Downloads\games
2019-09-13 18:46 - 2016-11-03 02:46 - 000000000 ____D C:\Users\GASTON\AppData\LocalLow\Temp
2019-09-13 18:27 - 2016-11-01 21:35 - 000000000 ___RD C:\Users\GASTON\OneDrive
2019-09-11 20:01 - 2019-07-29 22:58 - 000001008 _____ C:\cmdlog.txt
2019-09-11 14:25 - 2016-11-01 22:42 - 000000000 ___RD C:\Users\GASTON\3D Objects
2019-09-11 14:25 - 2016-11-01 21:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-11 14:24 - 2019-07-23 19:25 - 000303320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-09-11 14:22 - 2019-03-19 01:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-09-11 14:22 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-09-11 14:22 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-09-11 14:22 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-09-11 14:22 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-09-11 09:32 - 2019-03-19 01:56 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-09-11 09:32 - 2019-03-19 01:56 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-11 09:32 - 2019-03-19 01:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-10 17:35 - 2019-07-23 19:42 - 000002922 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4053121906-3739663058-3097000640-1001
2019-09-10 13:42 - 2017-01-03 05:07 - 000000000 ____D C:\Temp
2019-09-06 14:35 - 2017-02-23 03:16 - 000000000 ____D C:\Users\GASTON\AppData\Roaming\MPC-HC
2019-09-06 02:59 - 2019-07-23 18:47 - 000002370 _____ C:\Users\GASTON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-01 21:08 - 2017-03-03 13:26 - 000000000 ____D C:\Users\GASTON\AppData\Local\Google
2019-08-31 17:18 - 2019-07-23 20:01 - 000000000 ___SD C:\WINDOWS\system32\containers
2019-08-31 17:18 - 2019-03-19 08:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-31 17:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-31 17:14 - 2019-03-19 08:52 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2019-08-31 17:14 - 2019-03-19 08:52 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-08-31 14:08 - 2017-11-09 18:45 - 000000000 ____D C:\Users\GASTON\AppData\Local\PlaceholderTileLogoFolder
2019-08-30 18:58 - 2017-03-23 18:42 - 000000000 ____D C:\Program Files (x86)\AIMP
2019-08-27 21:25 - 2019-07-23 19:42 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask

==================== Files in the root of some directories ================

2019-06-24 16:37 - 2019-07-03 11:50 - 000001230 _____ () C:\Users\GASTON\AppData\Local\oobelibMkey.log
2018-08-05 22:48 - 2018-08-05 22:50 - 000007598 _____ () C:\Users\GASTON\AppData\Local\resmon.resmoncfg
2019-09-13 19:39 - 2019-09-14 19:35 - 000000020 ___SH () C:\Users\GASTON\AppData\Local\settingsFLH.dat
2019-09-13 19:40 - 2019-09-14 19:35 - 000000700 ___SH () C:\Users\GASTON\AppData\Local\systemFLH.dat

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

jah-gzmn · 25 Septiembre, 2019 21:19

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2019
Ran by GASTON (25-09-2019 18:06:53)
Running from C:\Users\GASTON\Desktop
Windows 10 Pro Version 1903 18362.356 (X64) (2019-07-23 22:43:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4053121906-3739663058-3097000640-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4053121906-3739663058-3097000640-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4053121906-3739663058-3097000640-1000 - Limited - Disabled) => C:\Users\defaultuser0
GASTON (S-1-5-21-4053121906-3739663058-3097000640-1001 - Administrator - Enabled) => C:\Users\GASTON
Invitado (S-1-5-21-4053121906-3739663058-3097000640-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4053121906-3739663058-3097000640-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2146, 28.08.2019 - AIMP DevTeam)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
BurnAware Free 11.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Dragon Ball Xenoverse 2 (HKLM-x32\...\Dragon Ball Xenoverse 2_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramienta de descarga USB/DVD de Windows 7 (HKLM-x32\...\{266F443F-A296-406F-9EE8-DF4A1061C6CE}) (Version: 1.0.30 - Microsoft Corporation)
Kelly Slater's Pro Surfer(tm) (HKLM-x32\...\{A4479693-378E-49EB-AD5A-C5A8B2BC097A}) (Version: 1.00.0000 - Aspyr Media inc.)
K-Lite Codec Pack 14.9.7 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.9.7 - KLCP)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Hogar y Estudiantes 2016 - es-es (HKLM\...\HomeStudentRetail - es-es) (Version: 16.0.11425.20228 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{893D9E06-E352-4BE4-B8E4-CFADC08B8DBF}) (Version: 4.2.1 - dotPDN LLC)
PDF-XChange PRO (HKLM\...\{313BAF4A-B48F-41B4-BF9E-7B69F25018A9}) (Version: 8.0.330.0 - Tracker Software Products (Canada) Ltd.)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Star Wars: El Poder de la Fuerza 2 (HKLM-x32\...\Star Wars: El Poder de la Fuerza 2_is1) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.17.0_neutral__d55gg7py3s0m0 [2019-08-25] (eyeo GmbH)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
McAfee WebAdvisor -> C:\Program Files\WindowsApps\5A894077.McAfeeWebAdvisor_2.0.22033.0_x86__wafk5atnkzcwy [2019-08-31] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-27] (Microsoft Studios) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.562.0_x64__mcm4njqhnhss8 [2019-09-18] (Netflix, Inc.)
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.7.0_x64__6bhtb546zcxnj [2019-09-21] (TuneIn) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-08-30] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-04-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-08-30] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-24 22:12 - 2018-04-24 22:12 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 22:12 - 2018-04-24 22:12 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-05-16 15:25 - 2018-05-16 15:25 - 000155688 _____ (AMD PMP-PE CB Code Signer v20180327 -> Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-05-16 14:48 - 2018-05-16 14:48 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 22:12 - 2018-04-24 22:12 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 08:47 - 2019-07-03 23:17 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2019-07-23 20:12 - 2019-07-23 20:12 - 000000525 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.17.46.132 73909c27-e0c7-47ec-823b-eb7505b3a062.mshome.net # 2019 7 2 30 23 12 33 847
172.17.46.129 JAHGZMN.mshome.net # 2024 7 0 21 23 12 33 847

