Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 02-12-2020 Ejecutado por selohu (02-12-2020 12:50:33) Ejecutado desde C:\Users\selohu\Desktop Windows 10 Pro Versión 20H2 19042.662 (X64) (2020-05-28 08:09:57) Modo de Inicio: Normal ========================================================== ==================== Cuentas: ============================= Administrador (S-1-5-21-991384485-3360299836-4042273512-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-991384485-3360299836-4042273512-503 - Limited - Disabled) Invitado (S-1-5-21-991384485-3360299836-4042273512-501 - Limited - Enabled) selohu (S-1-5-21-991384485-3360299836-4042273512-1001 - Administrator - Enabled) => C:\Users\selohu WDAGUtilityAccount (S-1-5-21-991384485-3360299836-4042273512-504 - Limited - Disabled) ==================== Centro de Seguridad ======================== (Si una entrada es incluida en el fixlist, será eliminada.) AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: ESET Cortafuegos (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED} ==================== Programas instalados ====================== (Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.) 4K Video Downloader 4.12 (HKLM-x32\...\{A490FDCE-03DF-4B63-92D9-9C9ADC4246C3}) (Version: 4.12.0.3570 - Open Media LLC) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) AccessData FTK Imager (HKLM-x32\...\{0ADC8340-4A94-4CE3-A721-B558F365F8D0}) (Version: 3.1.2.0 - AccessData) Acronis Disk Director 12.5 (HKLM-x32\...\{AE5BBAA8-5AF2-40DB-A13D-F015439EC7C7}) (Version: 12.5.163 - Acronis) Actualización de NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden Adobe Connect (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Adobe Connect App) (Version: 2020.9.21.64 - Adobe Systems Inc.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0) (Version: 22.0.0.35 - Adobe Inc.) Air Live Drive (HKLM\...\Air Live Drive) (Version: 1.7.0 - hxxp://www.airlivedrive.com) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.40.01.18 - Advanced Micro Devices, Inc.) Apowersoft Online Launcher version 1.7.8 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.8 - APOWERSOFT LIMITED) Apowersoft Online Launcher version 1.8.0 (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.0 - APOWERSOFT LIMITED) Apple Application Support (32 bits) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.2.3.0000 - Asmedia Technology) Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 2.00 - ) Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) Autopsy (HKLM\...\{9F0FC65E-2169-49ED-A2CA-14F8C4D50115}) (Version: 4.14.0 - The Sleuth Kit) AVerMedia A706 PCI Pure DVB-S 3.6.64.2 (HKLM-x32\...\AVerMedia A706 PCI Pure DVB-S) (Version: 3.6.64.2 - AVerMedia TECHNOLOGIES, Inc.) AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - ) BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 4.16.0.38993 - Marcin Szeniak) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.17.73 - Los creadores de Brave) Camtasia 2019 (HKLM\...\{FF10C4F0-9186-405F-809D-D2E8D5E39448}) (Version: 19.0.10.17662 - TechSmith Corporation) Hidden Camtasia 2019 (HKLM-x32\...\{03e048a7-3690-409c-b9c4-27612f78bd68}) (Version: 19.0.10.17662 - TechSmith Corporation) CrystalDiskInfo 8.8.9 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.8.9 - Crystal Dew World) Cuadro de mensaje de excepción de Microsoft (HKLM\...\{847CE738-909B-4A98-9CF5-230EB23CA92D}) (Version: 9.00.5000.00 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Discord) (Version: 0.0.308 - Discord Inc.) DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 6.1.7.2 - CM&V) eMule (HKLM-x32\...\eMule) (Version: - ) ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.) FinalData Standard 2.0 (HKLM-x32\...\FinalData Standard 2.0) (Version: - ) GetDataBack Pro version 5.55 (HKLM\...\GetDataBack Pro Install_is1) (Version: 5.55 - Runtime Software, LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.) IPTViewr para movistar+ 1.5 “Kruger 60” beta 1 SP1 (HKLM-x32\...\{525CDE99-1EB0-4E7D-8C36-A4F148E82463}) (Version: 1.5.1105.0 - hxxp://www.alphacentaury.org) Java(TM) SE Development Kit 13.0.2 (64-bit) (HKLM\...\{606493F9-D1F1-5355-BB8A-F0E30F1AFFED}) (Version: 13.0.2.0 - Oracle Corporation) K-Lite Codec Pack 15.4.8 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.4.8 - KLCP) LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft OneDrive (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ESN (HKLM\...\{D7126FFC-90BA-4120-8FFB-3688C9931A09}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.51.1 - Microsoft Corporation) Npcap (HKLM-x32\...\NpcapInst) (Version: 0.9997 - Nmap Project) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA Controlador de audio HD 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation) NVIDIA Controlador de gráficos 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation) NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Paquete de controladores de Windows - Amazon.com (WinUSB) FireDevicesUsbDeviceClass (10/27/2014 1.4.0000.00000) (HKLM\...