A veces aparece el cmd ejecutando algo... pantalla se pone color gris, procesos lentos

Eliminar Malwares
22

@furtivex Aquí envío el log generado en el archivo Addition.txt, que va en dos partes por el límite de caracteres permitido en las respuestas (1/2)

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 20-04-2026
Ejecutado por Jesús I. Saavedra (24-04-2026 00:01:33)
Ejecutado desde C:\Users\Jesús Saavedra\Desktop
Microsoft Windows 10 Home Versión 22H2 19045.6456 (X64) (2021-03-17 22:29:58)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

(Si una entrada es incluida en el fixlist, será eliminada.)

Administrator (S-1-5-21-921242894-1989990284-1724683343-500 - Administrators - Disabled) => C:\Users\Administrator <==== ATENCIÓN
DefaultAccount (S-1-5-21-921242894-1989990284-1724683343-503 - 0 - Disabled)
DevToolsUser (S-1-5-21-921242894-1989990284-1724683343-1005 - 0 - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-921242894-1989990284-1724683343-501 - Limited - Disabled) => C:\Users\Guest <==== ATENCIÓN
HomeGroupUser$ (S-1-5-21-921242894-1989990284-1724683343-1002 - Limited - Enabled) => C:\Users\HomeGroupUser$ <==== ATENCIÓN
Jesús I. Saavedra (S-1-5-21-921242894-1989990284-1724683343-1000 - Administrators - Enabled) => C:\Users\Jesús Saavedra
Temporal Europa (S-1-5-21-921242894-1989990284-1724683343-1003 - Limited - Enabled) => C:\Users\Temporal Europa
WDAGUtilityAccount (S-1-5-21-921242894-1989990284-1724683343-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.6.0.79 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Archive Password Recovery (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
Amazon Kindle (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Any Video Converter Professional 3.5.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (64 bits) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{11458AD2-E459-43E3-BEA3-9748C3EF0EFC}) (Version: 18.0.0.45 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ares (HKLM-x32\...\Ares) (Version: 2.5.5-Build#3081 - AresGalaxy)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.4.2.1921 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
BB Boss version 2.2 (HKLM-x32\...\{EB18E8A3-F008-4655-B425-A3B7F03FFCDD}_is1) (Version: 2.2 - FfejWorks, Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Software v5.0.0 para el smartphone BlackBerry 8530 (HKLM-x32\...\{C981C4A5-E0B9-41DE-97F3-75E914F9ADAC}) (Version: 5.0.0.1030 (Plataforma 4.2.0.451) - Research In Motion Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 147.1.89.143 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 6.39 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1990.6 - Piriform Software) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\ActiveTouchMeetingClient) (Version: 40.8.4 - Cisco Webex LLC)
CMG 2015 General Release (2015.101.G) (HKLM-x32\...\{3A5FB990-5584-4D29-BC50-FDCD07018014}) (Version: 1.0.0.0 - Computer Modelling Group)
Copilot (HKLM-x32\...\Microsoft Copilot) (Version: 147.0.3912.84 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Doxillion, convertidor de documentos (HKLM-x32\...\Doxillion) (Version: 2.54 - NCH Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 221.3.5229 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.985.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Eclipse Software 2009.1 (HKLM-x32\...\{49FC4FCD-3752-44DF-90FD-BAFF38A234E3}) (Version: 2009.1 - GeoQuest)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Escritorio movistar Latam (HKLM-x32\...\Escritorio movistar Latam) (Version:  - Movistar)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.79 - NCH Software)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.33.0 - Androxyde)
Folder Size for Windows (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.5 - Brio)
Freemake Video Converter versión 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
FreeTube 0.19.1 (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.19.1 - PrestonN)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 147.0.7727.102 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 123.0.1.0 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Pro (HKLM\...\{E3B69BB6-FFD8-441C-933E-BB8A3136ED8F}) (Version: 7.3.7.1155 - Google)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HMA VPN (HKLM\...\Privax HMA) (Version: 25.8.11847.15248 - Privax)
HP Customer Experience Enhancements (HKLM-x32\...\{0CC8AE1D-F5AA-4143-8FAD-E017E0E9EE70}) (Version: 6.0.5.1 - Hewlett-Packard) Hidden
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{8EF98706-3C4B-4C5B-B035-01187E17D0E6}) (Version: 12.15.14.3 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HUAWEI DataCard Driver 2.96 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 2.96 - Huawei technologies Co., Ltd.)
Icecream Ebook Reader 6 versión 6.51 (HKLM-x32\...\{67C22DDD-238A-4587-AC0E-2802AE70CB42}_is1) (Version: 6.51 - Icecream Apps)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
iTunes (HKLM\...\{10A7CA43-13BB-4C41-8938-87A049DABE95}) (Version: 12.13.6.1 - Apple Inc.)
iVideoMate Video Downloader(Build 2.0.8.1) (HKLM\...\Video Downloader_is1) (Version: 2.0.8.1 - iVideoMate Software)
JAP (HKLM-x32\...\JAP) (Version: 00.18.001 - JAP-Team)
Java 8 Update 441 (64-bit) (HKLM\...\{77724AE4-039E-4CA4-87B4-2F64180441F0}) (Version: 8.0.4410.7 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Libgen Desktop 1.3.5 (64-bit) (HKLM\...\{88846ABC-26D2-4038-B51A-94A092FEB3D2}) (Version: 1.3.5 - Libgen Apps)
Malwarebytes version 4.6.17.334 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.17.334 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft Access MUI (Spanish) 2016 (HKLM\...\{90160000-0015-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Spanish) 2016 (HKLM\...\{90160000-0090-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 147.0.3912.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 147.0.3912.72 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Spanish) 2016 (HKLM\...\{90160000-0016-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Spanish) 2016 (HKLM\...\{90160000-00BA-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Spanish) 2016 (HKLM\...\{90160000-0044-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Spanish) 2016 (HKLM\...\{90160000-00E1-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Spanish) 2016 (HKLM\...\{90160000-00E2-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (Spanish) 2016 (HKLM\...\{90160000-002C-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM\...\{90160000-001F-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Spanish) 2016 (HKLM\...\{90160000-00C1-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2016 (HKLM\...\{90160000-006E-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office zuzenketa-tresnak 2016 - Euskara (HKLM\...\{90160000-001F-042D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\OneDriveSetup.exe) (Version: 26.055.0323.0004 - Microsoft Corporation)
Microsoft OneNote MUI (Spanish) 2016 (HKLM\...\{90160000-00A1-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Spanish) 2016 (HKLM\...\{90160000-001A-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Spanish) 2016 (HKLM\...\{90160000-0018-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project MUI (Spanish) 2016 (HKLM\...\{90160000-00B4-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM\...\{90160000-003B-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Publisher MUI (Spanish) 2016 (HKLM\...\{90160000-0019-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Security Client (HKLM\...\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}) (Version: 4.9.0218.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Skype for Business MUI (Spanish) 2016 (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.31301 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visio MUI (Spanish) 2016 (HKLM\...\{90160000-0054-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2016 (HKLM\...\{90160000-0051-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4014b6a8-d91a-42a0-a855-c6f1f84f36d6}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.50.35719 (HKLM\...\{AECD4ED0-8A3B-41E9-92D1-6BEE0374CCAF}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.50.35719 (HKLM\...\{61B44572-8722-4DAF-8ACF-8E742D30BCC5}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ v14 Redistributable (x64) - 14.50.35719 (HKLM-x32\...\{91ee571b-0e8a-4c65-9eaf-2e2f5fc60c00}) (Version: 14.50.35719.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Word MUI (Spanish) 2016 (HKLM\...\{90160000-001B-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 es-ES) (HKLM\...\Mozilla Firefox 141.0.3 (x64 es-ES)) (Version: 141.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.2 - Mozilla)
MSVCRT Redists (HKLM\...\{24DB3A5E-0BC8-11E5-9A27-F04DA23A5C58}) (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{7FD7FB8C-2C75-4A8E-A236-EB23C5C13322}) (Version: 8.3.582 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 31.1.2 - OBS Project)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Opera Stable 130.0.5847.41 (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\Opera 130.0.5847.41) (Version: 130.0.5847.41 - Opera Software)
Petrel 2009.1 (HKLM-x32\...\{E74EFDC6-2423-4CBB-A107-7A6D1538D990}) (Version: 4.11.1 - Schlumberger)
PIPESIM 2008.1 (HKLM-x32\...\{303A394E-7FD4-4D1A-BBC5-0F62FDBE0E6C}) (Version: 2008.01.0133 - Schlumberger)
PIXresizer 2.0.4 (HKLM-x32\...\PIXresizer_is1) (Version:  - Bluefive software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.3.0 - Proton AG)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.2504.127 - Trusteer) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 4.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.5 - VS Revo Group, Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Signal 7.21.0 (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 7.21.0 - Signal Messenger, LLC)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sony Mobile Software Update Drivers (HKLM\...\{4872001F-F67C-4C54-BC92-281C6A165251}) (Version: 3.2.0.3 - Sony Mobile Communications)
Sony Mobile Xperia Flash Tool (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\Xperia Flash Tool) (Version: 2.21.2.202101271636 - Sony Mobile Communications Inc.)
SumatraPDF (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\SumatraPDF) (Version: 3.5.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.191 - Synaptics Incorporated)
Telegram Desktop (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.6.2 - Telegram FZ-LLC)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Bulletin Board (HKLM\...\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM\...\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Trusteer Seguridad Terminal (HKLM-x32\...\Rapport_msi) (Version: 3.5.2504.127 - Trusteer)
TweetDeck (HKLM-x32\...\{85D70219-700E-4728-A80D-C394DEF6247E}) (Version: 3.0.2 - Twitter, Inc.)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PRJPRO_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.VISPRO_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version:  - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\WhatsApp) (Version: 0.2.8361 - WhatsApp)
WinDirStat 1.1.2 (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Sony Mobile Communications (ggsomc) SOMCFlashDevice  (12/06/2017 3.2.0.0) (HKLM\...\7AA77B236196DB9A6C04257060560ACDBB626F30) (Version: 12/06/2017 3.2.0.0 - Sony Mobile Communications)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Wondershare AllMyTube(Build 7.4.9.2) (HKLM-x32\...\AllMyTube_is1) (Version: 7.4.9.2 - Wondershare)
Wondershare Data Recovery(Build 4.7.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.7.0.5 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone(Build 2.0.1.3) (HKLM-x32\...\{B2AF05E3-4B0C-44A6-B146-322219BF3562}_is1) (Version: 2.0.1.3 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Youtube Downloader HD v. 3.4.1 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
Zoom Workplace (HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\ZoomUMX) (Version: 6.5.9 (11873) - Zoom Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-04-15] (Adobe Systems Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.27.4390.0_x64__rz1tebttyb220 [2025-08-01] (Dolby Laboratories)
Dominoes Block -> C:\Program Files\WindowsApps\15985Yasindewid.DominoesBlock_5.1.8.0_x64__39dp1177718dj [2021-03-15] (Yasin dewid)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-03-21] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_161.1.1087.0_x64__v10z8vjag6ke6 [2025-08-31] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-02-16] (Instagram)
PC Manager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.17.12.0_x64__8wekyb3d8bbwe [2025-08-21] (Microsoft Corporation) [Startup Task]
Power BI Desktop -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPowerBIDesktop_2.146.1254.0_x64__8wekyb3d8bbwe [2025-08-29] (Microsoft Corporation)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_6.0.2.0_x64__t4vj0pshhgkwm [2025-08-02] (Telegram Messenger LLP) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2534.2.0_x64__cv1g1gvanyjgm [2025-08-28] (WhatsApp Inc.) [Startup Task]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-08] (Microsoft Corporation)
23

