Cómo eliminar troyano Doble Tilde

Eliminar Malwares
1

Hola espero se encuentren muy bien

Resulta que infect´´e mi computador intentando descargar algún juego hace unos días y estuve investigando en los distintos foros, pero no pude encontrar solución, el malwarebytes elimino aproximadamente 58 archivos infestados y el ESET otros 20, pero como podr´´an notar el problema persiste.

Revise en otras conversaciones, la posible soluci´´on, seguí los pasos y aquí traigo mis reportes de FARBAR para ver si me pueden ayudar a componer mi PC.

De ante mano muchas gracias.

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 24.01.2024
Ejecutado por User (administrador) sobre DESKTOP-BC0EK2J (ECS H81H3-M4) (24-01-2024 22:19:38)
Ejecutado desde C:\Users\User\OneDrive\Escritorio\FRST64.exe
Perfiles cargados: User
Plataforma: Microsoft Windows 10 Pro Versión 22H2 19045.3930 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Edge
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe <7>
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [Archivo no firmado] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Games\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atieclxx.exe
(explorer.exe ->) (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe
(rundll32.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restricción <==== ATENCIÓN
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [EpicGamesLauncher] => D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37188048 2024-01-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [utweb] => "C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Ningún archivo)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44540320 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [30487880 2024-01-20] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [TaskbarSystem] => C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe [911360 2022-12-08] (Cleversort FZ-LLC -> ) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (Ningún archivo) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70920704 2024-01-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2591296 2024-01-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\MountPoints2: {1fdd738f-a082-11ec-b8da-b8aeed316b41} - "H:\Setup.exe" 
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.225\Installer\chrmstp.exe [2024-01-19] (Google LLC -> Google LLC)
GroupPolicy: Restricción - Windows Defender <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) =================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {787B5CB3-4B3C-4F2F-BAB6-2094B3AF67C4} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1707056 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {804349CE-FC32-4A1D-BFFC-A520FD0CD561} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {566556CC-0978-49AC-A0F7-B2D70CFA451D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F33742D0-3874-4483-9ABA-61B3CAC6C4C4} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "ae185ab3-422e-441b-ba51-ce46bffacfa1" --version "6.20.10897" --silent
Task: {4F2253BE-D04F-42E0-9BA2-10768915E1E9} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [38319520 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9FC3EDD8-5E96-42A5-A6DB-E1576FAB332E} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-12-01] (CyberLink Corp. -> )
Task: {8CEDF641-137A-4AB6-8202-3134DF0E030A} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-12-01] (CyberLink Corp. -> )
Task: {542E3734-D79A-4C40-81B9-46C1A7DE3FC3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-01-24] (ESET, spol. s r.o. -> ESET)
Task: {60352E6D-A0AC-4FCD-9F90-6F8CE36EA2D1} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-01-24] (ESET, spol. s r.o. -> ESET)
Task: {01D7DE65-3C1F-4458-8D35-147AC0E0E931} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-27] (Google LLC -> Google LLC)
Task: {F17C6C02-A0C3-4A49-B6B2-0D0B8B7DC622} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-27] (Google LLC -> Google LLC)
Task: {9BCCACEB-6665-41B1-928D-F5174380B336} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB4EE7B5-99B6-4CC1-B483-E9A1D058697F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3662C54B-1C50-4BBB-BE45-8D543ECD9972} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {792CD04E-9825-44CE-B788-0124EF21A7BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAC6A874-6D47-44EA-BE6B-F98510E07AD3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB9496C5-DA47-41F3-8564-639BADA10D9D} - System32\Tasks\Microsoft\OneCore\ipsecunch => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll" rtwrptyDCredefck