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GASTON\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 186.130.128.250 - 186.130.129.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\StartupApproved\Run: => "WinFLTrayH"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{3FC61C40-9D25-41AB-87C7-CFC9746AA835}C:\program files (x86)\steam\steamapps\common\pro evolution soccer 2017\pes2017.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pro evolution soccer 2017\pes2017.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{5EDD98ED-A281-4AE5-8727-DD909FD02344}C:\program files (x86)\steam\steamapps\common\pro evolution soccer 2017\pes2017.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pro evolution soccer 2017\pes2017.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [{01A0E943-7461-4FC3-B46F-1EC346F74FEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4DA240A-5045-475C-9937-CEC0861C8980}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5ABCFBE9-F8B6-43E5-88BF-AB1CB4FA3123}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CD27BF30-E6F7-45A4-8CC8-3046AFD3B978}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{34F3F26D-5B60-451A-B9E6-B31223298E35}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{FDB5C952-701D-4064-8F22-CA86C016907C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{10DCD5DF-3E56-44EF-91FE-6577CB62A078}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars El Poder de la Fuerza 2\SWTFU2.exe (LucasArts) [File not signed]
FirewallRules: [{BA6E950F-37DB-4B28-B148-EF8B4D060212}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars El Poder de la Fuerza 2\SWTFU2.exe (LucasArts) [File not signed]
FirewallRules: [{BFE1CAFF-D418-4472-AFD2-E73FD6B4DA41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-09-2019 23:32:03 Punto de control programado
18-09-2019 23:11:38 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2019 05:42:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (09/25/2019 05:34:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7208,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (09/25/2019 05:21:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4612,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (09/25/2019 05:08:32 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (09/25/2019 05:02:33 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (09/25/2019 05:02:33 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (09/25/2019 05:00:31 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (09/25/2019 04:57:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Users\GASTON\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; descripción = JRT Pre-Junkware Removal; error = 0x8007043c).


System errors:
=============
Error: (09/25/2019 05:59:07 PM) (Source: DCOM) (EventID: 10000) (User: JAHGZMN)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error 
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/25/2019 05:15:08 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/25/2019 05:15:06 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio camsvc con argumentos "No disponible" para ejecutar el servidor:
Windows.Internal.CapabilityAccess.CapabilityAccess

Error: (09/25/2019 05:11:55 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/25/2019 05:11:48 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/25/2019 05:11:17 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/25/2019 05:09:26 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/25/2019 05:08:33 PM) (Source: DCOM) (EventID: 10005) (User: JAHGZMN)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2019-09-25 10:26:06.249
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Azden.B!cl&threatid=2147723291&enterprise=0
Nombre: Trojan:Win32/Azden.B!cl
Id.: 2147723291
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\GASTON\Downloads\ZHPCleaner.exe; webfile:_C:\Users\GASTON\Downloads\ZHPCleaner.exe|https://www.nicolascoolman.com/fr/download/zhpcleaner/?wpdmdl=5411&refresh=5d8af30c3f2c31569387276|pid:2372,ProcessStart:132138912318670052
Origen de detección: Internet
Tipo de detección: FastPath
Origen de detección: Descargas y datos adjuntos
Usuario: JAHGZMN\GASTON
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.303.31.0, AS: 1.303.31.0, NIS: 1.303.31.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-19 21:33:31.082
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {97F65FB6-B6FE-408D-9F72-42CC8E596441}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-19 19:19:12.569
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {85BBE3CD-B9A3-442A-8270-485B3481848F}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-17 13:49:17.995
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {FE8BBD42-9B8A-436A-A202-552F8E651F31}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-17 00:37:33.015
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {DB8436C3-C15C-405D-ABFB-E816403FEB30}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-25 11:31:45.146
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.303.31.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-09-25 11:21:39.919
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-09-25 10:39:18.173
Description: 
Antivirus de Windows Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.303.31.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-09-25 10:29:13.393
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2019-09-25 10:02:11.452
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 10:02:11.430
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 09:39:01.107
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 09:39:01.084
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 09:15:35.532
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 09:15:35.505
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 08:52:11.269
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-25 08:52:11.244
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\D3DSCache.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F4 04/09/2013
Motherboard: Gigabyte Technology Co., Ltd. F2A55M-HD2
Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 66%
Total physical RAM: 4054.91 MB
Available physical RAM: 1372.75 MB
Total Virtual: 5910.91 MB
Available Virtual: 1980.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.21 GB) (Free:289.33 GB) NTFS
Drive d: (Disco local) (Fixed) (Total:465.76 GB) (Free:203.89 GB) NTFS