\70D74CAD18BB165614511A2A67DB9EBF036D06A9) (Version: 10/27/2014 1.4.0000.00000 - Amazon.com) Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Revo Uninstaller Pro 4.3.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.7 - VS Revo Group, Ltd.) RogueKillerPE version 3.5.1.0 (HKLM\...\BEC55C5D-D6D0-4A41-B82C-264EC5EE8052_is1) (Version: 3.5.1.0 - Adlice Software) R-Studio 8.3 (HKLM-x32\...\R-Studio 8.3NSIS) (Version: 8.3.168075 - R-Tools Technology Inc.) Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Telegram Desktop version 2.4.7 (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.4.7 - Telegram FZ-LLC) VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) W10Privacy (HKLM-x32\...\W10Privacy) (Version: 3.6.1.1 - Bernd Schuster) WhatsApp (HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\WhatsApp) (Version: 2.2045.19 - WhatsApp) Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-05-10] (Adobe Systems Incorporated) Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-05-10] (Canon Inc.) Linux Cheatsheet -> C:\Program Files\WindowsApps\51231akshay2000.LinuxCheatsheet_1.2.0.0_neutral__1y7n7bzn5h0zw [2020-05-27] (akshay2000) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-10] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-10] (Microsoft Corporation) [MS Ad] Microsoft Defender Application Guard Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsDefenderApplicationGuard_1.0.11.0_x64__8wekyb3d8bbwe [2020-11-02] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-11-30] (NVIDIA Corp.) Python 3.8 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0 [2020-12-02] (Python Software Foundation) Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2020-08-20] (Canonical Group Limited) Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.4.3243.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [Startup Task] WinGet Source -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2020.529.552.462_neutral__8wekyb3d8bbwe [2020-05-29] (Microsoft Corporation) ==================== Personalizado CLSID (Lista blanca): ============== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation) CustomCLSID: HKU\S-1-5-21-991384485-3360299836-4042273512-1001_Classes\CLSID\{D592DDB5-1CFF-4CE2-A3A5-3C061503251E} -> [MEGA] => C:\Users\selohu\Documents\MEGA [2020-03-30 17:05] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado] ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\WINDOWS\system32\BSAppShlExt.dll [2012-09-19] (IVT CORPORATION -> TODO: <公司名>) ContextMenuHandlers1: [CloudContextMenu] -> {f16ff8b9-0db7-39ef-b2ef-68ab9c2951c1} => C:\Program Files\AirLiveDrive\AirLiveDriveShellEx.DLL [2020-11-05] (INICIATIVAS INFORMATICAS Y DE COMUNICACION SL -> www.airlivedrive.com) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-09-14] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-09-14] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado] ContextMenuHandlers4: [CloudContextMenu] -> {f16ff8b9-0db7-39ef-b2ef-68ab9c2951c1} => C:\Program Files\AirLiveDrive\AirLiveDriveShellEx.DLL [2020-11-05] (INICIATIVAS INFORMATICAS Y DE COMUNICACION SL -> www.airlivedrive.com) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\selohu\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-16] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\nvshext.dll [2020-10-02] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado] ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group) ==================== Codecs (Lista blanca) ==================== (Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475672 2007-10-12] (Logitech Inc -> Logitech Inc.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2007-10-12] (Logitech Inc -> Logitech Inc.) ==================== Accesos directos & WMI ======================== ==================== Módulos cargados (Lista blanca) ============= 2020-03-28 17:57 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Lista blanca) ======== (Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.) AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74] AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74] ==================== Modo Seguro (Lista blanca) ================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34007419.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45856810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81134711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34007419.