@furtivex Aquí copio el resto del log generado en el archivo Addition, (2/2)


==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Jesús Saavedra\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Archivo no firmado]
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Jesús Saavedra\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Jesús Saavedra\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jesús Saavedra\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Jesús Saavedra\Dropbox [2014-10-29 16:31]
CustomCLSID: HKU\S-1-5-21-921242894-1989990284-1724683343-1000_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Jesús Saavedra\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Sin Nombre - {E37CB5F0-51F5-4395-A808-5FA49E399026} -  -> Ningún archivo
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2009-03-25] (Nero AG -> Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [Archivo no firmado]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-09] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-07-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\123.0.1.0\drivefsext.dll [2026-03-31] (Google LLC -> Google LLC.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-07-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

Shortcut: C:\Users\Jesús Saavedra\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.htm
Shortcut: C:\Users\Jesús Saavedra\Documents\Iconos accesos directos\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cisco WebEx IM.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gdgodbfllkenehbjembldlmkjjdafigh
ShortcutWithArgument: C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Módulos cargados (Lista blanca) =============

2021-03-06 00:33 - 2021-03-06 00:33 - 000010240 ____C () [Archivo no firmado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\acrotray.esp
2011-11-09 02:46 - 2010-12-20 21:49 - 001892352 ____C (Apache Software Foundation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-02-23 12:17 - 2013-02-23 12:17 - 000166400 _____ (Brice Lambson) [Archivo no firmado] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2010-08-06 11:45 - 2010-08-06 11:45 - 000071680 _____ (Hewlett-Packard) [Archivo no firmado] c:\windows\system32\hpzinw12.dll
2010-08-06 11:45 - 2010-08-06 11:45 - 000089600 _____ (Hewlett-Packard) [Archivo no firmado] c:\windows\system32\hpzipm12.dll
2011-11-09 02:46 - 2010-12-20 21:45 - 000069632 ____C (Intel Corporation) [Archivo no firmado] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\Users\Jesús Saavedra\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [257]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-921242894-1989990284-1724683343-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-921242894-1989990284-1724683343-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__190909
HKU\S-1-5-21-921242894-1989990284-1724683343-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-921242894-1989990284-1724683343-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2024-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_441\bin\ssv.dll [2024-12-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_441\bin\jp2ssv.dll [2024-12-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2024-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies SA -> Skype Technologies S.A.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-921242894-1989990284-1724683343-1000\...\localhost -> localhost

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-13 22:34 - 2019-04-20 17:22 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

2020-02-17 09:02 - 2025-05-06 09:48 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
41 435

==================== Network ===========================

(Actualmente no existe una corrección automática para esta sección.)

