• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    WonderShare appService ocupa mucha memoria. Revisado con Farbar Recovery Scan Tool

    Buenas tardes. Tengo el problema que mi pc se puso muy lenta y con Administrador de Tareas pude ver la WonderShare AppService con gran espacio de memoria usándose. Con el RegEdit ubiqué una entrada extraña ...

    1. #1
      Usuario Avatar de JuanjoLoabaton
      Registrado
      abr 2017
      Ubicación
      Peru
      Mensajes
      1

      WonderShare appService ocupa mucha memoria. Revisado con Farbar Recovery Scan Tool

      Buenas tardes. Tengo el problema que mi pc se puso muy lenta y con Administrador de Tareas pude ver la WonderShare AppService con gran espacio de memoria usándose. Con el RegEdit ubiqué una entrada extraña de archivo .lnk que el Administrador de Tareas no mostraba en "Inicio". Ubiqué el problema solucionado en "http://www.forospyware.com/t528458.html" y seguí las recomendaciones allí dadas. Use Adwcleaner, generó lo sgte:
      # AdwCleaner v6.045 - Archivo de registro creado 06/04/2017 en 13:19:45
      # Actualizado en 28/03/2017 por Malwarebytes
      # Base de datos : 2017-04-04.2 [Servidor]
      # Sistema Operativo : Windows 8.1 Single Language (X64)
      # Nombre de usuario : FAMILIA MOROTE - LENOVO-PC
      # Ejecutado desde : C:\Users\FAMILIA MOROTE\Downloads\adwcleaner_6.045.exe
      # Modo: Limpiar
      # Soporte : https://www.malwarebytes.com/support
      ***** [ Servicios ] *****
      ***** [ Carpetas ] *****
      [-] Carpeta eliminada: C:\Program Files (x86)\Amazon\ABB
      [-] Carpeta eliminada: C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\extensions\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}

      ***** [ Archivos ] *****
      ***** [ DLL ] *****
      ***** [ WMI ] *****
      ***** [ Accesos directos ] *****
      ***** [ Tareas programadas ] *****
      ***** [ Registro ] *****
      ***** [ Navegadores ] *****
      *************************
      :: Llaves "Tracing" eliminadas
      :: Se han borrado los ajustes de Winsock
      *************************
      C:\AdwCleaner\AdwCleaner[C0].txt - [1067 Bytes] - [06/04/2017 13:19:45]
      C:\AdwCleaner\AdwCleaner[S0].txt - [1581 Bytes] - [06/04/2017 13:19:03]

      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1213 Bytes] ##########

      Luego ejecuté "Farbar Recovery Scan Tool", que generó lo sgte:

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
      Ran by FAMILIA MOROTE (administrator) on LENOVO-PC (06-04-2017 13:49:02)
      Running from C:\Users\FAMILIA MOROTE\Downloads
      Loaded Profiles: FAMILIA MOROTE (Available Profiles: FAMILIA MOROTE & Francesco&Grace & blanc_000)
      Platform: Windows 8.1 Single Language (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
      (Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
      () C:\Windows\jmesoft\Service.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
      (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
      () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\McCSPServiceHost.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
      (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
      (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Lenovo) C:\Windows\jmesoft\hotkey.exe
      (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
      (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      (Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
      (Microsoft Corporation) C:\Windows\System32\wbengine.exe
      (Microsoft Corporation) C:\Windows\System32\vds.exe

      ==================== Registry (Whitelisted) ====================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
      HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
      HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
      Winlogon\Notify\igfxcui: igfxdev.dll [X]
      HKU\S-1-5-21-4072774187-1297753947-2635879255-1001\...\MountPoints2: {fa4488ed-e37f-11e3-8251-806e6f6e6963} - "D:\Main.exe"
      Startup: C:\Users\Francesco&Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk [2015-10-19]
      ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
      Tcpip\..\Interfaces\{09965A8C-BFD4-4853-ADCE-C63F8A0D0485}: [DhcpNameServer] 190.113.220.54 190.113.220.51 190.113.220.18
      Tcpip\..\Interfaces\{5D12896A-11CE-40A1-9247-866B32EB30FA}: [DhcpNameServer] 200.48.225.130 200.48.225.146