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45856810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81134711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523.SYS => ""="Driver" ==================== Asociación (Lista blanca) ================= ==================== Internet Explorer (Lista blanca) ========== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-991384485-3360299836-4042273512-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-21-991384485-3360299836-4042273512-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll [2012-09-19] (IVT CORPORATION -> Skype Technologies) ==================== Hosts contenido: ========================= (Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.) 2020-11-25 14:29 - 2020-12-01 00:33 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts 2020-03-28 02:57 - 2020-10-11 12:54 - 000000621 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 192.168.1.33 selohu.mshome.net # 2025 10 5 10 11 54 57 473 17.209.65 selohu.mshome.net # 2025 4 5 18 3 20 5 366 172.18.44.1 selohu.mshome.net # 2025 4 3 16 9 6 42 330 84 ==================== Otras Áreas =========================== (Actualmente no existe una corrección automática para esta sección.) DNS Servers: 80.58.61.250 - 80.58.61.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall de Windows está habilitado. Network Binding: ============= VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Conexión de área local: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Conexión de área local: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Conexión de área local: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) ==================== MSCONFIG/TASK MANAGER elementos deshabilitados == (Si una entrada es incluida en el fixlist, será eliminada.) HKLM\...\StartupApproved\StartupFolder: => "WSAppHelper.lnk" HKLM\...\StartupApproved\StartupFolder: => "WSAndroidAppHelper.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger" HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Argente Utilities" HKLM\...\StartupApproved\Run32: => "BtTray" HKLM\...\StartupApproved\Run32: => "WinampAgent" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "ConnectDetector" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "az7x8ung" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "Application Restart #2" HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\StartupApproved\Run: => "AirLiveDriveAutoRun" ==================== Reglas de firewall (Lista blanca) ================ (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) FirewallRules: [{DC82F630-93C4-4FFE-AF5F-F2ECE92AA750}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [{3D35FE02-1C7B-4ACB-83CA-81BEDCAA4E0C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) FirewallRules: [TCP Query User{6167D90D-459A-4281-AC51-06D9F06B6F59}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{BDE0380A-3C57-4D68-8ACC-032F93821018}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{D0C9C0A4-24F5-4289-BD60-9BB8A7FF3132}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [UDP Query User{56A69B17-75EA-4A9F-BACF-1B21D7ACE8C7}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) ==================== Puntos de Restauración ========================= 02-12-2020 02:51:12 Removed Python Launcher ==================== Dispositivos defectuosos en el Administrador de dispositivos ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Npcap Loopback Adapter Description: Adaptador de bucle invertido KM-TEST de Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: kmloop Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VSP de integración de kernel de Microsoft Hyper-V NT Description: VSP de integración de kernel de Microsoft Hyper-V NT Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vkrnlintvsp Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Realtek RTL8139/810x Family Fast Ethernet NIC Description: NIC de Fast Ethernet de la familia Realtek RTL8139/810x Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8023x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Errores del registro de eventos: ======================== Errores de aplicación: ================== Error: (12/02/2020 11:41:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: wmiprvse.exe, versión: 10.0.19041.546, marca de tiempo: 0x5da7ab91 Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000 Código de excepción: 0x80131623 Desplazamiento de errores: 0x00007ffe3412200f Identificador del proceso con errores: 0x1884 Hora de inicio de la aplicación con errores: 0x01d6c897aff9ae4b Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\wbem\wmiprvse.exe Ruta de acceso del módulo con errores: unknown Identificador del informe: 554ce6d0-2806-47e7-8031-af76a9d92124 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (12/02/2020 11:41:32 AM) (Source: .NET Runtime) (EventID: 1025) (User: ) Description: Application: wmiprvse.exe Framework Version: v4.0.30319 Description: The application requested process termination