DNS Servers: 1.1.1.1 - 1.0.0.1
Firewall de Windows está habilitado.

Network Binding:
=============
Local Area Connection: Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) -> L1C63x64.sys
Wireless Network Connection: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC -> rtwlane_13.sys

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%CMG_HOME%\CMGJobService;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\ecl\home;C:\ecl\macros;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-921242894-1989990284-1724683343-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-921242894-1989990284-1724683343-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Innovation\Aqua.jpg
HKU\S-1-5-21-921242894-1989990284-1724683343-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Ningún archivo)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 4) (TamperProtectionSource: 2)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll


==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: Uninstall C: => 

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{D2C4DDCE-C6F7-4409-B060-40E378199449}] => (Allow) C:\Users\Jesús Saavedra\AppData\Local\Sony Mobile\Xperia Flash Tool\Emma.exe (Sony Nordic (Sweden), Filial till Sony Europe B.V.(NL) -> )
FirewallRules: [{6A4E2E68-8319-4A1B-B77A-A5597A8A883C}] => (Allow) C:\Users\Jesús Saavedra\AppData\Local\Sony Mobile\Xperia Flash Tool\Emma.exe (Sony Nordic (Sweden), Filial till Sony Europe B.V.(NL) -> )
FirewallRules: [UDP Query User{B6BA261C-0197-4048-837F-DDFEFD3DFBD8}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FBCA0255-C2D8-48C8-B8F7-14433C80FC76}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{A480A7FF-7623-4723-94B5-7BAC633BF9E2}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [Archivo no firmado]
FirewallRules: [UDP Query User{64BF888F-F21D-48E0-817E-40710D38CDEE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (AresGalaxy) [Archivo no firmado]
FirewallRules: [{53D0DB1E-49AD-4E48-B49D-12B81681B92A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{395B939F-0F0C-420C-B208-E043B1F483BF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C561B2D-BEF7-4006-B7F1-C8440D2B8427}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{630B2300-FE84-411B-AF25-B5895622F7BB}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B8F9440-E412-4BA8-BACC-9F7042796F4F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0AEF5141-A13D-4734-ACD9-8276410EC4EF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8229F84-DA7C-4CC9-B86D-5EEBC59F66D2}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37F1ABC3-A145-4184-BA0D-5D52F8E0D6C7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B1A9B84C-64F3-41DD-B34B-0622B863B8FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{77A9FF57-733B-45B3-B703-D84D20BEAFB7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{EC843C6E-1C2F-49C6-B599-F4EA266C9B20}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{990C3FA1-C220-45D7-88D9-3264578F0AF7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C679DE8B-0390-456A-B81E-C430743FF60D}C:\users\jesús saavedra\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\jesús saavedra\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [UDP Query User{C04D5B53-9EF9-4A52-9407-64A900B19748}C:\users\jesús saavedra\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\jesús saavedra\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [TCP Query User{BDAB431E-00BC-437C-BD73-055B14ADF235}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4D643BEF-5A81-49A9-971C-EA551CCBFFF6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{20CABF2F-9C53-4025-959B-6C558A1C7BD6}] => (Allow) C:\Users\Jesús Saavedra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{B32A18F5-058A-495C-8A32-232AC87AB496}] => (Allow) C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited)
FirewallRules: [{09618175-E168-43E6-83A8-1AA300081F68}] => (Allow) C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited)
FirewallRules: [{C6506F9A-608A-40E9-9DB0-2081CAC24E24}] => (Allow) C:\Users\Jesús Saavedra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{C2BAC537-F39E-49FF-B6AD-0E3F6BE55BCC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5B8F8736-048F-4242-9ECA-6261A999DE74}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D6356F25-DDE5-499F-9A55-09E94E3BDEB4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{0DDADF06-E9B6-4312-B2BA-F35417774423}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1885E43D-3ECA-4AB6-B223-5873FC6A5D36}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{87C8D307-9DEB-4AFF-8B91-277B34DE56A3}] => (Allow) C:\Program Files (x86)\Microsoft\Copilot\Application\mscopilot.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{98775455-7A7C-4C22-BC43-B460B741C76D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{7F7CD16B-5C6C-4F76-945E-5CE9087BA932}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

19-04-2026 19:08:07 Scheduled Checkpoint

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (04/22/2026 07:40:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET CLR Data (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET CLR Networking (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET CLR Networking 4.0.0.0 (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET Data Provider for Oracle (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET Data Provider for SqlServer (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NET Memory Cache 4.0 (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio .NETFramework (). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/22/2026 07:40:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: JSPC)
Description: Error al instalar las cadenas del contador de rendimiento para el servicio MSDTC Bridge 4.0.0.0 (). El primer valor DWORD de la sección de datos contiene el código de error.


Errores del sistema:
=============
Error: (04/23/2026 11:54:28 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:24 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:20 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:16 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:12 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:08 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:04 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (04/23/2026 11:54:00 PM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.


Windows Defender:
================
Date: 2026-04-24 00:12:35
Description: 
Microsoft Defender Antivirus detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Nombre: PUADlManager:Win32/InstallCore
Id.: 311991
Gravedad: Low
Categoría: Potentially Unwanted Software
Ruta de acceso: file:_C:\Users\Jesús Saavedra\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe
Origen de detección: Local machine
Tipo de detección: Concrete
Origen de detección: Real-Time Protection
Usuario: JSPC\Jesús I. Saavedra
Nombre de proceso: C:\Users\Jesús Saavedra\Desktop\FRST64.exe
Versión de inteligencia de seguridad: AV: 1.449.266.0, AS: 1.449.266.0, NIS: 1.449.266.0
Versión de motor: AM: 1.1.26030.3008, NIS: 1.1.26030.3008

Date: 2026-04-23 13:54:46
Description: 
Microsoft Defender Antivirus šςàή ĥąŝ ьéęή śţǿρрεð ъĕƒόґė сōмφŀεťīǿʼn.%ʼn %ťЅĉăŋ ÌÐ:%ъ{7B0EBB4B-47D9-4BA3-9827-088FA3FED288}%ñ %тŜсáņ Тўрé:%ьAntimalware%ή %ţŜсǻη Ρářåmèťêřŝ:%вQuick Scan%л  %τÙŝêř:%ъNT AUTHORITY\SYSTEM%η %ŧŞťōр Ŕěãşōņ:%ъScheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-04-22 20:06:06
Description: 
Microsoft Defender Antivirus detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Nombre: PUADlManager:Win32/InstallCore
Id.: 311991
Gravedad: Low
Categoría: Potentially Unwanted Software
Ruta de acceso: file:_C:\Users\Jesús Saavedra\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe; file:_C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\jdownloader2; startup:_C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk; uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\jdownloader2
Origen de detección: Local machine
Tipo de detección: Concrete
Origen de detección: System
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.449.247.0, AS: 1.449.247.0, NIS: 1.449.247.0
Versión de motor: AM: 1.1.26030.3008, NIS: 1.1.26030.3008