Task: {37F21C2A-E53C-4999-ABBE-C8FB2B7F4CE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B7D5D7CF-33E1-4197-8A27-5331EEE54205} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CF53563-970D-42DA-95AA-091BEDEFBB54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16670A37-C2FB-43D1-AC96-F42EFDF5B143} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [662432 2023-05-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F5D51F10-DC72-45A5-9CF2-D794B311E9C6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [713120 2023-05-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {56D9A966-EB89-49D0-A2FC-D73520018928} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {79E4E449-7126-45F8-B11E-2D6EE20D3C87} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1889977516-2818661329-1748021256-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {86FBE693-BE63-4A02-ACB6-180F4D173F92} - System32\Tasks\Opera scheduled Autoupdate 1638252513 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2350496 2024-01-18] (Opera Norway AS -> Opera Software)
Task: {2B5B0355-3D87-469D-9240-82FEEF711804} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55856 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E0004E4A-947D-40C4-A9CE-44DF295DC326} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c06a78d7-9339-4710-abd8-9447d3e1ad4f}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-24]
Edge Extension: (ColorZilla) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-09-13]
Edge Extension: (Meta Pixel Helper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-01-09]
Edge Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-20]
Edge Extension: (Corrector ortográfico y gramatical y parafraseador de textos — LanguageTool) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hfjadhjooeceemgojogkhlppanjkbobc [2024-01-09]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: ([DEPRECATED] Tag Assistant Legacy) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2023-10-16]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-01-24]
Edge Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-24]
Edge Extension: (The Elder Scrolls V: Skyrim 10th Anniversary) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\icahgcdchandbkbhminlkmeljdoflpoi [2023-01-30]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: q0x8zfph.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\q0x8zfph.default [2024-01-19]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7hnuoy5i.default-release [2024-01-24]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-27] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2024-01-21]
CHR Notifications: Default -> hxxps://n19.biz; hxxps://onevenadvnow.com; hxxps://regadsacademy.com; hxxps://richhackers.club.hotmart.com; hxxps://se05.biz; hxxps://shotvideoair.ru; hxxps://totalcoolblog.com; hxxps://totalrecaptcha.top; hxxps://typiccor.com; hxxps://www4.elbaestes.pro; hxxps://www55.richardwashington.pro
CHR Extension: (ColorZilla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-11-17]
CHR Extension: (Meta Pixel Helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2023-11-17]
CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2023-11-17]
CHR Extension: (Menú de aplicaciones de Drive (de Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-11-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Corrector ortográfico y gramatical — LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldceeleldhonbafppcapldpdifcinji [2023-03-31]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-01-21]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-01-21]
CHR Extension: (Color Picker for Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clldacgmdnnanihiibdgemajcfkmfhia [2023-05-07]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-01-17]
CHR Extension: (Google Meet Grid View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kklailfgofogmmdlhgmjgenehkjoioip [2021-01-28]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-28]
CHR Extension: (Microsoft 365) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2024-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Grammar Checker & Paraphraser – LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oldceeleldhonbafppcapldpdifcinji [2024-01-17]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-01-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-08]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-11-20]
CHR Extension: (Google Scholar Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2022-08-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-17]
CHR Extension: (Grammar Checker & Paraphraser – LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\oldceeleldhonbafppcapldpdifcinji [2023-11-20]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-21]
CHR HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2024-01-21]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-02-19]