through System.Environment.FailFast(string message). Message: El proveedor ha iniciado una excepción inesperada: System.IO.FileLoadException: File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers() Stack: at System.Environment.FailFast(System.String) at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (12/02/2020 11:41:26 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 Error: (12/02/2020 11:41:25 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: ) Description: Event-ID 2002 Error: (12/02/2020 11:41:25 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: ) Description: Event-ID 2003 Error: (12/02/2020 03:09:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SecHealthUI.exe, versión: 10.0.19041.662, marca de tiempo: 0x7e7ca492 Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.19041.662, marca de tiempo: 0xec58f015 Código de excepción: 0xc000027b Desplazamiento de errores: 0x000000000010bd5c Identificador del proceso con errores: 0x1c70 Hora de inicio de la aplicación con errores: 0x01d6c85021156183 Ruta de acceso de la aplicación con errores: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll Identificador del informe: 2fb8472f-d088-433c-9744-25053c181601 Nombre completo del paquete con errores: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: SecHealthUI Error: (12/02/2020 03:05:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SecHealthUI.exe, versión: 10.0.19041.662, marca de tiempo: 0x7e7ca492 Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.19041.662, marca de tiempo: 0xec58f015 Código de excepción: 0xc000027b Desplazamiento de errores: 0x000000000010bd5c Identificador del proceso con errores: 0xef4 Hora de inicio de la aplicación con errores: 0x01d6c84f90e12975 Ruta de acceso de la aplicación con errores: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll Identificador del informe: 7704ce80-730e-4c8a-8378-036a8876db40 Nombre completo del paquete con errores: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: SecHealthUI Error: (12/02/2020 02:45:39 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido. . Operación: Ejecutando operación asincrónica Contexto: Estado actual: DoSnapshotSet Errores del sistema: ============= Error: (12/02/2020 11:28:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio hvsics depende del servicio CmService, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia. Error: (12/02/2020 11:28:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio CmService depende del servicio HvHost, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia. Error: (12/02/2020 11:28:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio HvHost depende del servicio hvservice, el cual no pudo iniciarse debido al siguiente error: No se ha encontrado el elemento. Error: (12/02/2020 11:28:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio hvservice no pudo iniciarse debido al siguiente error: No se ha encontrado el elemento. Error: (12/02/2020 11:27:59 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\NtFsLdf20.SYS Error: (12/02/2020 03:27:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio VMware Workstation Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio. Error: (12/02/2020 02:47:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio hvsics depende del servicio CmService, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia. Error: (12/02/2020 02:47:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio CmService depende del servicio HvHost, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia. Windows Defender: =================================== Date: 2020-12-02 11:34:45.1260000Z Description: El acceso controlado a carpetas impidió que C:\Program Files\ESET\ESET Security\ekrn.exe realizara cambios en la memoria. Tiempo de detección: 2020-12-02T10:34:45.125Z Usuario: NT AUTHORITY\SYSTEM Ruta de acceso: \Device\Harddisk0\DR0 Nombre del proceso: C:\Program Files\ESET\ESET Security\ekrn.exe Versión de inteligencia de seguridad: 1.327.1906.0 Versión del motor: 1.1.17600.5 Versión del producto: 4.18.2010.7 Date: 2020-12-02 11:29:56.5300000Z Description: Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/ProductKey.G!MSR&threatid=2147765679&enterprise=0 Nombre: HackTool:Win64/ProductKey.G!MSR Id.: 2147765679 Gravedad: Alta Categoría: Herramienta Ruta de acceso: containerfile:_L:\$RECYCLE.BIN\S-1-5-21-2482135278-454766526-1712844265-1001\$RQETCA0\Downloads\HBCD_PE_x64.iso; file:_L:\$RECYCLE.BIN\S-1-5-21-2482135278-454766526-1712844265-1001\$RQETCA0\Downloads\HBCD_PE_x64.iso->\sources\boot.wim->\Program Files\ProduKey\ProduKey.