Date: 2026-04-21 15:06:10
Description: 
Microsoft Defender Antivirus šςàή ĥąŝ ьéęή śţǿρрεð ъĕƒόґė сōмφŀεťīǿʼn.%ʼn %ťЅĉăŋ ÌÐ:%ъ{8BDE841E-ECFE-4E58-A55B-26804C89D349}%ñ %тŜсáņ Тўрé:%ьAntimalware%ή %ţŜсǻη Ρářåmèťêřŝ:%вQuick Scan%л  %τÙŝêř:%ъNT AUTHORITY\SYSTEM%η %ŧŞťōр Ŕěãşōņ:%ъScheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-04-20 14:20:23
Description: 
Microsoft Defender Antivirus detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Nombre: PUADlManager:Win32/InstallCore
Id.: 311991
Gravedad: Low
Categoría: Potentially Unwanted Software
Ruta de acceso: file:_C:\Users\Jesús Saavedra\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe; file:_C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\jdownloader2; startup:_C:\Users\Jesús Saavedra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk; uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\jdownloader2
Origen de detección: Local machine
Tipo de detección: Concrete
Origen de detección: System
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.449.202.0, AS: 1.449.202.0, NIS: 1.449.202.0
Versión de motor: AM: 1.1.26030.3008, NIS: 1.1.26030.3008
Event[0]:

Date: 2026-04-12 15:27:22
Description: 
Microsoft Defender Antivirus detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.449.68.0
Origen de actualización: Microsoft Update Server
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Full
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.26030.3008
Código de error: 0x80070102
Descripción del error: The wait operation timed out. 

Date: 2026-04-03 12:30:01
Description: 
Microsoft Defender Antivirus detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.447.119.0
Origen de actualización: Microsoft Malware Protection Center
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Full
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.26020.3
Código de error: 0x80070020
Descripción del error: The process cannot access the file because it is being used by another process. 

Date: 2026-04-03 12:30:01
Description: 
Microsoft Defender Antivirus detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.447.119.0
Origen de actualización: Microsoft Malware Protection Center
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Full
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.26020.3
Código de error: 0x80070020
Descripción del error: The process cannot access the file because it is being used by another process. 

Date: 2026-04-03 12:30:01
Description: 
Microsoft Defender Antivirus detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.447.119.0
Origen de actualización: Microsoft Malware Protection Center
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Full
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.26020.3
Código de error: 0x80070020
Descripción del error: The process cannot access the file because it is being used by another process. 

Date: 2026-04-03 12:27:02
Description: 
Microsoft Defender Antivirus detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.447.119.0
Origen de actualización: Microsoft Update Server
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Full
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.26020.3
Código de error: 0x80240016
Descripción del error: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2026-01-25 18:39:34
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2026-01-25 18:39:28
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Información de la memoria =========================== 

BIOS: INSYDE TOSQCI - 1 06/26/2012
Placa base: Intel Corp. Base Board Product Name
Procesador: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Porcentaje de memoria en uso: 58%
RAM física total: 6091.86 MB
RAM física disponible: 2542.69 MB
Virtual total: 12235.86 MB
Virtual disponible: 8966.91 MB

==================== Unidades ================================

Drive c: (TI106234W0C) (Fixed) (Total:579.24 GB) (Free:22.88 GB) (Model: TOSHIBA MK6475GSX) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]
Drive e: (JESÚS SAAVEDRA 2TB) (Fixed) (Total:1862.92 GB) (Free:470.24 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS

\\?\Volume{9643e244-0a9d-11e1-b712-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
\\?\Volume{9deb38f3-0000-0000-0000-002d91000000}\ () (Fixed) (Total:0.94 GB) (Free:0.17 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9DEB38F3)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=965 MB) - (Type=27)
Partition 4: (Not Active) - (Size=14.5 GB) - (Type=17)

==================== Final de Addition.txt =======================
24

Saludos nuevamente, @furtivex

Ud. me sugiere intentar la ejecución del comando chkdsk c: /r, pero al ejecutar, me aparece la siguiente respuesta:

“Se denegó el acceso porque no tienes suficientes privilegios o el disco podría estar bloquedo por otro proceso. Invoca esta utilidad ejecutándola en modo elevado y asegúrate de que el disco esté desbloqueado”

No sé lo que significa ejecutar en modo elevado, ni tampoco cómo asegurarme de que el disco esté desbloqueado. Le agradeco me oriente.

Saludos, muy amable

25

Hola @socgom , Intentémoslo de esta manera:

:one: Farbar Recovery Scan Tool: FIX

Nota: tras ejecutar el script (posiblemente), se cerrarán todas las pestañas abiertas del navegador, se cerrará la sesión de sus cuentas y se borrarán los archivos temporales, la papelera de reciclaje, el historial del navegador, las cookies y la caché.

Desactive su antivirus antes de reiniciar. Seleccione el siguiente código:

Start::

AlternateDataStreams: C:\Users\Jesús Saavedra\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [257]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Ningún archivo)
S3 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" (Ningún archivo)
S3 Lavasoft Kernexplorer; ??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys (Ningún archivo)
ShellExecuteHooks-x32: Sin Nombre - {E37CB5F0-51F5-4395-A808-5FA49E399026} -  -> Ningún archivo
StartupCommonDir: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inicio <==== ATENCIÓN
C:\Program Files (x86)\Lavasoft

cmd: chkdsk c: /r & echo S

Reboot:
End::

Copie el texto seleccionado (clic derecho - Copiar). Ejecute FRST (FRST64) como administrador. Haga clic en “Reparar” una vez (!) y espere. El programa creará un archivo de registro (Fixlog.txt). Adjúntelo a su próximo mensaje.

El ordenador se reiniciará automáticamente.

26

Hola, saludos @furtivex

Antes de ver su sugerencia, me puse a reordenar y borrar algunas cosas en ese disco duro, y ejecuté el desfrgmentador Defraggler; espero eso no altere nada. Aunque en porcentaje sigue poco la recuperación, además de desinstalar programas de redes sociales que en realidad no uso y que tenian tiempo instalados, el disco pasó de 21 Gb libres a aproximadamente 33 Gb.

A continuación pego el archivo fixlog.txt, tal como Ud. me solicitó; me llama la atención, que creo haber visto en alguno de los logs previos, que hay cuentas de usuario que imagino son las que se instalaron a través de algún proceso malicioso, están contribuyendo en mayor cuantía a la ralentización en el arranque y en otros procesos.. esa de “DevToolsUser” :

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 28-04-2026
Ejecutado por Jesús I. Saavedra (28-04-2026 22:29:18) Run:3
Ejecutado desde C:\Users\Jesús Saavedra\Desktop
Perfiles cargados: Jesús I. Saavedra & Temporal Europa & DevToolsUser
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start::

