Buenos días.
Me presento; mi nombre es Saúl. Siempre que he tenido algún tipo de problema, he acudido aquí en busca de alguna solución -casi siempre con éxito resultado-.
De verdad, que lamento tener que abrir un nuevo tema, otra vez, sobre esto.
Creo que he contraído algún tipo de malwar que ya se ha hablado en este foro, sobre el archivo VBS que proviene de ‘x’ página de descarga de películas y demás según me he informado. Necesitaba urgentemente una película para el colegio (estoy de prácticas en un cole), y tuve que tirar de ahí viendo que no la encontraba en ningún otro lado.
Ya he leído varios temas abiertos sobre el mismo caso, el problema es que, mi conocimiento sobre informática avanzada es bastante malo, y tengo miedo de que el remedio sea peor que la enfermedad.
Mi portátil, un LENOVO LEGION Y520, que desde hace unos días, se apaga de forma rápida, la batería vuela, el procesador está ‘ahogado’ de lo rápido que va, y sobre todo, ahora, funciona muy lento.
No sé si pedir disculpas de antemano debido al cóctel de problemas que estoy dando y puedo dar, ya que tengo bastante miedo de -en caso de recibir ayuda- no poder solucionarlo al no tener gran conocimiento.
De primeras, mil gracias. Un saludo.
Hola
Desactiva Temporalmente tu antivirus
Descarga a Tu Escritorio muy importante <<.,Fabar Recovery Scan Tool ¿Cómo saber si mi Windows es de 32 o 64 bits?
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer , presiona Yes
En la nueva ventana que se abre, presiona el botón Scan
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt , que estarán grabados en Tu escritorio
En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST
Nota: no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 08-01-2020
Ejecutado por saulg (administrador) sobre LAPTOP-CTEA4C9B (LENOVO 80WK) (12-01-2020 13:24:10)
Ejecutado desde C:\Users\saulg\Desktop
Perfiles cargados: saulg (Perfiles disponibles: saulg)
Platform: Windows 10 Home Versión 1903 18362.535 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: FF
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\saulg\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Rosetta Stone Ltd -> Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\saulg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [245088 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1852352 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> )
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7938648 2019-11-26] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [AceStream] => C:\Users\saulg\AppData\Roaming\ACEStream\engine\ace_engine.exe [27992 2017-10-04] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-02-12] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [Spotify] => C:\Users\saulg\AppData\Roaming\Spotify\Spotify.exe [22151072 2020-01-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [4234b26e] => C:\ProgramData\Intel\Wireless\43399eb\bafgkgc.exe [943784 2020-01-12] (AutoIt Consulting Ltd -> AutoIt Team)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {1207773B-F236-4053-B089-198FBAF6FFCD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f3541a4-91c9-444f-847d-56ec157589c0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {19434527-BFD0-48C0-9FF2-5BC7BD558F67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2BBDC7ED-E776-447C-B68F-88ABD81779E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {2C168B1B-1766-403E-9A5B-601785E657E6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [704960 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {30328852-12B6-403F-94E0-2077F31FD55A} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {3192DAC1-A458-4775-AB57-8E8A1E94CBDD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\02373611-0d09-4e60-80ac-9be18ef7b558 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {33451C13-81C7-4384-A51B-030B48EF2051} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {3583C29D-73BB-44C8-B416-3701C60D5BC6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [628672 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4078F501-4705-4271-AE53-AB5C08378727} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {46CE04ED-C4E0-49E2-B25E-BC3727F3BDD8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CAD6B12-90B5-411F-9D33-93AD4C8FE938} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {5070FC7C-E103-4DB8-A82E-EC11EDF3FAD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {58E26B14-153A-4636-8CAA-A6CC639F7707} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {5B147654-D8ED-4153-A587-8D8404F49B38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E58AEF3-0768-4B86-AD46-C4EC1112FBFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F0A599B-1586-4ACC-94F6-6D95771A51D5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {63B37C73-391C-42CB-A262-207278E906C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67D7BB98-CAA8-4592-9013-CAED68908206} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {6DBCEF1F-6936-4F9F-A127-96A581784F62} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [704960 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7BDA736E-32CF-4FFD-AD61-95574A9ACC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {9DD2A20F-CA6E-40E2-BA07-B03BC19086E9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BDBAA914-111D-4FC5-8F7B-5E975C804578} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [781248 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1FA27BA-2041-4ECD-8978-78CEFABB1E1A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {C41206BF-C0C4-4271-A044-9C23D6CEFE18} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C463441A-E0A2-4AB3-82BA-1B207E14A2C4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0c21c469-a7a1-4a07-8b8c-ffddb1dd767e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {C8E5AA81-0B67-499A-BDE9-847C21D67B41} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {CAA9D2DB-C8BB-4797-8CF0-1BB79CED8A75} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [628672 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB0AB044-4563-44BD-98C4-03ECBAA59E21} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [744800 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
Task: {D295AC1C-84E2-4DFD-A7A5-9B2EC71F4133} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {E68E9B72-2C80-4133-98B9-648BA467373F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {E9AD126A-0C90-4781-871F-6FEADA03371B} - System32\Tasks\App Explorer => C:\Users\saulg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATENCIÓN
Task: {EA7B1E61-D702-4A2D-85FF-DE3667CA05FD} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {F531B359-3215-4D41-9A93-3DC067019559} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{373f0f4b-926d-4bad-9442-a13b9dfc9ba6}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{76e61a7f-a015-4975-bb80-daad8b61efcb}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKLM-x32 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKU\S-1-5-21-610553943-2365612214-2363980684-1001 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 9m3go854.default
FF ProfilePath: C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default [2020-01-12]
FF DownloadDir: C:\Users\saulg\Desktop
FF Homepage: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF NewTab: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://www.instagram.com; hxxps://www.aupaathletic.com; hxxps://www.reddit.com; hxxps://www.sofascore.com; hxxps://mail.google.com; hxxps://maranhesduve.club; hxxps://valentreport.info; hxxps://laeconomia.me; hxxps://www1.sherwoodsutton.pro; hxxps://www.juegosonce.es; hxxps://as.com; hxxps://webdelmaestrocmf.com; hxxps://forospyware.com
FF Extension: (uBlock Origin) - C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default\Extensions\[email protected] [2020-01-11]
FF Extension: (Adblock de Youtube™) - C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2019-05-28]
FF Extension: (No Coin - Block miners on the web!) - C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default\Extensions\{5657c026-efc3-4860-b43b-16e4eaa8a9aa}.xpi [2020-01-11]
FF Extension: (AdBlocker) - C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default\Extensions\{c8276e01-0150-71ec-a870-a27b436cf98c}.xpi [2019-06-09]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\saulg\AppData\Roaming\Mozilla\Firefox\Profiles\9m3go854.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-23]
FF HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Firefox\Extensions: [[email protected] ] - C:\Users\saulg\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\saulg\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-16] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-16] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-610553943-2365612214-2363980684-1001: @acestream.net/acestreamplugin,version=3.1.20.2 -> C:\Users\saulg\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.es/
CHR StartupUrls: Default -> "hxxp://google.es/"
CHR Notifications: Default -> hxxps://maranhesduve.club; hxxps://shireamentsp.info; hxxps://www1.debrahinton.pro; hxxps://www1.sherwoodsutton.pro
CHR Profile: C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default [2019-11-07]
CHR Extension: (Presentaciones) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-02]
CHR Extension: (Duolingo en la web) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2019-05-24]
CHR Extension: (Documentos) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-02]
CHR Extension: (Google Drive) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-02]
CHR Extension: (YouTube) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-02]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-11-07]
CHR Extension: (Adblock para Youtube™) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2019-05-24]
CHR Extension: (Spotify - Music for every moment) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2019-05-24]
CHR Extension: (Adobe Acrobat) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-11-07]
CHR Extension: (Hojas de cálculo) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-02]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-21]
CHR Extension: (AdBlock) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-07]
CHR Extension: (Calculadora) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2019-05-24]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2019-05-24]
CHR Extension: (Ace Script) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-05-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-07]
CHR Extension: (Gmail) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\saulg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-07]
CHR HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [348592 2017-07-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-09-09] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-02-12] (Disc Soft Ltd -> Disc Soft Ltd)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413024 2018-04-05] (Intel Corporation -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation)
U3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-11-08] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-11] (Malwarebytes Inc -> Malwarebytes)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-28] (LENOVO -> Lenovo(beijing) Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268336 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [290904 2017-10-22] (Synaptics Incorporated -> Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-11-26] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem"
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService"
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173432 2016-08-11] (BayHub Technology Inc. -> BayHubTech/O2Micro )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-02-13] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-02-13] (Disc Soft Ltd -> Disc Soft Ltd)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-28] (Lenovo (Beijing) Co., Ltd. -> Lenovo(beijing) Limited)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [906216 2018-04-05] (Intel Corporation -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69096 2018-04-05] (Intel Corporation -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_d03cf07457eb2e04\nvlddmkm.sys [17538080 2018-08-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-22] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snUVCg2.sys [1710128 2017-11-05] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) ===================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-01-12 13:14 - 2020-01-12 13:25 - 000037857 ____C C:\Users\saulg\Desktop\FRST.txt
2020-01-12 13:11 - 2020-01-12 13:24 - 000000000 ____D C:\FRST
2020-01-12 13:10 - 2020-01-12 13:10 - 002573312 _____ (Farbar) C:\Users\saulg\Desktop\FRST64.exe
2020-01-11 15:39 - 2020-01-11 15:41 - 000000000 ___DC C:\Users\saulg\Desktop\The Boys
2020-01-11 15:33 - 2020-01-11 15:34 - 000000000 ___DC C:\Users\saulg\Desktop\SÓLO DEPORTE