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de inteligencia de seguridad: AV: 1.327.1906.0, AS: 1.327.1906.0, NIS: 1.327.1906.0 Versión de motor: AM: 1.1.17600.5, NIS: 1.1.17600.5 Date: 2020-12-02 03:09:10.2320000Z Description: El acceso controlado a carpetas bloqueó C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\python3.8.exe para que no pueda modificar %userprofile%\Documents\python\Python Pruebas\. Hora de detección: 2020-12-02T02:09:10.230Z Usuario: SELOHU\selohu Ruta de acceso: %userprofile%\Documents\python\Python Pruebas\ Nombre del proceso: C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\python3.8.exe Versión de inteligencia de seguridad: 1.327.1904.0 Versión del motor: 1.1.17600.5 Versión del producto: 4.18.2010.7 Date: 2020-12-02 03:05:07.9460000Z Description: El acceso controlado a carpetas bloqueó C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\python3.8.exe para que no pueda modificar %userprofile%\Documents\python\Python Pruebas\. Hora de detección: 2020-12-02T02:05:07.944Z Usuario: SELOHU\selohu Ruta de acceso: %userprofile%\Documents\python\Python Pruebas\ Nombre del proceso: C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\python3.8.exe Versión de inteligencia de seguridad: 1.327.1904.0 Versión del motor: 1.1.17600.5 Versión del producto: 4.18.2010.7 Date: 2020-12-02 02:48:56.1240000Z Description: Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/ProductKey.G!MSR&threatid=2147765679&enterprise=0 Nombre: HackTool:Win64/ProductKey.G!MSR Id.: 2147765679 Gravedad: Alta Categoría: Herramienta Ruta de acceso: containerfile:_L:\$RECYCLE.BIN\S-1-5-21-2482135278-454766526-1712844265-1001\$RQETCA0\Downloads\HBCD_PE_x64.iso; file:_L:\$RECYCLE.BIN\S-1-5-21-2482135278-454766526-1712844265-1001\$RQETCA0\Downloads\HBCD_PE_x64.iso->\sources\boot.wim->\Program Files\ProduKey\ProduKey.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de inteligencia de seguridad: AV: 1.327.1875.0, AS: 1.327.1875.0, NIS: 1.327.1875.0 Versión de motor: AM: 1.1.17600.5, NIS: 1.1.17600.5 Date: 2020-12-01 01:13:57.1410000Z Description: La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2020-12-01 01:09:54.4670000Z Description: La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2020-12-01 00:51:38.7720000Z Description: Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: Versión anterior de inteligencia de seguridad: 1.327.1834.0 Origen de actualización: Servidor de Microsoft Update Tipo de inteligencia de seguridad: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: Versión anterior del motor: 1.1.17600.5 Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Date: 2020-12-01 00:41:35.3650000Z Description: La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2020-12-01 00:38:00.1200000Z Description: La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. CodeIntegrity: =================================== Date: 2020-12-02 12:51:23.3310000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-12-02 12:51:23.3290000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-12-02 12:48:58.3350000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-02 12:48:58.3310000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-02 12:48:54.6310000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-02 12:48:54.6290000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-02 12:48:51.5610000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-02 12:48:51.5600000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Información de la memoria =========================== BIOS: American Megatrends Inc. 2501 04/09/2014 Placa base: ASUSTeK COMPUTER INC. M5A97 EVO R2.0 Procesador: AMD FX(tm)-4300 Quad-Core Processor Porcentaje de memoria en uso: 51% RAM física total: 7927.12 MB RAM física disponible: 3878.8 MB Virtual total: 8439.12 MB Virtual disponible: 4262.32 MB ==================== Unidades ================================ Drive c: () (Fixed) (Total:111.16 GB) (Free:8.08 GB) NTFS Drive d: () (Fixed) (Total:149.04 GB) (Free:53.95 GB) NTFS Drive e: () (Fixed) (Total:465.76 GB) (Free:64.07 GB) NTFS Drive l: (WD My Passport) (Fixed) (Total:931.48 GB) (Free:141.99 GB) NTFS Drive m: (My Passport) (Fixed) (Total:931.48 GB) (Free:142.87 GB) NTFS \\?\Volume{508dd2cc-8f05-4d4b-8c2b-a314a6be81e2}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS \\?\Volume{4dd25713-7527-4ff0-804b-573d5300eb55}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Tabla de particiones ==================== ========================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: F2638184) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 111.8 GB) (Disk ID: 6582A299) Partition: GPT. ========================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 217A6D10) No partition Table on disk 2. ========================================================== Disk: 3 (Size: 931.5 GB) (Disk ID: E64B7ED8) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 4 (Size: 931.5 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== Final de Addition.txt =======================