AlternateDataStreams: C:\Users\Jesús Saavedra\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [257]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Ningún archivo)
S3 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" (Ningún archivo)
S3 Lavasoft Kernexplorer; ??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys (Ningún archivo)
ShellExecuteHooks-x32: Sin Nombre - {E37CB5F0-51F5-4395-A808-5FA49E399026} -  -> Ningún archivo
StartupCommonDir: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inicio <==== ATENCIÓN
C:\Program Files (x86)\Lavasoft

cmd: chkdsk c: /r & echo S

Reboot:
End::
*****************

C:\Users\Jesús Saavedra\Downloads\esetonlinescanner.exe => ":MBAM.Zone.Identifier" ADS eliminado correctamente
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Ningún archivo) => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\System\CurrentControlSet\Services\Lavasoft Ad-Aware Service => eliminado correctamente
Lavasoft Ad-Aware Service => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\Lavasoft Kernexplorer => eliminado correctamente
Lavasoft Kernexplorer => servicio eliminado correctamente
"HKLM\Software\Wow6432Node{E37CB5F0-51F5-4395-A808-5FA49E399026}" => no encontrado
StartupCommonDir: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inicio <==== ATENCIÓN => restaurado correctamente
"C:\Program Files (x86)\Lavasoft" => no encontrado

========= chkdsk c: /r & echo S =========

汅琠灩敤楳瑳浥⁡敤愠捲楨潶⁳獥丠䙔⹓਍潎猠⁥異摥⁥汢煯敵牡氠⁡湵摩摡愠瑣慵⹬਍਍䡃䑋䭓渠敳瀠敵敤攠敪畣慴⁲潰煲敵漠牴牰捯獥慹攠瑳₠獵湡潤攠൬瘊汯浵湥<U+202E>䒨獥慥焠敵猠⁥牰灥牡⁥獥整瘠汯浵湥瀠牡⁡畱⁥敳⁡潣灭潲慢潤਍慬瀠ꉲ楸慭瘠穥焠敵猠⁥敲湩捩敩攠楳瑳浥㽡⠠⽓⥎匠ഠഊ䔊瑳⁥潶畬敭敳挠浯牰扯牡₠慬瀠ꉲ楸慭瘠穥焠敵猠⁥敲湩捩敩攠楳瑳浥⹡਍S


========= Final de CMD: =========



El sistema necesita reiniciarse.

==== Final de Fixlog 22:29:42 ====
27

Hola @socgom , Buena idea, ya que no estás familiarizado con ella, algunas de las otras parecen problemáticas, probemos lo siguiente:

:one: Farbar Recovery Scan Tool: FIX

Nota: tras ejecutar el script (posiblemente), se cerrarán todas las pestañas abiertas del navegador, se cerrará la sesión de sus cuentas y se borrarán los archivos temporales, la papelera de reciclaje, el historial del navegador, las cookies y la caché.

Desactive su antivirus antes de reiniciar. Seleccione el siguiente código:

Start::

DevToolsUser (S-1-5-21-921242894-1989990284-1724683343-1005 - 0 - Enabled) => C:\Users\DevToolsUser
HomeGroupUser$ (S-1-5-21-921242894-1989990284-1724683343-1002 - Limited - Enabled) => C:\Users\HomeGroupUser$ <==== ATENCIÓN
Administrator (S-1-5-21-921242894-1989990284-1724683343-500 - Administrators - Disabled) => C:\Users\Administrator <==== ATENCIÓN
cmd: chcp 65001 & chkdsk c: /r

Reboot:
End::

Copie el texto seleccionado (clic derecho - Copiar). Ejecute FRST (FRST64) como administrador. Haga clic en “Reparar” una vez (!) y espere. El programa creará un archivo de registro (Fixlog.txt). Adjúntelo a su próximo mensaje.

El ordenador se reiniciará automáticamente.

28

Le planteo lo siguiente @furtivex: la cuenta local que usa esta laptop para acceder a la sesión del windows, es la que tiene el nombre (es el usuario principal); otra cuenta, en modo invitado, es la que se llama Temporal Europa.

Esa tercera de DevToolUser es la que desconozco.

También veo en su script que se busca poner atención a esos “usuarios” que entiendo aparecen instalados y ralentizan mucho el inicio, llamadas “HomeGroupUser$”, y “Administrator”. A ambas las desconozco.

Otra cosa a acotar, antes de correr el script reciente que Ud. me envió, vía el ejecutable FSRT: sabiendo que tarda un poco el inicio, y ya de alguna manera atado de manos respecto al elemento o elementos que ralentizan el arranque u otros procesos, me puse a tomar nota del tiempo que tarda desde que prendo el dispositivo, hasta que abre el usuario: 8min10seg aproximadamente… cuando abre el escritorio y empiezan a aparecer los iconos de acceso directo en barra de tareas, se añaden 2min10seg más, aproximadamente; y al presionar la aplicación ofimática par abrir un archivo, se le suma aproximadamente 1min47seg..Total son 12min y fracción desde que presiono el botón de encendido hasta que se abre un archivo. Ojalá ese tiempo reduzca luego de lo que Ud. me plantea hacer. He, además, actualizado algunos de los softwares que están instalados, utilizando en e cmd l comando winget upgrade --all, y luego he ejecutado el freeware CCleaner, procurando limpiar y borrar todo cuanto pueda.

Agradezco su guía, @furtivex, ahora mismo procedo a pasar el script reciente y cuando termine, le dejaré el log generado en la siguiente respuesta.

29

Saludos, @furtivex, aquí el resultado que se generó en el archivo fixlog.txt donde se buscaba repara, usando el script que Ud. envió, el tema de los usuarios a los que yo me refiero como invasores. Pego tal cual a continuación:

Ejecutado por Jesús I. Saavedra (30-04-2026 22:45:43) Run:4
Ejecutado desde C:\Users\Jesús Saavedra\Desktop
Perfiles cargados: Jesús I. Saavedra & Temporal Europa
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start::

DevToolsUser (S-1-5-21-921242894-1989990284-1724683343-1005 - 0 - Enabled) => C:\Users\DevToolsUser
HomeGroupUser$ (S-1-5-21-921242894-1989990284-1724683343-1002 - Limited - Enabled) => C:\Users\HomeGroupUser$ <==== ATENCIÓN
Administrator (S-1-5-21-921242894-1989990284-1724683343-500 - Administrators - Disabled) => C:\Users\Administrator <==== ATENCIÓN
cmd: chcp 65001 & chkdsk c: /r

Reboot:
End::
*****************

DevToolsUser (S-1-5-21-921242894-1989990284-1724683343-1005 - 0 - Enabled) => C:\Users\DevToolsUser => Error: Ninguna corrección automática encontrada para esta entrada.
HomeGroupUser$ (S-1-5-21-921242894-1989990284-1724683343-1002 - Limited - Enabled) => C:\Users\HomeGroupUser$ <==== ATENCIÓN => No será eliminado con FRST.
Administrator (S-1-5-21-921242894-1989990284-1724683343-500 - Administrators - Disabled) => C:\Users\Administrator <==== ATENCIÓN => Error: Ninguna corrección automática encontrada para esta entrada.

========= chcp 65001 & chkdsk c: /r =========

P gina de c¢digos activa: 65001
El tipo del sistema de archivos es NTFS.
No se puede bloquear la unidad actual.

CHKDSK no se puede ejecutar porque otro proceso ya est  usando el
volumen. ¨Desea que se prepare este volumen para que sea comprobado
la pr¢xima vez que se reinicie el sistema? (S/N) 
CHKDSK no se puede ejecutar porque otro proceso ya est  usando el
volumen. ¨Desea que se prepare este volumen para que sea comprobado
la pr¢xima vez que se reinicie el sistema? (S/N) 

========= Final de CMD: =========



El sistema necesita reiniciarse.