OPR Extension: (Opera Wallet) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-02-19]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-11-30]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-01-14] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777080 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1137576 2023-10-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2023-12-15] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [375248 2023-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
S3 Rockstar Service; D:\Games\Launcher\RockstarService.exe [1631360 2021-01-28] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16360768 2022-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5963304 2022-12-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [10533960 2022-12-23] (PUBG CORPORATION -> KRAFTON, Inc)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [136760 2019-05-07] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 HoYoProtect; C:\WINDOWS\system32\HoYoKProtect.sys [3669520 2022-12-30] (Microsoft Windows Hardware Compatibility Publisher -> miHoYo)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NewTek_AudioPortClass; C:\WINDOWS\System32\drivers\NewTek_AudioPortClass.sys [33336 2020-10-18] (Microsoft Windows Hardware Compatibility Publisher -> NewTek)
R3 NewTek_WDM_KS; C:\WINDOWS\System32\drivers\NewTek_WDM_KS.sys [27832 2020-10-18] (Microsoft Windows Hardware Compatibility Publisher -> NewTek)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2021-04-10] (Microsoft Corporation) [Archivo no firmado]
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-03-25] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1432232 2022-12-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2024-01-24 22:01 - 2024-01-24 22:04 - 000080150 _____ C:\Users\User\OneDrive\Escritorio\Addition.txt
2024-01-24 21:59 - 2024-01-24 22:20 - 000031093 _____ C:\Users\User\OneDrive\Escritorio\FRST.txt
2024-01-24 21:57 - 2024-01-24 22:20 - 000000000 ____D C:\FRST
2024-01-24 21:56 - 2024-01-24 21:56 - 002389504 _____ (Farbar) C:\Users\User\OneDrive\Escritorio\FRST64.exe
2024-01-24 21:19 - 2024-01-24 21:19 - 000000000 ___HD C:\OneDriveTemp
2024-01-24 21:13 - 2024-01-24 21:13 - 000003854 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-01-24 21:13 - 2024-01-24 21:13 - 000003412 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-01-24 13:41 - 2024-01-24 21:54 - 000001381 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-01-24 13:41 - 2024-01-24 21:54 - 000001281 _____ C:\Users\User\OneDrive\Escritorio\ESET Online Scanner.lnk
2024-01-24 13:41 - 2024-01-24 13:41 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2024-01-24 11:44 - 2024-01-24 11:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2024-01-24 11:43 - 2024-01-24 21:50 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes
2024-01-24 11:43 - 2024-01-24 11:43 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-01-24 11:42 - 2024-01-24 11:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-24 11:42 - 2024-01-24 11:42 - 000000000 ____D C:\Program Files\Malwarebytes
2024-01-22 12:21 - 2024-01-22 12:21 - 000028273 _____ C:\Users\User\Downloads\Pago Fb Ads 22 enero.jpeg
2024-01-20 17:17 - 2024-01-21 12:01 - 000000000 ___HD C:\ProgramData\Ptnfd
2024-01-20 17:17 - 2024-01-20 17:17 - 000001205 _____ C:\Users\User\OneDrive\Escritorio\Google Chrome.lnk
2024-01-20 17:17 - 2024-01-20 17:17 - 000001066 _____ C:\Users\User\OneDrive\Escritorio\Epic Games Launcher.lnk
2024-01-20 17:17 - 2024-01-20 17:17 - 000000000 ____D C:\Users\User\AppData\Local\DesktopCleanup
2024-01-20 17:17 - 2024-01-20 17:17 - 000000000 ____D C:\Users\User\AppData\Local\Default
2024-01-20 17:16 - 2024-01-21 12:08 - 000000000 ____D C:\Users\User\AppData\Roaming\UbPublic
2024-01-20 17:12 - 2024-01-20 17:12 - 000002200 __RSH C:\ProgramData\ntuser.pol
2024-01-19 13:02 - 2024-01-24 12:03 - 000000000 ____D C:\Users\User\AppData\Local\LegalHelper2
2024-01-19 13:02 - 2024-01-24 12:02 - 000000000 ____D C:\ProgramData\IEUpdater2
2024-01-19 13:01 - 2024-01-24 15:08 - 000000000 ____D C:\Users\User\OneDrive\Documents\GuardFox
2024-01-14 20:37 - 2024-01-14 20:37 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-10 08:54 - 2024-01-10 09:07 - 000000000 ___HD C:\$WinREAgent
2023-12-30 17:21 - 2023-12-30 17:21 - 000000323 _____ C:\Users\User\OneDrive\Escritorio\Saints Row.url
2023-12-28 18:47 - 2023-12-28 18:47 - 000093228 _____ C:\Users\User\Downloads\recibo pico y placa.pdf
2023-12-28 00:58 - 2023-12-28 00:58 - 000000000 ____D C:\WINDOWS\InboxApps

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2024-01-24 21:57 - 2023-01-19 10:46 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2024-01-24 21:49 - 2022-08-24 19:40 - 000000000 ____D C:\Program Files\CCleaner
2024-01-24 21:47 - 2021-12-19 17:32 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-24 21:47 - 2021-01-27 15:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-24 21:45 - 2023-02-06 10:57 - 000004218 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CF2E06EB-E955-46CA-8582-3DEF51669B8B}