2020-01-11 14:58 - 2020-01-11 14:58 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-11 14:58 - 2020-01-11 14:58 - 000000000 ____D C:\Users\saulg\AppData\Local\mbamtray
2020-01-11 14:58 - 2020-01-11 14:58 - 000000000 ____D C:\Users\saulg\AppData\Local\mbam
2020-01-11 14:58 - 2020-01-11 14:58 - 000000000 ____D C:\Users\saulg\AppData\Local\cache
2020-01-11 14:58 - 2020-01-11 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-11 14:58 - 2020-01-11 14:57 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-11 14:58 - 2020-01-11 14:57 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-11 14:57 - 2020-01-11 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-11 14:57 - 2020-01-11 14:57 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-11 13:54 - 2020-01-11 13:54 - 000000000 ___DC C:\Users\saulg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-01-11 13:54 - 2020-01-11 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-01-11 13:45 - 2020-01-11 13:50 - 000000000 ____D C:\Users\saulg\AppData\Roaming\qBittorrent
2020-01-11 13:45 - 2020-01-11 13:45 - 000000000 ____D C:\Users\saulg\AppData\Local\qBittorrent
2020-01-11 13:42 - 2020-01-11 13:42 - 025763945 _____ (The qBittorrent project) C:\Users\saulg\Desktop\qbittorrent_4.2.1_x64_setup.exe
2020-01-11 13:36 - 2020-01-11 13:36 - 000000000 ____D C:\fjcbb
2020-01-11 13:36 - 2019-02-09 01:59 - 000000000 ____D C:\Users\saulg\AppData\Roaming\8927e9c6342594f360b8dfe97ebeb5f1OLD
2020-01-04 03:08 - 2020-01-04 03:14 - 000035063 ____C C:\Users\saulg\Desktop\CITAS ENERO Saul Gil 20.xlsx
==================== Un mes (modificado) ==================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-01-12 13:14 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-12 13:11 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-12 12:50 - 2019-09-27 01:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-12 10:07 - 2019-09-27 01:55 - 001773366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-12 10:07 - 2019-03-19 12:59 - 000789814 _____ C:\WINDOWS\system32\perfh00A.dat
2020-01-12 10:07 - 2019-03-19 12:59 - 000156068 _____ C:\WINDOWS\system32\perfc00A.dat
2020-01-12 10:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-12 10:02 - 2018-01-16 13:04 - 000000000 ___DC C:\Users\saulg\AppData\Local\Spotify
2020-01-12 10:00 - 2018-01-16 13:04 - 000000000 ___DC C:\Users\saulg\AppData\Roaming\Spotify
2020-01-12 10:00 - 2017-12-07 18:38 - 000000000 ___DC C:\Users\saulg\AppData\Roaming\.ACEStream
2020-01-12 10:00 - 2017-12-01 15:43 - 000000000 ___DC C:\Users\saulg\AppData\LocalLow\Mozilla
2020-01-12 10:00 - 2017-06-26 20:54 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-12 09:59 - 2019-12-06 14:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-12 09:59 - 2019-09-27 01:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-12 09:59 - 2017-12-01 15:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-12 09:59 - 2017-12-01 15:05 - 000000000 __SHD C:\Users\saulg\IntelGraphicsProfiles
2020-01-12 09:53 - 2019-10-21 22:22 - 000000000 ___DC C:\Users\saulg\AppData\LocalLow\uTorrent
2020-01-12 09:53 - 2017-12-06 22:41 - 000000000 ___DC C:\Users\saulg\AppData\Roaming\uTorrent
2020-01-12 05:52 - 2018-05-19 05:49 - 000000000 ___DC C:\Users\saulg\AppData\Local\Host App Service
2020-01-12 02:06 - 2019-10-21 21:30 - 000000000 ____D C:\Users\saulg\AppData\Local\BitTorrentHelper
2020-01-11 18:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-11 15:33 - 2019-10-31 10:10 - 000000000 ___DC C:\Users\saulg\Desktop\CAPACITACIÓ
2020-01-11 14:58 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-11 13:59 - 2017-12-04 14:58 - 000000000 ____D C:\Program Files\WinRAR
2020-01-11 13:54 - 2019-09-27 01:53 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-610553943-2365612214-2363980684-1001
2020-01-11 13:54 - 2019-09-27 01:47 - 000002404 ____C C:\Users\saulg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-11 13:54 - 2017-12-01 15:07 - 000000000 ___RD C:\Users\saulg\OneDrive
2020-01-11 13:52 - 2017-12-01 15:43 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-11 13:51 - 2019-09-27 01:47 - 000000000 ____D C:\Users\saulg
2020-01-11 13:51 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-01-11 13:36 - 2017-12-25 00:00 - 000000000 ___DC C:\Users\saulg\AppData\Roaming\8927e9c6342594f360b8dfe97ebeb5f1
2020-01-11 13:36 - 2017-06-26 20:54 - 000000000 ____D C:\ProgramData\Intel
2020-01-11 13:27 - 2019-09-27 01:53 - 000004218 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A93F3F6A-49B8-43E8-B45C-EAD251ECD34A}
2020-01-10 17:01 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-10 16:56 - 2018-01-22 19:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-01-04 03:15 - 2017-12-04 13:46 - 000000000 ___DC C:\Users\saulg\Desktop\ESTUDIOS
2020-01-04 03:12 - 2019-01-17 19:42 - 000000000 ___DC C:\Users\saulg\Desktop\GARMO
2020-01-04 03:10 - 2018-01-17 12:12 - 000000000 ___DC C:\Users\saulg\AppData\Local\Packages
2020-01-04 02:58 - 2019-09-27 01:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2019-12-18 20:01 - 2017-12-07 18:45 - 000000000 ___HD C:\_acestream_cache_
2019-12-16 18:12 - 2019-10-26 18:52 - 000000000 ____D C:\Riot Games
==================== SigCheck ============================
(No existe una corrección automática para los archivos que no pasan la verificación.)
==================== Final de FRST.txt ========================
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 08-01-2020
Ejecutado por saulg (12-01-2020 13:26:01)
Ejecutado desde C:\Users\saulg\Desktop
Windows 10 Home Versión 1903 18362.535 (X64) (2019-09-27 00:54:05)
Modo de Inicio: Normal
==========================================================
==================== Cuentas: =============================
Administrador (S-1-5-21-610553943-2365612214-2363980684-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-610553943-2365612214-2363980684-503 - Limited - Disabled)
Invitado (S-1-5-21-610553943-2365612214-2363980684-501 - Limited - Disabled)
saulg (S-1-5-21-610553943-2365612214-2363980684-1001 - Administrator - Enabled) => C:\Users\saulg
WDAGUtilityAccount (S-1-5-21-610553943-2365612214-2363980684-504 - Limited - Disabled)
==================== Centro de Seguridad ========================
(Si una entrada es incluida en el fixlist, será eliminada.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas instalados ======================
(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\uTorrent) (Version: 3.5.5.45505 - BitTorrent Inc.)