==== Final de Fixlog 22:46:34 ====
escribe o pega el código aquí
30

Hola @socgom , La solución no funcionó como esperaba debido a errores míos. Intentémoslo de nuevo. Por cierto, disculpen la demora, he estado más ocupado de lo normal.

:one: Farbar Recovery Scan Tool: FIX

Nota: tras ejecutar el script (posiblemente), se cerrarán todas las pestañas abiertas del navegador, se cerrará la sesión de sus cuentas y se borrarán los archivos temporales, la papelera de reciclaje, el historial del navegador, las cookies y la caché.

Desactive su antivirus antes de reiniciar. Seleccione el siguiente código:

Start::
SystemRestore: On
CreateRestorePoint:

cmd: net localgroup Administrators Administrator /delete
cmd: net localgroup Users Administrator /delete
cmd: net localgroup "Remote Desktop Users" Administrator /delete
cmd: net localgroup "Remote Management Users" Administrator /delete
cmd: net user Administrator /delete

cmd: net localgroup Administrators HomeGroupUser$ /delete
cmd: net localgroup Users HomeGroupUser$ /delete
cmd: net localgroup "Remote Desktop Users" HomeGroupUser$ /delete
cmd: net localgroup "Remote Management Users" HomeGroupUser$ /delete
cmd: net user HomeGroupUser$ /delete

cmd: net localgroup Administrators DevToolsUser /delete
cmd: net localgroup Users DevToolsUser /delete
cmd: net localgroup "Remote Desktop Users" DevToolsUser /delete
cmd: net localgroup "Remote Management Users" DevToolsUser /delete
cmd: net user DevToolsUser /delete

cmd: chcp 65001
cmd: echo S|chkdsk c: /r

Emptytemp:
End::

Copie el texto seleccionado (clic derecho - Copiar). Ejecute FRST (FRST64) como administrador. Haga clic en “Reparar” una vez (!) y espere. El programa creará un archivo de registro (Fixlog.txt). Adjúntelo a su próximo mensaje.

El ordenador se reiniciará automáticamente.

31

Bien, hace minutos, luego de que corriera el chkdsk y reiniciara el sistema (tardó algo más de cinco horas), he podido ver el log que arrojó su script, @furtivex. Espero Ud. pueda ver y sugerir algo más, aquí le copio tal cual:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 28-04-2026
Ejecutado por Jesús I. Saavedra (02-05-2026 19:14:35) Run:5
Ejecutado desde C:\Users\Jesús Saavedra\Desktop
Perfiles cargados: Jesús I. Saavedra & Temporal Europa & DevToolsUser
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start::
SystemRestore: On
CreateRestorePoint:

cmd: net localgroup Administrators Administrator /delete
cmd: net localgroup Users Administrator /delete
cmd: net localgroup "Remote Desktop Users" Administrator /delete
cmd: net localgroup "Remote Management Users" Administrator /delete
cmd: net user Administrator /delete

cmd: net localgroup Administrators HomeGroupUser$ /delete
cmd: net localgroup Users HomeGroupUser$ /delete
cmd: net localgroup "Remote Desktop Users" HomeGroupUser$ /delete
cmd: net localgroup "Remote Management Users" HomeGroupUser$ /delete
cmd: net user HomeGroupUser$ /delete

cmd: net localgroup Administrators DevToolsUser /delete
cmd: net localgroup Users DevToolsUser /delete
cmd: net localgroup "Remote Desktop Users" DevToolsUser /delete
cmd: net localgroup "Remote Management Users" DevToolsUser /delete
cmd: net user DevToolsUser /delete

cmd: chcp 65001
cmd: echo S|chkdsk c: /r

Emptytemp:
End::
*****************

SystemRestore: On => Error -> 5%
CreateRestorePoint: Error(1=5%) -> Error al crear un punto de restauración.

========= net localgroup Administrators Administrator /delete =========

Error de sistema 1371.

No se puede ejecutar esta operaci¢n en las cuentas integradas.



========= Final de CMD: =========


========= net localgroup Users Administrator /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net localgroup "Remote Desktop Users" Administrator /delete =========

Error de sistema 1376.

El grupo local especificado no existe.



========= Final de CMD: =========


========= net localgroup "Remote Management Users" Administrator /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net user Administrator /delete =========

Error de sistema 1371.

No se puede ejecutar esta operaci¢n en las cuentas integradas.



========= Final de CMD: =========


========= net localgroup Administrators HomeGroupUser$ /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net localgroup Users HomeGroupUser$ /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net localgroup "Remote Desktop Users" HomeGroupUser$ /delete =========

Error de sistema 1376.

El grupo local especificado no existe.



========= Final de CMD: =========


========= net localgroup "Remote Management Users" HomeGroupUser$ /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net user HomeGroupUser$ /delete =========

Se ha completado el comando correctamente.



========= Final de CMD: =========


========= net localgroup Administrators DevToolsUser /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net localgroup Users DevToolsUser /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net localgroup "Remote Desktop Users" DevToolsUser /delete =========

Error de sistema 1376.

El grupo local especificado no existe.



========= Final de CMD: =========


========= net localgroup "Remote Management Users" DevToolsUser /delete =========

Error de sistema 1377.

El nombre de cuenta especificado no pertenece al grupo.



========= Final de CMD: =========


========= net user DevToolsUser /delete =========

Se ha completado el comando correctamente.



========= Final de CMD: =========


========= chcp 65001 =========

P gina de c¢digos activa: 65001


========= Final de CMD: =========


========= echo S|chkdsk c: /r =========

El tipo del sistema de archivos es NTFS.
No se puede bloquear la unidad actual.

CHKDSK no se puede ejecutar porque otro proceso ya est  usando el
volumen. ¨Desea que se prepare este volumen para que sea comprobado
la pr¢xima vez que se reinicie el sistema? (S/N) S

Este volumen se comprobar  la pr¢xima vez que se reinicie el sistema.


========= Final de CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44411471 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 37558259 B
Edge => 150360905 B
Chrome => 1724026901 B
Brave => 79169134 B
Firefox => 667632 B
Opera => 9245494 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2448 B
NetworkService => 5892 B
Jesús Saavedra => 39823385 B
Temporal Europa => 71943 B
DevToolsUser => 0 B

RecycleBin => 2471963 B
EmptyTemp: => 1.9 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 19:33:21 ====
32

Creo que las cuentas HomeGroupUsers$ y Administrator están bien, aunque no las reconozcas. HomeGroupUsers$ parece estar relacionada con Windows 7. ¿Actualizaste de Windows 7 a Windows 10 hace tiempo? En cualquier caso, no debería haber problemas, pero también es seguro eliminarla. Windows 10 y versiones posteriores ya no utilizan este nombre de usuario específico.

Parece que DevToolUser se eliminó correctamente. Puede que aún encuentres un rastro en C:\Users\DevToolUser, pero ahora deberías poder eliminarla si quieres, o podemos usar otro script si prefieres eliminarla.