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      HKU\S-1-5-21-4072774187-1297753947-2635879255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2015-06-04] (Sun Microsystems, Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2015-06-04] (Sun Microsystems, Inc.)
      Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
      Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-02-28] (McAfee, Inc.)
      Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-02-28] (McAfee, Inc.)
      Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
      Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
      Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

      FireFox:
      ========
      FF ProfilePath: C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default [2017-04-06]
      FF Homepage: Mozilla\Firefox\Profiles\srn0ltm9.default -> hxxps://www.google.com.pe/
      FF Extension: (Pin It button) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\[email protected] [2016-09-18]
      FF Extension: (NoScript) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-05]
      FF Extension: (Adblock Plus) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
      FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-30] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-12] ()
      FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
      FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2015-06-04] (Sun Microsystems, Inc.)
      FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-02-28] ()
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752480 2017-02-24] (Intel Security)
      R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-08] (Microsoft) [File not signed]
      S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
      R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
      R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
      R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
      R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
      R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
      S3 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
      R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
      R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
      R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
      R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
      R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
      R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
      R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
      R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
      S3 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
      R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
      S3 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
      S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
      S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed]
      S3 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [124560 2016-12-13] (Wondershare)
      S2 0315241489620530mcinstcleanup; C:\WINDOWS\TEMP\031524~1.EXE -cleanup -nolog [X]
      S3 McAWFwk; no ImagePath

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4297216 2016-12-22] (Qualcomm Atheros Communications, Inc.)
      R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
      S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
      R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
      R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
      R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
      S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
      R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
      S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
      R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-04] (Realtek Semiconductor Corp.)
      S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
      S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
      R3 WUDFWpdComp; C:\WINDOWS\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
      S3 mfeavfk01; \Device\mfeavfk01.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-04-06 13:49 - 2017-04-06 13:49 - 00016750 _____ C:\Users\FAMILIA MOROTE\Downloads\FRST.txt
      2017-04-06 13:48 - 2017-04-06 13:49 - 00000000 ____D C:\FRST
      2017-04-06 13:48 - 2017-04-06 13:48 - 02424832 _____ (Farbar) C:\Users\FAMILIA MOROTE\Downloads\FRST64.exe
      2017-04-06 13:26 - 2017-04-06 13:26 - 00001292 _____ C:\Users\FAMILIA MOROTE\Documents\AdwCleaner[C0].txt
      2017-04-06 13:16 - 2017-04-06 13:16 - 04089296 _____ C:\Users\FAMILIA MOROTE\Downloads\adwcleaner_6.045.exe
      2017-04-06 13:15 - 2017-04-06 13:44 - 00000000 ____D C:\AdwCleaner
      2017-04-06 13:04 - 2017-04-06 13:44 - 00003860 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      2017-04-06 13:04 - 2017-04-06 13:04 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      2017-04-06 11:56 - 2017-04-06 12:40 - 00261890 _____ C:\WINDOWS\ntbtlog.txt
      2017-04-04 16:45 - 2017-04-04 16:45 - 49734816 _____ C:\Users\FAMILIA MOROTE\Downloads\gobeyond_L2_WB_audio.zip
      2017-04-03 14:15 - 2017-04-03 14:15 - 00155058 _____ C:\Users\FAMILIA MOROTE\Downloads\EECC Mensual.pdf
      2017-03-31 18:09 - 2017-03-31 18:09 - 00018784 _____ C:\Users\FAMILIA MOROTE\Downloads\constancia.pdf
      2017-03-31 12:26 - 2017-04-04 18:24 - 00009803 _____ C:\Users\FAMILIA MOROTE\Documents\baby-shower-myriam.xlsx
      2017-03-29 21:40 - 2017-03-29 21:40 - 00148133 _____ C:\Users\FAMILIA MOROTE\Downloads\WhatsApp Image 2017-03-29 at 9.40.41 PM.jpeg
      2017-03-22 13:44 - 2017-03-30 16:59 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Reciente
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Plantillas
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Mis documentos
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Menú Inicio
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Impresoras
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Entorno de red
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Mis vídeos
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Mis imágenes
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\Mi música
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Datos de programa
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Configuración local
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Historial
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Datos de programa
      2017-03-22 13:44 - 2017-03-22 13:44 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Archivos temporales de Internet
      2017-03-22 13:44 - 2014-11-12 09:37 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
      2017-03-22 13:44 - 2014-05-24 15:46 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Macromedia
      2017-03-22 07:39 - 2017-03-22 07:40 - 00000734 _____ C:\Users\FAMILIA MOROTE\Downloads\speedtests-2017-03-22-124127.csv
      2017-03-15 13:48 - 2017-03-15 14:01 - 46954842 _____ C:\Users\FAMILIA MOROTE\Downloads\entrevista_tarde.mp4
      2017-03-14 12:50 - 2017-03-14 12:51 - 02089730 _____ C:\Users\FAMILIA MOROTE\Downloads\la-conspiracion-del-movimiento-gay-apoteosis-de-la-guerra-de-sexos.pdf
      2017-03-11 12:53 - 2017-03-11 12:45 - 00066417 _____ C:\17_03_pdf_10032017_0004936481986.pdf
      2017-03-08 18:09 - 2017-03-08 18:09 - 00000000 ____D C:\Users\Francesco&Grace\Documents\Francesco