Ace Stream Media 3.1.20.2 (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\AceStream) (Version: 3.1.20.2 - Ace Stream Media) <==== ATENCIÓN
Actualización de NVIDIA 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Apple Application Support (32 bits) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.18.0.0 - Byte Technologies LLC) <==== ATENCIÓN
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.1.0341 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Host App Service) (Version: 0.273.3.730 - SweetLabs for Lenovo)
Lenovo Entertainment Hub (HKLM-x32\...\{2994AD9D-6FB9-411E-9D88-C009DE04DC51}_is1) (Version: 1.1.1 - Beyond Media)
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.1.76.0 - Lenovo Group Ltd.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 14 (x64) (HKLM\...\Movavi Video Editor 14 (x64)) (Version: 14.3.0 - Movavi)
Mozilla Firefox 72.0.1 (x64 es-MX) (HKLM\...\Mozilla Firefox 72.0.1 (x64 es-MX)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
NVIDIA Controlador de 3D Vision 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.25 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Panel de control de NVIDIA 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.25 - NVIDIA Corporation) Hidden
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Skype versión 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Spotify (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Spotify) (Version: 1.1.22.633.g1bab253a - Spotify AB)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.7 (HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7 - Telegram Messenger LLP)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-4) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}) (Version: 4.9.2159.4024 - Lavasoft)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-19] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-15] (Apple Inc.) [Startup Task]
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-18] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1910.41.0_x64__k1h2ywk1493x8 [2019-12-30] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-15] (Microsoft Studios) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-12-01] (Plex)
Portal de cuenta de Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-01] (LENOVO INCORPORATED.)
==================== Personalizado CLSID (Lista blanca): ==============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Ningún archivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Lista blanca) ====================
==================== Accesos directos & WMI ========================
==================== Módulos cargados (Lista blanca) =============
2019-12-09 15:39 - 2019-05-28 14:06 - 001021440 _____ () [Archivo no firmado] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-09-27 01:43 - 2018-03-16 08:47 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-11-28 11:50 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [Archivo no firmado] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
==================== Alternate Data Streams (Lista blanca) ========
(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
==================== Modo Seguro (Lista blanca) ==================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Asociación (Lista blanca) =================
==================== Internet Explorer sitios de confianza/restringidos ==========
(Si una entrada es incluida en el fixlist, será eliminada del registro.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts contenido: =========================
(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)
2017-03-18 22:03 - 2018-02-13 22:27 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Otras Áreas ===========================
(Actualmente no existe una corrección automática para esta sección.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall de Windows está habilitado.
Network Binding:
=============
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==
(Si una entrada es incluida en el fixlist, será eliminada.)
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\StartupApproved\Run: => "Chromium"
==================== Reglas de firewall (Lista blanca) ================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
FirewallRules: [{DDF3E0D9-D600-4ABF-8120-3CA3E6C0749E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe Ningún archivo
FirewallRules: [{8EF2D7B9-5E05-4FFA-9B8B-2C74F4BF7D20}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe Ningún archivo
FirewallRules: [{697002D4-7663-4DF2-B8C4-603A34D0F2D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe Ningún archivo
FirewallRules: [{CDAA4945-CFE1-43A0-B569-335A4EBFD107}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe Ningún archivo
FirewallRules: [{861C8AB6-AC6D-4766-B32D-6FB86BCA386A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe Ningún archivo
FirewallRules: [{C5DDF273-E066-4329-A840-9769DB7BC910}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe Ningún archivo
FirewallRules: [{0B05CF0D-2A20-4324-BA01-4233AFB4BB8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe Ningún archivo
FirewallRules: [{8DFD5356-5CB3-4369-8038-F45B9FAA59FE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe Ningún archivo
FirewallRules: [UDP Query User{26428C0E-085F-4DEB-A364-FF6DE591F8FD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{0231EBB2-4720-4932-9448-917EABB91623}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{C9CB33F0-0FA3-4057-B3D1-BBB910554CE6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{D6CE1C88-EBEC-430D-ABEF-B5F473972B7E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe Ningún archivo
FirewallRules: [{9A51646D-620D-4064-A514-6B8A2113F1DC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BDBDC377-DF0A-4E20-96DC-4CBD28795644}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Ningún archivo
FirewallRules: [{90D20E02-6112-43FB-9B96-4B3530199B67}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Ningún archivo
FirewallRules: [{AD750636-C7FB-4F96-88FB-737DB565E3A2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0AD77EA3-6827-4AE6-8AE7-65EFB96A2AC9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [UDP Query User{370E8FBE-A6EA-4BC7-9422-17E96B780E8C}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Ningún archivo
FirewallRules: [TCP Query User{9412596F-5CC9-4444-8B27-66561129399E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Ningún archivo
FirewallRules: [UDP Query User{3AD43283-C20C-4B86-BBC8-DCA1DCEA3853}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe Ningún archivo
FirewallRules: [TCP Query User{F1525F62-CB0F-4811-B297-1A6271B96CE6}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe Ningún archivo
FirewallRules: [UDP Query User{51B01D28-ED0D-4622-8755-9528101BA212}C:\users\saulg\appdata\local\vysor\app-1.8.3\vysor.exe] => (Allow) C:\users\saulg\appdata\local\vysor\app-1.8.3\vysor.exe Ningún archivo
FirewallRules: [TCP Query User{CFEC088D-203C-4A3E-B647-3D5EE04F1A2B}C:\users\saulg\appdata\local\vysor\app-1.8.3\vysor.exe] => (Allow) C:\users\saulg\appdata\local\vysor\app-1.8.3\vysor.exe Ningún archivo
FirewallRules: [UDP Query User{D3CEBC33-67CE-44E9-A378-9B0D091FBA60}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [TCP Query User{F182CF81-4389-4695-8CCF-2258DFC60709}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [UDP Query User{02EF9664-654C-4116-9112-D09E7BAD102C}C:\users\saulg\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\saulg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{2BDAADC7-2544-415C-8E38-2CD6A3D4D5D5}C:\users\saulg\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\saulg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57509039-F9CD-46FA-9CCB-4002F055007E}] => (Allow) C:\Users\saulg\AppData\Roaming\ACEStream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [{A4972F5E-DAB7-4C3C-988F-878DA0F58337}] => (Allow) C:\Users\saulg\AppData\Roaming\ACEStream\engine\ace_engine.exe (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