2024-01-24 21:22 - 2023-01-19 13:56 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2024-01-24 21:20 - 2023-10-17 12:03 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Teams
2024-01-24 21:19 - 2021-01-27 14:28 - 000000000 ___RD C:\Users\User\OneDrive
2024-01-24 21:16 - 2022-10-01 19:06 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-01-24 21:16 - 2022-08-24 18:21 - 000000000 ____D C:\Program Files\TeamViewer
2024-01-24 21:16 - 2021-04-11 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-24 21:16 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-24 21:15 - 2021-04-11 02:39 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-24 21:15 - 2021-01-27 15:34 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2024-01-24 21:15 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-01-24 21:11 - 2021-04-11 02:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-24 18:29 - 2021-10-03 23:04 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2024-01-24 12:10 - 2023-03-06 21:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-01-24 12:09 - 2022-10-01 19:06 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-01-24 12:09 - 2022-08-24 19:40 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-01-24 11:43 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-01-24 10:07 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-24 10:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-24 09:48 - 2023-01-15 15:38 - 000000000 ____D C:\Users\User\AppData\Local\AMD_Common
2024-01-24 09:45 - 2021-05-24 11:31 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-01-22 11:50 - 2021-11-30 01:08 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638252513
2024-01-22 11:50 - 2021-11-30 01:08 - 000001406 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2024-01-22 11:45 - 2021-01-27 14:25 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-01-21 21:00 - 2022-01-09 14:13 - 000000000 ____D C:\ProgramData\Riot Games
2024-01-21 12:33 - 2022-02-10 14:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-21 12:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-01-21 12:06 - 2023-01-15 14:47 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2024-01-21 12:02 - 2021-01-27 14:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-20 22:42 - 2021-01-27 14:25 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Protect
2024-01-19 13:02 - 2023-04-15 17:53 - 000000000 ____D C:\Users\User\AppData\Local\Steam
2024-01-19 13:02 - 2021-06-01 17:49 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2024-01-19 13:01 - 2023-01-06 17:15 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2024-01-19 13:01 - 2021-11-30 01:08 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2024-01-19 13:01 - 2018-09-15 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-01-19 12:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-01-19 12:54 - 2021-10-06 09:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-01-19 12:49 - 2021-01-27 15:32 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-19 12:48 - 2021-02-09 09:30 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-19 12:45 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-19 12:42 - 2021-04-11 03:04 - 000003852 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-01-19 12:42 - 2021-04-11 03:04 - 000003728 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-01-17 10:59 - 2022-01-09 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-01-16 23:22 - 2021-01-28 17:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Word
2024-01-16 23:22 - 2021-01-28 17:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Office
2024-01-16 20:14 - 2021-04-11 02:55 - 001773686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-16 20:14 - 2019-12-07 09:55 - 000788582 _____ C:\WINDOWS\system32\perfh00A.dat
2024-01-16 20:14 - 2019-12-07 09:55 - 000155970 _____ C:\WINDOWS\system32\perfc00A.dat
2024-01-16 20:07 - 2021-04-11 02:39 - 000450336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-14 20:35 - 2021-01-27 15:23 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-14 20:27 - 2021-01-27 16:29 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-10 09:51 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-10 09:05 - 2021-01-27 18:44 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-01-10 08:36 - 2021-01-27 18:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-10 00:11 - 2021-01-27 18:15 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-09 13:57 - 2021-01-27 14:43 - 000000000 ____D C:\ProgramData\Packages
2024-01-04 00:55 - 2023-10-17 12:03 - 000002363 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic.lnk
2023-12-31 20:31 - 2023-01-06 17:14 - 000000000 ____D C:\Users\User\AppData\Local\Discord
2023-12-31 20:25 - 2021-01-28 20:56 - 000000000 ____D C:\Program Files\Rockstar Games