La comprobación de disco también parece haberse realizado correctamente esta vez. Ten en cuenta que este comando a veces soluciona problemas, pero no está garantizado. Como a todos, recomiendo hacer copias de seguridad por si la unidad queda inaccesible en el futuro. Pero parece que hemos hecho todo lo posible por reparar la unidad.

¿Cómo está el sistema ahora?

33

Saludos nuevamente, @furtivex. Respondiéndole:

Sí, sí actualicé de Windows 7 a Windows 10 cuando el sistema ofreció la oportunidad, y hubiese actualizado al 11, pero aunque ví que había maneras de hacerlo, las características originales no permitían actualizar al windows 11 cuando éste apareció. También está el tema de que el disco es HDD, y esta con mucha ocupación, tal como se vio en análisis previo y que Ud notificó sugirió liberar un buen porcentaje

Si aun es posible eliminar con un script algo de los rastros que queden de esos usuarios, le agradezco pueda enviar un script para finalmente eliminar eso de esos usuarios, inclusive de algún remanente del windows 7 original

El sistema anda un poco más rápido, aunque a veces vuelve a congelarse y a aparecer la pantalla completa color gris, que asocio con elementos que consumen memoria, o que los programas no responden y se congelan por minutos por tema de memoria… pues no queda más que esperar. A veces quiero borrar carpetas que desconozco, pero que por eso mismo prefiero evitar, aunque estén vacías… creo que también ha que ganarle espacio al disco para que también desempeñe mejor.

Creo que no he visto en días recientes que aparezca el cuadro del cmd así inesperadamente como describí al inicio de este tema, pero sigo pendiente, y bueno, tendré que seguir revisando cuáles programas (o restos de éllos) aun estén instalados sin que tengan la utilidad qque en su momento tuvieron.

34

Gracias por los comentarios; podemos seguir trabajando más en el sistema.

:one: La siguiente herramienta, llamada SecurityCheck, es una utilidad para comprobar rápidamente la presencia de aplicaciones potencialmente vulnerables y el estado de otras configuraciones de seguridad.

  • Desactive temporalmente Microsoft SmartScreen solo si impide la descarga del software. El programa es seguro.
  • Descarga SecurityCheck de glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.zip
  • Si SmartScreen bloquea la ejecución del archivo, haz clic en Más información y luego en Ejecutar de todos modos.
  • Esta herramienta es segura. SmartScreen es demasiado sensible. Puede consultar el análisis de VirusTotal de la herramienta aquí
  • Haga clic con el botón derecho del ratón en Securitycheck.exe, seleccione “Ejecutar como administrador” y responda SÍ para permitir su ejecución.
  • Espere a que finalice el análisis. Se abrirá un archivo de texto llamado SecurityCheck.txt. Cierre el archivo y adjúntelo a su próxima respuesta.
  • Puede encontrar este archivo en una carpeta llamada SecurityCheck, en la siguiente ruta: C:\SecurityCheck\SecurityCheck.txt
35

Aquí el log generado por el SecurityCheck.exe, @furtivex

Pude ver que otra vez se ocupó espacio. Esto haciendo algo que es tedioso, pero necesario. Cambiando el tamaño de videos y fotos de hace mucho tiempo que ocupan un espacio que no es despreciable, luego de ver el registro del WinDirStat… (que veo en este log que aparece dos veces, no sé por qué, quizás quedó un rastro de una versión anterior)

SecurityCheck by glax24 & Severnyj v.1.4.0.58 [15.08.24]
WebSite: www.safezone.cc
DateLog: 05.05.2026 18:04:14
Path starting: C:\Users\Jesús Saavedra\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Jesús I. Saavedra
VersionXML: 16.01is-29.04.2026
___________________________________________________________________________