FirewallRules: [{A8D40F46-14FB-4969-9912-7294656E7888}] => (Allow) C:\Users\saulg\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{26522415-3AC0-4432-93AE-A601642AC6D3}] => (Allow) C:\Users\saulg\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2117BFCB-1812-415F-AA12-711AB8E237F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B94242E2-9530-4868-BE41-9150372C69EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{51D0833A-EF50-4CF0-BE0D-A7435A74F00A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{73C882E5-E65C-4FF3-A6B0-279DF6806EBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{992B19A0-B70E-4B69-8756-61309B08C4DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D45E354E-2AB5-4165-8DB9-D602F2BDFF82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0A661935-C0E5-48CE-A8C5-0B324821CA2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D1B26012-EA78-47B3-9F6C-F13738901934}C:\users\saulg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\saulg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7F1CF327-6F33-43DC-9A0D-D2A4EE3C8549}C:\users\saulg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\saulg\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{5372AE92-8CAB-4586-A0EB-C978C3CF4526}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{004AD786-52BF-416B-A2A2-B5D86E020631}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{173C4F47-FF4F-49BE-9F90-EC86731A4F7C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{19EA75DD-EC73-478B-9910-66A8C7A85447}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{113E6036-EBEC-4217-81ED-1D7093B472E7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{365830C7-AF3F-4F86-BD7B-010EF16BA26C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D3D6B30E-A53A-4FD2-A29B-7B7A1321E7DF}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd -> Disc Soft Ltd)
FirewallRules: [TCP Query User{B140AFFB-0CA9-4EB1-A5FD-7DD6CC8A7A80}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe Ningún archivo
FirewallRules: [UDP Query User{5EEF6CA9-607B-4FB2-9058-BBC804898925}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe Ningún archivo
FirewallRules: [TCP Query User{6D40DC73-5638-4B27-88C3-605046E9BF0A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Ningún archivo
FirewallRules: [UDP Query User{94CE7B45-5F3A-440B-AA7A-331B8BF436A0}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe Ningún archivo
FirewallRules: [TCP Query User{5766514F-D2FA-4C62-A439-472D0929E11B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Ningún archivo
FirewallRules: [UDP Query User{31F14EE1-72FC-4C58-BB5E-2233AE1D1C91}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe Ningún archivo
FirewallRules: [{6E47CD27-78F0-45B4-AF70-43CADB642D70}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe Ningún archivo
FirewallRules: [{1B1B55B5-120C-4C13-821F-99BA0F8480B0}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe Ningún archivo
FirewallRules: [TCP Query User{66BD21D9-AFB3-4AB4-90EE-459A4B0198E3}C:\riot games\league of legends\game\league of legends.exe] => (Block) C:\riot games\league of legends\game\league of legends.exe Ningún archivo
FirewallRules: [UDP Query User{4CBFD6FB-2A3C-460D-9760-A934CBCDDAA3}C:\riot games\league of legends\game\league of legends.exe] => (Block) C:\riot games\league of legends\game\league of legends.exe Ningún archivo
FirewallRules: [{7376D337-0085-42B8-BF10-9FBCF145DB09}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{7F6F24D1-24C4-4ABD-9A21-2B2B79535A39}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{3631BF41-0099-4D2D-AB97-D0BE9B2B47A9}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{A07D74A9-5ADB-48B6-8A98-E78BE9480C41}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd -> Rosetta Stone Ltd.)
FirewallRules: [TCP Query User{745F1D11-47F8-4B3D-9FA8-D1A161B4505E}C:\program files\microsoft office\office16\lync.exe] => (Allow) C:\program files\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7C28853E-B74E-422A-AB4C-F13FC2466EBD}C:\program files\microsoft office\office16\lync.exe] => (Allow) C:\program files\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57B521C3-25D5-4666-9EEA-98E035A87C9D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{969CAC5F-312B-4E65-AF6C-F6B7DD29BDA7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A6D09CAE-26AD-435D-8BEA-BC58EAB07956}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5FEF7CF3-E53F-492A-BC2E-23EB2CEA7AA1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{16B302B1-D9F2-412F-BBF8-DB3AE813FF8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA512096-57A1-4BB2-A220-7661198A756A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F39C51F-8F8E-407D-BBE4-75AD034EB550}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C0F44C2-E30F-4CAA-ADE0-5A644AC12F9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F73350EC-C415-4DF7-8A71-BA400F9DC45E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DFBE546-5294-4C1E-BCAD-EB8C9EF039B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
==================== Puntos de Restauración =========================
ATENCIÓN: Restaurar Sistema está deshabilitado (Total:118 GB) (Free:20.49 GB) (17%)
==================== Dispositivos defectuosos en el Administrador de dispositivos ============
==================== Errores del registro de eventos: ========================
Errores de aplicación:
==================
Error: (01/12/2020 12:12:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14500,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 11:29:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 11:06:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2664,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 10:59:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16188,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 10:44:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15812,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 10:23:17 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (01/12/2020 10:00:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Lenovo.Modern.ImController.PluginHost.CompanionApp.exe, versión: 1.1.18.3, marca de tiempo: 0x5d852c0d
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00007ff7f5ef1150
Identificador del proceso con errores: 0x3418
Hora de inicio de la aplicación con errores: 0x01d5c926ba4da6c9
Ruta de acceso de la aplicación con errores: C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 7491bca3-3847-4a19-9301-93cea05559c4
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (01/12/2020 09:53:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ace_engine.exe, versión: 3.1.8.0, marca de tiempo: 0x547c2acc
Nombre del módulo con errores: PYTHON27.DLL, versión: 2.7.13150.1013, marca de tiempo: 0x5855a387
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x0023e9e3
Identificador del proceso con errores: 0x3544
Hora de inicio de la aplicación con errores: 0x01d5c87e081458a0
Ruta de acceso de la aplicación con errores: C:\Users\saulg\AppData\Roaming\ACEStream\engine\ace_engine.exe
Ruta de acceso del módulo con errores: C:\Users\saulg\AppData\Roaming\ACEStream\engine\PYTHON27.DLL
Identificador del informe: 58a2253d-a4ca-4c78-ba3d-0dfe4df6473c
Nombre completo del paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Errores del sistema:
=============
Error: (01/12/2020 09:59:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 9:51:13 del 12/01/2020 resultó inesperado.