\\?\Volume{4ee520f9-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.59 GB) NTFS
\\?\Volume{4ee520f9-0000-0000-0000-005474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4EE520F9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

JavierHF · 26 Septiembre, 2019 15:27

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\Run: [WinFLTrayH] => C:\WINDOWS\SysWow64\WinFLTrayH.ex
Task: {2389F19F-9FEC-46E2-93AE-47430F806B92} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {86ED81C6-CBF1-4BD0-8A29-B54A1CE03C38} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CreateExplorerShellUnelevatedTask" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Motorola Device Manager Initial Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Motorola Device Manager Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4053121906-3739663058-3097000640-1001" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1522617166" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{61CFE85B-4B6A-4D81-85CE-A5B2FDF4379E}" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
S3 FLServiceH; C:\WINDOWS\SysWOW64\WinFLServiceH.exe [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

jah-gzmn · 26 Septiembre, 2019 16:04

bien @JavierHF aqui el reporte del fixlist, acabo de chequear el inicio del adm. de tareas y el winFLtrayH ya no aparece !!! hago una aclaración las task de avast las había notado @SanMar en un tema anterior y me pidió que pasara la herramienta de desinstalacion de avast (que obviamente no las elimino) no borramos las entradas con farbar, imagino que ahora si están borradas y ya no volverán a aparecer verdad ? nuevamente muchas gracias por tu ayuda !!!

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2019
Ran by GASTON (26-09-2019 12:54:39) Run:1
Running from C:\Users\GASTON\Desktop
Loaded Profiles: GASTON (Available Profiles: defaultuser0 & GASTON)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\...\Run: [WinFLTrayH] => C:\WINDOWS\SysWow64\WinFLTrayH.ex
Task: {2389F19F-9FEC-46E2-93AE-47430F806B92} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {86ED81C6-CBF1-4BD0-8A29-B54A1CE03C38} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CreateExplorerShellUnelevatedTask" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\Motorola Device Manager Initial Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Motorola Device Manager Update" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-4053121906-3739663058-3097000640-1001" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1522617166" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{61CFE85B-4B6A-4D81-85CE-A5B2FDF4379E}" /ENABLE
Task: {BE1C829B-2487-47DE-AC41-60810897F473} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
S3 FLServiceH; C:\WINDOWS\SysWOW64\WinFLServiceH.exe [X]
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinFLTrayH" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2389F19F-9FEC-46E2-93AE-47430F806B92}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2389F19F-9FEC-46E2-93AE-47430F806B92}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Emergency Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{86ED81C6-CBF1-4BD0-8A29-B54A1CE03C38}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86ED81C6-CBF1-4BD0-8A29-B54A1CE03C38}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BE1C829B-2487-47DE-AC41-60810897F473}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C829B-2487-47DE-AC41-60810897F473}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
HKLM\System\CurrentControlSet\Services\FLServiceH => removed successfully
FLServiceH => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4053121906-3739663058-3097000640-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv6 . . . . . . . . . . : 2802:8000:49e5:c000:f06e:bdb3:bef9:6626
   Direcci¢n IPv6 temporal. . . . . . : 2802:8000:49e5:c000:bc8b:c4b6:d00f:ba72
   V¡nculo: direcci¢n IPv6 local. . . : fe80::f06e:bdb3:bef9:6626%15
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.63
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::aec6:62ff:fec5:1296%15
                                       192.168.1.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10517562 B
Java, Flash, Steam htmlcache => 200546955 B
Windows/system/drivers => 1855338 B
Edge => 3008215 B
Chrome => 347471201 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 4778 B
NetworkService => 0 B
defaultuser0 => 0 B
GASTON => 12557836 B

RecycleBin => 0 B
EmptyTemp: => 558.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:55:00 ====

JavierHF · 26 Septiembre, 2019 16:50

Hola.

Excelente…

Entendido, pues entonces vas a realizar un nuevo análisis con FRST, tal y como te puse anteriormente.

NO necesito que pongas de nuevo los informes, simplemente verifica tu SI en las entradas de las TASK del nuevo informe YA NO figura ninguna entrada relacionada con AVAST.

Y nos comentas los resultados, gracias.

Saludos.

jah-gzmn · 26 Septiembre, 2019 17:17

@JavierHF bien acabo de chequear y las task de avast ya no aparecen en el informe, creo que ya todo esta en orden gracias a tu ayuda !!!

JavierHF · 26 Septiembre, 2019 19:49

Perfecto excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos.

Tema Solucionado.

Saludos, Javier.