2023-12-31 20:25 - 2021-01-28 20:56 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2023-12-31 20:23 - 2023-05-10 11:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-12-31 09:53 - 2021-02-12 18:18 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2023-12-28 01:01 - 2023-03-17 15:05 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-12-28 00:58 - 2019-12-07 09:58 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-12-28 00:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-12-28 00:58 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

==================== Archivos en la raíz de algunos directorios ========

2022-08-24 18:20 - 2022-08-24 18:20 - 043404592 _____ (TeamViewer Germany GmbH) C:\Users\User\TeamViewer_Setup_x64.exe
2023-01-15 14:50 - 2023-01-15 14:50 - 383999808 _____ (AMD Inc.) C:\Users\User\win10-64Bit-Radeon-Software-Adrenalin-2019-Edition-19.6.3-June27.exe
2021-03-24 17:09 - 2021-11-30 21:16 - 000000015 _____ () C:\Users\User\AppData\Roaming\obs-virtualcam.txt
2021-03-25 17:54 - 2021-03-25 22:38 - 000037925 _____ () C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-03-25 22:18 - 2021-03-25 22:18 - 000006096 _____ () C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
2023-02-04 13:50 - 2023-02-04 13:50 - 000016438 _____ () C:\Users\User\AppData\Local\partner.bmp
2022-08-24 19:32 - 2023-04-22 19:57 - 000007603 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================
1 me gusta
2 
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 24.01.2024
Ejecutado por User (24-01-2024 22:20:56)
Ejecutado desde C:\Users\User\OneDrive\Escritorio
Microsoft Windows 10 Pro Versión 22H2 19045.3930 (X64) (2021-04-11 08:05:51)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-1889977516-2818661329-1748021256-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889977516-2818661329-1748021256-503 - Limited - Disabled)
Invitado (S-1-5-21-1889977516-2818661329-1748021256-501 - Limited - Disabled)
User (S-1-5-21-1889977516-2818661329-1748021256-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1889977516-2818661329-1748021256-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
aescripts + aeplugins components (HKLM-x32\...\{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audio Monitor version 0.7.1 (HKLM-x32\...\{50EFE25B-5233-48A8-B23E-A51AB83BC1FC}}_is1) (Version: 0.7.1 - Exeldro)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.20 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Comprobación de estado de PC Windows (HKLM\...\{8B474A92-CE3A-4F46-B6F1-6DFA1390F826}) (Version: 3.6.2204.08001 - Microsoft Corporation)
CyberLink PhotoDirector 14 (HKLM-x32\...\{EF76B1BC-DB92-4A4F-8411-849406461806}) (Version: 14.1.1130.0 - CyberLink Corp.)
Epic Games Launcher (HKLM-x32\...\{5EDB15EA-8B3E-4C51-AE28-7BFFE25208C2}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.225 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 85.0.37.0 - Google LLC)
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Teams) (Version: 1.6.00.35961 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.33413 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 es-ES) (HKLM\...\Mozilla Firefox 107.0.1 (x64 es-ES)) (Version: 107.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0.1 - Mozilla)
NDI 4 Runtime (HKLM\...\{71AFF296-ED43-4166-8301-4649285EE712}_is1) (Version:  - NewTek, inc.)
NDI 4 Tools (HKLM\...\{35D49334-910D-4519-B971-C7B604214855}_is1) (Version:  - NewTek, inc.)
NewTek SpeedHQ Video Codec (x64) (Remove Only) (HKLM\...\NewTek_SpeedHQ_Codec_x64) (Version:  - )
NewTek SpeedHQ Video Codec (x86) (Remove Only) (HKLM-x32\...\NewTek_SpeedHQ_Codec) (Version:  - )
obs-ndi version 4.9.0 (HKLM-x32\...\{69FA0C71-8BEB-4E0D-B5D2-53BFF9192EE2}_is1) (Version: 4.9.0 - Stephane Lepin)
obs-virtualcam (HKLM-x32\...\obs-virtualcam) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Opera Stable 106.0.4998.52 (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Opera 106.0.4998.52) (Version: 106.0.4998.52 - Opera Software)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REDlauncher (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Spotify (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Spotify) (Version: 1.2.29.605.g66a43ceb - Spotify AB)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.33.7 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wondershare Recoverit(Build 10.0.3.14) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 10.0.3.14 - Wondershare Software Co.,Ltd.)
Zoom (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
ZXP Installer (HKLM-x32\...\{84781CC8-080F-4C35-BE00-69209AE2C215}) (Version: 1.6.226.0 - aescripts + aeplugins)
ZXP Installer (HKLM-x32\...\{f0a18c8f-cd7f-499e-bc51-b8ece014932c}) (Version: 1.6.226.0 - aescripts + aeplugins) Hidden

Packages:
=========
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.430.0_x64__ynb6jyjzte8ga [2023-07-22] (Adobe Inc.)