Error: (01/12/2020 09:57:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio NcdAutoSetup.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (01/12/2020 09:55:10 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CTEA4C9B)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.
Windows Defender:
===================================
Date: 2020-01-11 14:23:32.162
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {2CD1EEB8-F4DE-4895-AA79-160E91D0D753}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2020-01-11 14:16:32.048
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {90983F0A-9E96-45E3-B852-CCB60740156D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2020-01-11 13:28:58.327
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Conteban.A!ml&threatid=2147735508&enterprise=0
Nombre: Trojan:Script/Conteban.A!ml
Id.: 2147735508
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\saulg\AppData\Local\Temp\Rar$DRa0.074\The-Boys-1-1-HDTV.vbs
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: LAPTOP-CTEA4C9B\saulg
Nombre de proceso: C:\Users\saulg\AppData\Roaming\uTorrent\uTorrent.exe
Versión de inteligencia de seguridad: AV: 1.307.2007.0, AS: 1.307.2007.0, NIS: 1.307.2007.0
Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-10 20:23:12.321
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {49CE2B35-E0B1-4C0D-ABC8-63234B227178}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2020-01-07 10:02:25.810
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {9E905ABA-4B4C-44E1-8244-AC5F25DFEDC6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
==================== Información de la memoria ===========================
BIOS: LENOVO 4KCN27WW 04/18/2017
Placa base: LENOVO Provence-5R1
Procesador: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Porcentaje de memoria en uso: 75%
RAM física total: 8067.16 MB
RAM física disponible: 1941.09 MB
Virtual total: 18307.16 MB
Virtual disponible: 4933.95 MB
==================== Unidades ================================
Drive c: (Windows) (Fixed) (Total:118 GB) (Free:20.49 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:931.39 GB) (Free:705.17 GB) NTFS
\\?\Volume{c1eba471-7e84-45f8-990f-a187a86637ce}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{922a93c7-4c97-4224-b609-5b495fde4c62}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Tabla de particiones ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4CCB84A7)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: FE82393F)
Partition: GPT.
==================== Final de Addition.txt =======================
Bien… y ahora sigue estos pasos, MUY Importante ~
Para hacerlo descarga Delfix
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador." )
Atención , marca/selecciona únicamente la casilla "Create registry backup" , las demás NO
Pulsar en Run
Se abrirá el informe (DelFix.txt ), guárdalo por si fuera necesario y cierra la herramienta.
En el equipo con los demas programas cerrados:
Inicio >>> Ejecutar >>>Escribes notepad.exe .
Ahora copia y pega estos archivos dentro del Notepad :
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [4234b26e] => C:\ProgramData\Intel\Wireless\43399eb\bafgkgc.exe [943784 2020-01-12] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel
Task: {E9AD126A-0C90-4781-871F-6FEADA03371B} - System32\Tasks\App Explorer => C:\Users\saulg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATENCIÓN
C:\Users\saulg\AppData\Local\Host App Service
SearchScopes: HKLM -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKLM-x32 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKU\S-1-5-21-610553943-2365612214-2363980684-1001 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
FF Homepage: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF NewTab: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://www.instagram.com; hxxps://www.aupaathletic.com; hxxps://www.reddit.com; hxxps://www.sofascore.com; hxxps://mail.google.com; hxxps://maranhesduve.club; hxxps://valentreport.info; hxxps://laeconomia.me; hxxps://www1.sherwoodsutton.pro; hxxps://www.juegosonce.es; hxxps://as.com; hxxps://webdelmaestrocmf.com; hxxps://forospyware.com
CHR Notifications: Default -> hxxps://maranhesduve.club; hxxps://shireamentsp.info; hxxps://www1.debrahinton.pro; hxxps://www1.sherwoodsutton.pro
2020-01-11 13:36 - 2020-01-11 13:36 - 000000000 ____D C:\fjcbb
2020-01-11 13:36 - 2019-02-09 01:59 - 000000000 ____D C:\Users\saulg\AppData\Roaming\8927e9c6342594f360b8dfe97ebeb5f1OLD
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\StartupApproved\Run: => "Chromium"
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante
Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)? Metodo 1 y si no puedes, usa el Metodo 2 )
Ejecutas Frst.exe.
Presionas el botón Corregir
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt ).
Lo pegas en tu próxima respuesta, comentado como va el problema y estos analisis con sus logs me pegas tambien
Manual de AdwCleaner
[00]
AdwCleaner es un programa que busca y elimina adware, barras de herramientas, programas potencialmente no deseados (PUP), y secuestradores de navegador de su ordenador.
Mediante el uso de AdwCleaner fácilmente puedes eliminar muchos de estos tipos de programas adware para una mejor experiencia de usuario en el equipo y mientras navegas por la web.
Con AdwCleaner podrás no sólo detectar automáticamente y eliminar los adwares que incluyen algunos programas, sin…
Manual de Eset Online Scanner
ESET Online Scanner es una herramienta gratuita que analiza tus dispositivos en la nube en busca de malware.
ESET Online Scanner es independiente del navegador, lo que significa que puede ser fácilmente ejecutado desde todos los exploradores web conocidos. Además, ahora su instalación es posible sin necesidad de contar con privilegios de administrador, lo que hace que el escaneo y la limpieza de los equipos ante softwares maliciosos sean aún más sencillo.
Noveda…
Al iniciar windows en modo seguro a prueba de fallos me exige la contraseña de inicio. No me deja poner la que tengo actualmente.
Probaste con la misma de tu correo de Microsoft?
Si no puedes, realizar en mofo normal
Perdona, justo probé esa y funciona. Al realizar el último paso, automáticamente me ha reiniciado el equipo y se ha activado Windows Defender y demás. Te adjunto el documento fixlog que me ha dejado.
Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 08-01-2020
Ejecutado por saulg (12-01-2020 22:27:03) Run:1
Ejecutado desde C:\Users\saulg\Desktop
Perfiles cargados: saulg (Perfiles disponibles: saulg)
Modo de Inicio: Safe Mode (with Networking)
==============================================
fixlist contenido:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\Run: [4234b26e] => C:\ProgramData\Intel\Wireless\43399eb\bafgkgc.exe [943784 2020-01-12] (AutoIt Consulting Ltd -> AutoIt Team)
C:\ProgramData\Intel
Task: {E9AD126A-0C90-4781-871F-6FEADA03371B} - System32\Tasks\App Explorer => C:\Users\saulg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATENCIÓN
C:\Users\saulg\AppData\Local\Host App Service
SearchScopes: HKLM -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKLM-x32 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
SearchScopes: HKU\S-1-5-21-610553943-2365612214-2363980684-1001 -> DefaultScope {DF862267-2160-48BB-AA85-B69BDFF61FF7} URL =
FF Homepage: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF NewTab: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2017-12-06 09:43:37&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\9m3go854.default -> hxxps://www.instagram.com; hxxps://www.aupaathletic.com; hxxps://www.reddit.com; hxxps://www.sofascore.com; hxxps://mail.google.com; hxxps://maranhesduve.club; hxxps://valentreport.info; hxxps://laeconomia.me; hxxps://www1.sherwoodsutton.pro; hxxps://www.juegosonce.es; hxxps://as.com; hxxps://webdelmaestrocmf.com; hxxps://forospyware.com
CHR Notifications: Default -> hxxps://maranhesduve.club; hxxps://shireamentsp.info; hxxps://www1.debrahinton.pro; hxxps://www1.sherwoodsutton.pro
2020-01-11 13:36 - 2020-01-11 13:36 - 000000000 ____D C:\fjcbb
2020-01-11 13:36 - 2019-02-09 01:59 - 000000000 ____D C:\Users\saulg\AppData\Roaming\8927e9c6342594f360b8dfe97ebeb5f1OLD
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
HKU\S-1-5-21-610553943-2365612214-2363980684-1001\...\StartupApproved\Run: => "Chromium"
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4234b26e" => eliminado correctamente
C:\ProgramData\Intel => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9AD126A-0C90-4781-871F-6FEADA03371B}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9AD126A-0C90-4781-871F-6FEADA03371B}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\App Explorer => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => eliminado correctamente
C:\Users\saulg\AppData\Local\Host App Service => movido correctamente
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado correctamente
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => eliminado correctamente
"Firefox homepage" => eliminado correctamente
"Firefox newtab" => eliminado correctamente
"FF Notifications:" => eliminado correctamente
"Chrome Notifications" => eliminado correctamente
C:\fjcbb => movido correctamente
C:\Users\saulg\AppData\Roaming\8927e9c6342594f360b8dfe97ebeb5f1OLD => movido correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => eliminado correctamente
C:\Users\Public\AppData => ":CSM" ADS eliminado correctamente
C:\Users\Public\Shared Files => ":VersionCache" ADS eliminado correctamente
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => eliminado correctamente
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => no encontrado
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-610553943-2365612214-2363980684-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
========= Final 1 RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= Final 1 CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
========= Final 1 CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= Final 1 CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores
========= Final 1 CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= Final 1 CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= Final 1 CMD: =========
========= netsh int ipv4 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= Final 1 CMD: =========
========= netsh int ipv6 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= Final 1 CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 497928539 B
Java, Flash, Steam htmlcache => 2605 B
Windows/system/drivers => 12383887 B
Edge => 4134457 B
Chrome => 120540680 B
Firefox => 1265844694 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 203536 B
saulg => 400716234 B
RecycleBin => 2950212432 B
EmptyTemp: => 4.9 GB datos temporales eliminados.
================================
El sistema necesita reiniciarse.
==== Final 1 Fixlog 22:28:43 ====
Aún no sé qué decirte respecto a como ha cambido el rendimiento del portátil. Croe que sigue yendo de la misma forma, ¿quieres que descargue AdwCleaner y Ese Online Scanner y te copie los resultado?
Reinicia el pc otra vez,dejalo unos minutos y pruebas como va.
Independiente de todo, realizar los análisis que faltan y me pones los logs y comenta cono sigue
# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2020-01-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-12-2020
# Duration: 00:00:41
# OS: Windows 10 Home
# Scanned: 34757
# Detected: 84
***** [ Services ] *****
PUP.Optional.Legacy WCAssistantService
***** [ Folders ] *****
Adware.pokki C:\ProgramData\Host App Service
Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.ByteFence C:\Program Files\ByteFence
PUP.Optional.Legacy C:\Users\saulg\AppData\LocalLow\.acestream
PUP.Optional.Legacy C:\Users\saulg\AppData\Roaming\.acestream
PUP.Optional.Legacy C:\Users\saulg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
PUP.Optional.Legacy C:\Users\saulg\AppData\Roaming\acestream
PUP.Optional.Legacy C:\_acestream_cache_
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\saulg\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\saulg\AppData\Roaming\Lavasoft\Web Companion
***** [ Files ] *****
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|UninstallString
PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream
PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream
PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ByteFence HKLM\Software\ByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\ByteFence
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence HKU\S-1-5-18\Software\ByteFence
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\SOFTWARE\Classes\Applications\ace_player.exe
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
PUP.Optional.Legacy HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
PUP.Optional.Legacy HKCU\Software\AceStream
PUP.Optional.Legacy HKCU\Software\Classes\.acelive
PUP.Optional.Legacy HKCU\Software\Classes\.acemedia
PUP.Optional.Legacy HKCU\Software\Classes\.acestream
PUP.Optional.Legacy HKCU\Software\Classes\.tslive
PUP.Optional.Legacy HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
PUP.Optional.Legacy HKCU\Software\Classes\DVD\shell\PlayWithACEStream
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FD9FC1C0-B5B0-418F-B99F-09F06607B65B}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6E17EE1D-47BF-421A-9891-A3B95D5C8310}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe
PUP.Optional.Legacy HKLM\Software\Classes\.acestream
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
PUP.Optional.ASMagicPlayer mfhnkgpdlogbknkhlgdjlejeljbhflim
***** [ Chromium URLs ] *****
PUP.Optional.SofTonicAssistant Softonic ES
PUP.Optional.SofTonicAssistant Softonic ES
PUP.Optional.SofTonicAssistant Softonic ES
PUP.Optional.SofTonicAssistant Softonic ES
PUP.Optional.SofTonicAssistant Softonic ES
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
PUP.Optional.DefaultSearch.ShrtCln Bing Default Search
***** [ Preinstalled Software ] *****
Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\saulg\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
El Awcleaner, pulsaste eliminar y se reinició el pc??