Windows 10 Core (x64) Release: 22H2 (10.0.19045.6456) Lang: English(0409)
Installation date OS: 17.03.2021 22:29:58
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProjectProVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 16, Office16VisioProVL_KMS_Client edition Windows is in Notification mode
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [579.2 Gb] Used: [552.2 Gb] Free: [27 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended [color=red][b]Warning! [url=https://go.microsoft.com/fwlink/?linkid=2171764]Download Update[/url][/b][/color]
User Account Control [b]enabled[/b] (Level 3)
Notify before download
Security Center (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Detección SSDP (SSDPSRV) - The service has stopped
Servicios de Escritorio remoto (TermService) - The service has stopped
Administración remota de Windows (WS-Management) (WinRM) - The service has stopped
Servicio de transferencia inteligente en segundo plano (BITS) (BITS) - The service has stopped
Optimización de distribución (DoSvc) - The service has stopped
Servicio de seguridad de Windows (SecurityHealthService) - The service is running
Servicio orquestador de actualizaciones (UsoSvc) - The service is running
Servicio de Windows Update Medic (WaaSMedicSvc) - The service is running
Windows Update (wuauserv) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2016 x64 v.16.0.4266.1001
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall de Windows Defender (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Ad-Aware v.8.3.0 [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it and use another software.
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office Professional Plus 2016 v.16.0.4266.1001 [b][color=red]Warning! This software is no longer supported. Please use [url=https://products.office.com/en-us/]latest Microsoft Office[/url], [url=https://products.office.com/en-us/office-online/]Office Online[/url] or [url=https://www.libreoffice.org/download/download/]LibreOffice[/url][/color][/b]
Microsoft Silverlight v.5.1.50918.0 [b][color=red]Warning! This software is no longer supported.[/color][/b]
Microsoft Office zuzenketa-tresnak 2016 - Euskara v.16.0.4266.1001 [b][color=red]Warning! This software is no longer supported. Please use [url=https://products.office.com/en-us/]latest Microsoft Office[/url], [url=https://products.office.com/en-us/office-online/]Office Online[/url] or [url=https://www.libreoffice.org/download/download/]LibreOffice[/url][/color][/b]
Microsoft .NET Framework 4.6.1 v.4.6.01055 [color=red][b]Warning! [url=https://dotnet.microsoft.com/download/dotnet-framework/net48]Download Update[/url][/b][/color]
SumatraPDF v.3.6.1
Microsoft Edge WebView2 Runtime v.147.0.3912.98 [b][+][/b]
Microsoft Visual C++ v14 Redistributable (x86) - 14.50.35719 v.14.50.35719.0
Microsoft Visual C++ v14 Redistributable (x64) - 14.50.35719 v.14.50.35719.0
------------------------------- [ Backup ] --------------------------------
Google Drive v.124.0.3.0
Microsoft OneDrive v.26.063.0405.0002 [b][+][/b]
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 7.21 (64-bit) v.7.21.0
WinDirStat v.2.5.0
WinDirStat 1.1.2
-------------------------- [ IMAndCollaborate ] ---------------------------
Cisco Webex Meetings v.40.8.4 [color=red][b]Warning! [url=https://akamaicdn.webex.com/client/webexapp.msi]Download Update[/url][/b][/color]
GoToMeeting 10.18.0.19932 v.10.18.0.19932
Zoom Workplace v.7.0.2 (34412) [b][+][/b]
Telegram Desktop v.6.7.8
---------------------------- [ ProxyAndVPNs ] -----------------------------
Proton VPN v.4.3.14
Cisco LEAP Module v.1.0.19 [b][color=red]Warning![/color][/b] Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
Cisco EAP-FAST Module v.2.2.14 [b][color=red]Warning![/color][/b] Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
Cisco PEAP Module v.1.1.6 [b][color=red]Warning![/color][/b] Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 441 (64-bit) v.8.0.4410.7 [color=red][b]Warning! [url=https://www.java.com/en/download/manual.jsp]Download Update[/url][/b][/color]
[color=blue][b]Uninstall old version and install new one (jre-8u491-windows-x64.exe).[/b][/color]
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.23
iTunes v.12.13.10.3
HandBrake 1.11.1 v.1.11.1
OBS Studio v.32.1.2
QuickTime 7 v.7.79.80.95 [b][color=red]Warning! This software is no longer supported.[/color][/b] Please [b][url=https://support.apple.com/HT205771]uninstall it[/url][/b] and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
swMSM v.12.0.0.1 [color=blue][b]<< Hidden[/b][/color] [b][color=red]Warning! This software is no longer supported.[/color][/b] Please uninstall it.
Adobe Acrobat DC v.21.001.20145 [color=red][b]Warning! [url=https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html]Download Update[/url][/b][/color]
[color=blue][b]^Please run Acrobat DC and go Help - Check for updates...^[/b][/color]
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 es-ES) v.150.0 [color=red][b]Warning! [url=https://www.firefox.com/en-US/download/all/]Download Update[/url][/b][/color]
Opera Stable 131.0.5877.5 v.131.0.5877.5
Brave v.147.1.89.145 [b][+][/b]
Google Chrome v.147.0.7727.138
Microsoft Edge v.147.0.3912.98 [b][+][/b]
CCleaner Update Helper v.1.8.1990.6 [b][color=red]Warning! Browser installed as part of other software.[/color] It’s advised to remove it and instead download and install the [url=https://brave.com/download/]Brave Browser[/url], [url=https://www.mozilla.org/en-US/firefox/all/]Firefox[/url] or [url=https://github.com/mullvad/mullvad-browser/releases/latest]Mullvad Browser[/url].[/b]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe v.109.0.0.107
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe v.109.0.0.107
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe v.109.0.0.107
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe v.109.0.0.107
Servicio principal de Microsoft Defender (MDCoreSvc) - The service is running
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpDefenderCoreService.exe v.4.18.26030.3011
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MsMpEng.exe v.4.18.26030.3011
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\NisSrv.exe v.4.18.26030.3011
Servicio de antivirus de Microsoft Defender (WinDefend) - The service is running
Servicio de inspección de red de Antivirus de Microsoft Defender (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner 7 v.7.7.1313.1667 [b]Warning![/b] Suspected demo version of anti-spyware, driver updater or [url=https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities]optimizer[/url]. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using [url=https://www.malwarebytes.com/mwb-download/thankyou]Malwarebytes Anti-Malware[/url]. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Bonjour v.3.1.0.1 [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Youtube Downloader HD v. 3.4.1 [b][color=red]Warning! Suspected Adware![/color][/b] If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using [url=https://www.malwarebytes.com/mwb-download/thankyou]Malwarebytes Anti-Malware[/url]. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Wondershare Helper Compact 2.5.3 v.2.5.3 [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
AVG PC TuneUp v.16.77.3 [color=blue][b]<< Hidden[/b][/color] [b]Warning![/b] Suspected demo version of anti-spyware, driver updater or [url=https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities]optimizer[/url]. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using [url=https://www.malwarebytes.com/mwb-download/thankyou]Malwarebytes Anti-Malware[/url]. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
CCleaner 7 (CCleaner7) - The service has stopped
C:\Program Files\Piriform\CCleaner 7\CCleaner.exe v.7.7.2358.0
----------------------------- [ End of Log ] ------------------------------
36

@socgom Por favor, desinstale o actualice lo siguiente:

  • Ad-Aware v.8.3.0 Warning! This software is no longer supported. Please uninstall it and use another software.
  • Microsoft Office Professional Plus 2016 v.16.0.4266.1001 Warning! This software is no longer supported. Please use latest Microsoft Office, Office Online or LibreOffice
  • Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported.
  • Microsoft Office zuzenketa-tresnak 2016 - Euskara v.16.0.4266.1001 Warning! This software is no longer supported. Please use latest Microsoft Office, Office Online or LibreOffice
  • Microsoft .NET Framework 4.6.1 v.4.6.01055 Warning! Download Update
  • Cisco Webex Meetings v.40.8.4 Warning! Download Update
  • Cisco LEAP Module v.1.0.19 Warning! Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
  • Cisco EAP-FAST Module v.2.2.14 Warning! Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
  • Cisco PEAP Module v.1.1.6 Warning! Cisco EAP-FAST Module is an Authentication via Secure Tunneling (EAP-FAST), an EAP type from Cisco Systems. If you haven’t used any CISCO products and not connected to a domain network, you may go ahead and uninstall them.
  • Java 8 Update 441 (64-bit) v.8.0.4410.7 Warning! Download Update
  • Uninstall old version and install new one (jre-8u491-windows-x64.exe).
  • QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported.
  • Please uninstall it and use another software.
  • swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it.
  • Adobe Acrobat DC v.21.001.20145 Warning! Download Update
  • ^Please run Acrobat DC and go Help - Check for updates…^
  • Mozilla Firefox (x64 es-ES) v.150.0 Warning! Download Update
  • CCleaner Update Helper v.1.8.1990.6 Warning! Browser installed as part of other software. It’s advised to remove it and instead download and install the Brave Browser, Firefox or Mullvad Browser.
  • CCleaner 7 v.7.7.1313.1667 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
  • Youtube Downloader HD v. 3.4.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
  • Wondershare Helper Compact 2.5.3 v.2.5.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
  • AVG PC TuneUp v.16.77.3 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
37

WinDirStat también se encuentra en la versión 2.5.0, por si deseas obtener su actualización.

SystemDrive: C: FS: [NTFS] Capacity: [579.2 Gb] Used: [552.2 Gb] Free: [27 Gb]
38

Una vez completado todo lo anterior, volveremos a intentar ejecutar algunos comandos anteriores para ver si logramos obtener mejores resultados.

:one: Farbar Recovery Scan Tool: FIX

Nota: tras ejecutar el script (posiblemente), se cerrarán todas las pestañas abiertas del navegador, se cerrará la sesión de sus cuentas y se borrarán los archivos temporales, la papelera de reciclaje, el historial del navegador, las cookies y la caché.

Desactive su antivirus antes de reiniciar. Seleccione el siguiente código:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

CMD: DISM /Online /Cleanup-image /Restorehealth
CMD: sfc /scannow
CMD: winmgmt /salvagerepository
CMD: winmgmt /verifyrepository

CMD: netsh winsock reset catalog
CMD: netsh int ip reset resetlog.txt
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyEventLogs:

End::

Copie el texto seleccionado (clic derecho - Copiar). Ejecute FRST (FRST64) como administrador. Haga clic en “Reparar” una vez (!) y espere. El programa creará un archivo de registro (Fixlog.txt). Adjúntelo a su próximo mensaje.