Complemento de motor multimedia para Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-26] (Microsoft Corporation)
Extensión de video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe [2024-01-24] (Microsoft) [Startup Task]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_4.1.38.0_x86__k5ye2zvjqqeaw [2024-01-11] (Nero AG)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.607.548.0_x64__55nm5eh3cm0pr [2024-01-11] (Roblox Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-10] (Microsoft Studios) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{04271989-C4D2-D418-1540-C5BA5276A163} -> [OneDrive - Universidad Distrital Francisco José de Caldas] => D:\OneDrive - Universidad Distrital Francisco José de Caldas [2023-01-10 16:59]
CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.33413\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-06-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.SHQ0] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-06] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-06] (Electronic Arts -> On2.com)

==================== Accesos directos & WMI ========================

==================== Módulos cargados (Lista blanca) =============

0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Acceso Denegado] C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000017920 _____ () [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003567616 _____ () [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2023-02-04 13:44 - 2022-06-29 13:13 - 000131072 _____ (Countly) [Archivo no firmado] [El archivo está en uso] C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll
2023-02-04 13:44 - 2018-01-10 15:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [Archivo no firmado] [El archivo está en uso] C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll
2023-03-17 14:38 - 2023-03-17 14:38 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-03-17 14:38 - 2023-03-17 14:38 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2023-02-04 13:44 - 2018-03-24 19:44 - 000475136 _____ (Newtonsoft) [Archivo no firmado] [El archivo está en uso] C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll
2023-02-04 13:44 - 2018-05-11 11:52 - 000074240 _____ (Sentry) [Archivo no firmado] [El archivo está en uso] C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000057856 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000039424 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000414720 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000025088 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000024576 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000023552 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000532992 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001441792 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001189888 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000134656 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006184448 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006867456 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000735232 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000120832 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001104896 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000325120 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003668480 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000517120 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000051712 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 004228608 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000171008 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001085440 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000480256 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000205824 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000329728 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000127488 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000390656 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 095598080 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 005587968 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000462848 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000188928 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 002878464 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000055808 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000059392 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000262144 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000284160 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000333824 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000136704 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000090112 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000313856 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000091648 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\Users\User\Datos de programa:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:$DATA​ [16]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\sharepoint.com -> hxxps://udistritaleduco-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{2aae0178-9bac-4afc-b4e4-3208f7444526}.