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-04-06 13:43 - 2014-11-09 16:02 - 00003868 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{41F834EC-2195-46E6-A88C-0466FF41C98F}
      2017-04-06 13:39 - 2016-11-20 11:39 - 00000000 ____D C:\Users\FAMILIA MOROTE\AppData\LocalLow\Mozilla
      2017-04-06 13:30 - 2014-11-09 16:02 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4072774187-1297753947-2635879255-1001
      2017-04-06 13:21 - 2014-11-12 08:24 - 00000000 __SHD C:\Users\FAMILIA MOROTE\IntelGraphicsProfiles
      2017-04-06 13:21 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-04-06 13:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
      2017-04-06 13:19 - 2014-05-24 15:40 - 00000000 ____D C:\Program Files (x86)\Amazon
      2017-04-06 11:55 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
      2017-04-06 11:12 - 2014-11-09 21:52 - 00000000 ____D C:\Users\FAMILIA MOROTE
      2017-04-06 07:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
      2017-04-06 07:47 - 2016-05-22 23:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
      2017-04-06 07:47 - 2016-05-22 23:43 - 00000000 ___SD C:\WINDOWS\system32\GWX
      2017-04-06 07:47 - 2016-03-29 22:46 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
      2017-04-06 07:47 - 2016-03-29 22:46 - 00000000 ____D C:\WINDOWS\system32\appraiser
      2017-04-06 07:47 - 2014-11-12 21:50 - 00000000 ____D C:\Users\blanc_000
      2017-04-06 07:47 - 2014-11-12 21:06 - 00000000 ____D C:\Users\Francesco&Grace
      2017-04-06 07:47 - 2013-08-22 14:12 - 00000000 ____D C:\WINDOWS\ShellNew
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\setup
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
      2017-04-06 07:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
      2017-04-06 07:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe
      2017-04-06 07:46 - 2017-02-13 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
      2017-04-06 07:46 - 2016-11-20 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-04-06 07:46 - 2015-01-19 13:35 - 00000000 ____D C:\Users\FAMILIA MOROTE\AppData\Roaming\WebApp
      2017-04-06 07:46 - 2014-11-11 21:40 - 00000000 ____D C:\Users\FAMILIA MOROTE\AppData\Roaming\Winamp
      2017-04-06 07:46 - 2014-11-11 11:51 - 00000000 ____D C:\Program Files (x86)\RegSeeker
      2017-04-06 07:46 - 2013-08-22 14:12 - 00000000 ____D C:\Program Files\Windows Journal
      2017-04-06 07:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
      2017-04-06 07:46 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
      2017-04-06 07:46 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing
      2017-04-06 07:43 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
      2017-04-06 07:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
      2017-04-06 07:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
      2017-04-06 07:23 - 2016-12-28 08:23 - 00000000 ____D C:\WINDOWS\LastGood
      2017-04-06 07:23 - 2016-12-25 08:08 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
      2017-04-06 07:23 - 2014-11-09 21:52 - 00000000 ____D C:\Users\FAMILIA MOROTE\AppData\Local\Packages
      2017-04-06 07:22 - 2014-11-11 13:18 - 00000000 ____D C:\Users\FAMILIA MOROTE\AppData\Local\Mozilla
      2017-04-06 07:20 - 2015-12-20 10:51 - 00000000 ____D C:\ProgramData\McAfee
      2017-04-06 07:19 - 2015-12-20 11:31 - 00000000 ____D C:\Program Files (x86)\McAfee
      2017-04-04 14:51 - 2014-11-11 13:48 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Excel
      2017-04-04 00:00 - 2017-01-12 12:17 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Bautista_de_Fe
      2017-04-03 20:44 - 2014-11-11 13:48 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Grace
      2017-04-03 14:19 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
      2017-04-01 10:22 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
      2017-04-01 10:15 - 2014-11-11 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT
      2017-03-31 09:06 - 2017-01-30 15:38 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Movistar
      2017-03-30 19:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
      2017-03-21 23:50 - 2014-11-11 13:45 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Ebooks
      2017-03-21 23:24 - 2015-12-20 10:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
      2017-03-21 23:24 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
      2017-03-21 23:23 - 2017-02-13 21:35 - 00003068 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
      2017-03-21 23:23 - 2017-02-13 21:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
      2017-03-21 17:29 - 2016-11-27 13:37 - 00000000 ____D C:\Users\Francesco&Grace\AppData\LocalLow\Mozilla
      2017-03-21 17:03 - 2014-11-12 21:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4072774187-1297753947-2635879255-1002
      2017-03-21 16:30 - 2014-11-25 16:42 - 00000000 __SHD C:\Users\Francesco&Grace\IntelGraphicsProfiles
      2017-03-20 13:36 - 2014-11-11 13:51 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\MisCorreos
      2017-03-17 16:35 - 2017-02-13 21:34 - 00000000 ____D C:\Program Files\Common Files\AV
      2017-03-15 13:18 - 2014-11-11 13:51 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Mis Celáneos
      2017-03-13 11:01 - 2014-11-12 21:33 - 00000000 ____D C:\Users\FAMILIA MOROTE\Documents\Francesco