Si es asi,tienes que tener otro log del modo limpieza
Correcto, le di a limpieza y tengo el otro log. Te lo adjunto a continuación, y por cierto, el análisis del ESET está tardando bastante, ¡disculpa!
El de limpieza de AdwCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2020-01-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-12-2020
# Duration: 00:00:15
# OS: Windows 10 Home
# Cleaned: 81
# Failed: 3
***** [ Services ] *****
Deleted WCAssistantService
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files\ByteFence
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Host App Service
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\saulg\AppData\LocalLow\.acestream
Deleted C:\Users\saulg\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\saulg\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\saulg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
Deleted C:\_acestream_cache_
Not Deleted C:\Users\saulg\AppData\Roaming\.acestream
Not Deleted C:\Users\saulg\AppData\Roaming\acestream
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\Classes\Applications\ace_player.exe
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Deleted HKCU\Software\AceStream
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Classes\.acelive
Deleted HKCU\Software\Classes\.acemedia
Deleted HKCU\Software\Classes\.acestream
Deleted HKCU\Software\Classes\.tslive
Deleted HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Deleted HKCU\Software\Classes\acestream
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\RegisteredApplications|AceStream
Deleted HKCU\Software\csastats
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{FD9FC1C0-B5B0-418F-B99F-09F06607B65B}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6E17EE1D-47BF-421A-9891-A3B95D5C8310}C:\users\saulg\appdata\roaming\acestream\engine\ace_engine.exe
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\Software\ByteFence
Deleted HKLM\Software\Classes\.acestream
Deleted HKLM\Software\Wow6432Node\ByteFence
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bdca2a6d-c12d-44e5-a08b-5edcb179c2b6}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Deleted HKU\.DEFAULT\Software\ByteFence
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\ByteFence
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
Not Deleted mfhnkgpdlogbknkhlgdjlejeljbhflim
***** [ Chromium URLs ] *****
Deleted Softonic ES
Deleted Softonic ES
Deleted Softonic ES
Deleted Softonic ES
Deleted Softonic ES
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted Bing Default Search
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\saulg\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [9183 octets] - [12/01/2020 22:39:08]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Es normal que tarde el Eset
Resultados ESET:
|C:\AdwCleaner\Quarantine\v1\20200112.224204\33\ByteFence\ByteFence.exe#813DE1C8974B130C|una variante de MSIL/ByteFence.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|---|---|---|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\41\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B|una variante de Win64/Pokki.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\42\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B|una variante de Win64/Pokki.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\43\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B|una variante de Win64/Pokki.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\49\Web Companion\Application\Lavasoft.Utils.dll#9AD30F788DCE0961|una variante de MSIL/WebCompanion.D aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\49\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe#15B1301DF9C55566|una variante de MSIL/WebCompanion.D aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\49\Web Companion\Application\WebCompanion.exe#0A40221CF0E9D2C8|una variante de MSIL/WebCompanion.D aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\AdwCleaner\Quarantine\v1\20200112.224204\49\Web Companion\Application\WebCompanionInstaller.exe#C4A30326681F81BC|una variante de MSIL/WebCompanion.C aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\FRST\Quarantine\C\Users\saulg\AppData\Local\Host App Service\Uninstall (1).exe|una variante de Win32/Pokki.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
|C:\Users\saulg\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe|una variante de MSIL/WebCompanion.A aplicación potencialmente indeseable|no se ha podido desinfectar - archivo eliminado|
Dejo, si te parece bien, un día para utilizar el portátil, que esta mañana no he podido tocarlo, y te digo como han ido los resultados.
A primera vista parece que el ordenador vuela, pero no estoy tan seguro.
No sé como darte las gracias, esta noche en toquetear el ordenador del todo te hago una última respuesta.
De acuerdo prueba y me dices cómo va
Hola Miguelgrado, buenas noches.
Llevo toda la tarde usando el portátil. No se me ha parado ninguna vez, lo he utilizado y toqueteado sin ningún problema.
Creo que el tema de la vida de la batería es diferente, creo que no tiene nada que ver con el problema que tenía de VBS.
No sé como darte las gracias, ha sido de muchísima ayuda, de verdad. Muy agradecido, cualquier cosa que pueda ayudar, sea al foro o a ti coméntamelo.
Un abrazo!!
la infección que tenías produce un sobrecalentamiento y exceso de consumo de CPU por lo tanto también un exceso de consumo de la batería.
Ahora el que la batería esté en sus últimas horas eso ya puede ser otro tema.
Para eliminar las herramientas usadas en la desinfección, realizas:
Descargas y Ejecutas >> Delfix en tu escritorio
Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)
Marca solamente la casilla Remove disinfection tools
Pulsar en Run
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.
Me alegro de haberte podido ayudar!
TEMA SOLUCIONADO