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
1 me gusta
3 
==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [UDP Query User{FA14E5A1-BC43-4A3F-91DB-362E610AB25E}D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Allow) D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [TCP Query User{5408E124-E8CF-4AF0-9E42-C17752C52ED3}D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Allow) D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{AFD968F3-8ED1-4CD8-ABAE-59861DDF0061}D:\games\obs-studio\bin\64bit\obs64.exe] => (Allow) D:\games\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [TCP Query User{13CD8602-2317-4EF8-AF45-C8B328F0EBAF}D:\games\obs-studio\bin\64bit\obs64.exe] => (Allow) D:\games\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{BC95179E-46F9-4EED-A7F0-70C0E799647E}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Studio Monitor\Application.NDIRecording.x64.exe (Newtek Inc -> )
FirewallRules: [{481053DA-DDDA-472B-9701-36C7BA3B201F}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Studio Monitor\Application.Network.StudioMonitor.x64.exe (Newtek Inc -> )
FirewallRules: [{3FFBC690-26BD-4A46-94D0-8A6CB865559C}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Test Patterns\Application.Network.TestPatterns.exe (Newtek Inc -> NewTek)
FirewallRules: [{2F785AFD-BD9F-41BC-8437-E4E256F1FF58}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Webcam Input\Webcam Input.exe (Newtek Inc -> )
FirewallRules: [{DF5C4608-D1C4-407F-B15E-E1403D179323}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Screen Capture\Application.Network.ScanConverterHX.x64.exe (Newtek Inc -> )
FirewallRules: [{E3ED8B39-524B-48A6-AD02-4DBD827FD5A4}] => (Allow) C:\Program Files\NDI.tv\NDI 4 Tools\Screen Capture\Application.Network.ScanConverter2.x64.exe (Newtek Inc -> )
FirewallRules: [{EC0F5C52-D2A8-4F2F-9554-DB08909F35B3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BAC97CB-689A-4E0B-84BE-C95A325DF51D}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{31786635-09BF-4603-A886-BE526B152B7C}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{2A483153-384D-42CB-97D6-0CCA68C12D87}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{8191BF81-C4EF-44CD-8E05-9FDE8ED50204}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{1ABF01DB-C957-4D65-AC47-22C72B7D4087}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A467CDE8-E5D1-4EEB-AF67-B20B33B99B8E}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C61BEAAA-6681-42CE-A218-AD9B2B794FF5}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F64D2FF7-16A5-408A-8716-1D5C3820353B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{15DE4E5E-9DFD-4251-B1AC-83370EC0EBA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{3AFB423D-521D-4B22-B6BB-3B9632E38983}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{C5D9FC8F-3502-439F-B595-91A6807F92AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{760AF113-1791-4FB6-A562-FAF8B374DDF6}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{062669A2-B842-4265-97B6-BFB5B71F4F94}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{2797F975-1583-445C-87F8-69B8070879F3}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{33A62920-33DB-4985-B735-A109B8433A64}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [TCP Query User{D02C0617-F030-4AD6-A355-64392407CD17}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [UDP Query User{DB880AB2-2914-4C78-859C-06DB166DE375}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [TCP Query User{40BFD34F-1C35-48E9-8908-EF13B682D687}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [UDP Query User{8F22AF78-E406-455D-A09C-D3428F61C6E3}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [TCP Query User{BDEAF558-D4F7-490A-8C18-E1131507B38B}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [UDP Query User{03F0825F-AF5D-4176-87F5-0CA570F04C85}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [{D171F07F-2E67-4A71-94EA-9A0CAD47BD80}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{936F96F6-A9F1-42D8-902A-C11CE7B554F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2F354541-9E68-4EBC-8513-027F4D74E993}] => (Allow) LPort=57209