      ==================== Files in the root of some directories =======

      2014-11-09 21:53 - 2014-11-09 21:53 - 0000193 _____ () C:\Users\FAMILIA MOROTE\AppData\Local\RegisteredPackageInformation.xml
      2016-09-24 10:09 - 2017-02-05 02:29 - 0007603 _____ () C:\Users\FAMILIA MOROTE\AppData\Local\resmon.resmoncfg
      2014-05-24 15:23 - 2014-05-24 15:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

      Some files in TEMP:
      ====================
      2017-02-03 23:06 - 2017-02-03 23:06 - 0244264 _____ (McAfee, Inc.) C:\Users\FAMILIA MOROTE\AppData\Local\Temp\McCSPInstall.dll
      2016-10-01 19:44 - 2016-10-01 19:44 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Francesco&Grace\AppData\Local\Temp\COMAP.EXE

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-03-29 08:19

      ==================== End of FRST.txt ============================


      Por favor, me pueden ayudar que más debo hacer para limpiar mi PC y quede sin "bichos"? Éstos han impedido que mi Antivirus McAfee se actualice, me aparezca ventanas maliciosas en la pc y el WonderSahre appService tragón de memoria. Gracias.

    2. #2
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      11.532

      Re: WonderShare appService ocupa mucha memoria. Revisado con Farbar Recovery Scan Too

      Saludos JuanjoLoabaton. al foro de InfoSpyware.

      Ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro:

      • Para hacerlo descarga >> DelFix.exe en tu escritorio.

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

        • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación, ve a:

      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-4072774187-1297753947-2635879255-1001\...\MountPoints2: {fa4488ed-e37f-11e3-8251-806e6f6e6963} - "D:\Main.exe"
      HKU\S-1-5-21-4072774187-1297753947-2635879255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
      Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
      Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
      FF Extension: (Pin It button) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\[email protected] [2016-09-18]
      FF Extension: (NoScript) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-05]
      FF Extension: (Adblock Plus) - C:\Users\FAMILIA MOROTE\AppData\Roaming\Mozilla\Firefox\Profiles\srn0ltm9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
      FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-30] [not signed]
      S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed]
      S3 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [124560 2016-12-13] (Wondershare)
      S2 0315241489620530mcinstcleanup; C:\WINDOWS\TEMP\031524~1.EXE -cleanup -nolog [X]
      S3 mfeavfk01; \Device\mfeavfk01.sys [X]
      
      CMD:  ipconfig /release 
      CMD:  ipconfig /renew 
      CMD:  ipconfig /flushdns 
      CMD:  ipconfig /registerdns
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Reinicias el equipo y comentas como sigue funcionando todo.
      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.