FirewallRules: [{CCEB46A3-F1D9-48EB-8216-3056BE74E6BB}] => (Allow) LPort=57210
FirewallRules: [{B5A338AF-A5CB-418A-B844-738F363D5359}] => (Allow) LPort=57211
FirewallRules: [{FFB6775B-60AD-4CC1-869C-A4E58316C0B2}] => (Allow) LPort=57212
FirewallRules: [{5BE3223B-89BA-4BE6-91D0-5487392184D0}] => (Allow) LPort=57213
FirewallRules: [{7F6212BA-91CE-4B03-860A-A3298A52A8BB}] => (Allow) LPort=57214
FirewallRules: [{BFA9E742-1CE6-418D-81B9-6245B75F3F62}] => (Allow) LPort=57215
FirewallRules: [{6998860A-5F27-4CC3-91EF-0FFC79F605D2}] => (Allow) LPort=57216
FirewallRules: [{E96782C8-511D-466D-A7CF-7EB3F13E754C}] => (Allow) LPort=57217
FirewallRules: [{BD2E8CD9-DFBA-4CC4-B1A3-3929AEE19617}] => (Allow) LPort=57218
FirewallRules: [{F4241F83-E3D0-4966-86A5-7231C4CFD726}] => (Allow) LPort=57209
FirewallRules: [{8E2D881B-5FAD-4459-B418-CE5B39E009D1}] => (Allow) LPort=57210
FirewallRules: [{C3253F57-E97C-4684-B653-2235EC5B44E3}] => (Allow) LPort=57211
FirewallRules: [{7C32CCD7-C95E-473F-BAD5-E679FDB93A14}] => (Allow) LPort=57212
FirewallRules: [{3331FAE0-DCFB-4456-B314-B6E37C0EAF34}] => (Allow) LPort=57213
FirewallRules: [{6FD49376-819A-49BC-A579-A94E6CEBE191}] => (Allow) LPort=57214
FirewallRules: [{7912C273-0A17-4BCA-A4B4-8CD95CAB8DB3}] => (Allow) LPort=57215
FirewallRules: [{1C871826-BD5D-47CB-9234-9E3B758A1101}] => (Allow) LPort=57216
FirewallRules: [{10059EF7-91BE-44C6-B861-77EE418BF08E}] => (Allow) LPort=57217
FirewallRules: [{23A24F4A-8620-4E81-8765-59EFEC6196C2}] => (Allow) LPort=57218
FirewallRules: [{C67573FE-E442-4056-89C9-3BFAD2B6B472}] => (Allow) LPort=23007
FirewallRules: [{13C95C4A-139A-45AF-80B0-F13C68C73E14}] => (Allow) LPort=23008
FirewallRules: [{805A2B58-42EF-498B-865E-10E3DBF5585C}] => (Allow) LPort=33009
FirewallRules: [{425C6E8B-94FF-4089-9D72-B91EBA7B4685}] => (Allow) LPort=33010
FirewallRules: [{B536B66E-A792-4082-85F7-39A82D65BB3E}] => (Allow) LPort=33011
FirewallRules: [{4D016C07-892B-492D-9404-285F5CA742FB}] => (Allow) LPort=43012
FirewallRules: [{5D03FA26-EDC3-4C2C-8847-0D3E1051386E}] => (Allow) LPort=43013
FirewallRules: [{836AC180-F163-4D2B-B8B9-F03B6E3A9A62}] => (Allow) LPort=53014
FirewallRules: [{04755E86-D58B-4A47-AB3F-780B3BAD762B}] => (Allow) LPort=53015
FirewallRules: [{96701CF8-436A-4306-ABF9-20B4CA141991}] => (Allow) LPort=53016
FirewallRules: [{93E1382A-8233-478F-B1D0-28F35B747059}] => (Allow) LPort=23007
FirewallRules: [{57D28CC1-52F8-48EC-8AAE-5305FE857681}] => (Allow) LPort=23008
FirewallRules: [{CAEF3A4C-35D7-4F15-89F1-C829F308508E}] => (Allow) LPort=33009
FirewallRules: [{0AE8253D-0AE3-40A6-ADC8-210F5469EB68}] => (Allow) LPort=33010
FirewallRules: [{7F914BE1-320D-4E2C-8E8D-94F7684DEBBA}] => (Allow) LPort=33011
FirewallRules: [{05B4CE86-9DE6-48C9-AAEA-1705C5FE8A77}] => (Allow) LPort=43012
FirewallRules: [{18EF3BA8-8C4E-41AB-9348-DEB075FDA8B9}] => (Allow) LPort=43013
FirewallRules: [{9F55609F-F145-42F8-A889-1BADFF2028D1}] => (Allow) LPort=53014
FirewallRules: [{97CFF60B-C039-4021-9F57-26780F0C74F2}] => (Allow) LPort=53015
FirewallRules: [{9C9ABB0E-5815-4510-A390-3C47E24C5FB1}] => (Allow) LPort=53016
FirewallRules: [{C1384698-57CD-4C34-BA02-DFED51C585D5}] => (Allow) LPort=50053
FirewallRules: [{7296B120-9C67-4F56-8654-D6BA7DBBF873}] => (Allow) LPort=50053
FirewallRules: [{7826D0C7-3BD3-4645-AFED-F57B2EA73D67}] => (Allow) LPort=57209
FirewallRules: [{B6B14D00-0554-4FCC-9655-6E3C3CE0E989}] => (Allow) LPort=57210
FirewallRules: [{96396BAB-B7DE-49E9-AE81-644E26FFA126}] => (Allow) LPort=57211
FirewallRules: [{8FDEAF59-FCE9-4CB1-AD5C-E85537E586B5}] => (Allow) LPort=57212
FirewallRules: [{F3FDFEE0-E14A-43C6-8815-5A316D4C63F7}] => (Allow) LPort=57213
FirewallRules: [{EE0F67CC-2D3E-4AD4-9A46-9EAFC8697C4A}] => (Allow) LPort=57214
FirewallRules: [{035621C0-FD49-4176-9A5A-2F8751F74834}] => (Allow) LPort=57215
FirewallRules: [{C1577EBF-62FC-485C-8701-691920FCBFD9}] => (Allow) LPort=57216
FirewallRules: [{8045DF09-745A-4720-B3C7-C647883FA419}] => (Allow) LPort=57217
FirewallRules: [{E0B26E36-7877-49E8-9F9E-ABF1FE69163C}] => (Allow) LPort=57218
FirewallRules: [{DC18D752-3E1B-4D01-A49A-DE9D0C1F6874}] => (Allow) LPort=57209
FirewallRules: [{08E76581-E47D-4715-BA35-23B093530323}] => (Allow) LPort=57210
FirewallRules: [{22E983C1-F7E3-41BB-A8B4-E08C305356BF}] => (Allow) LPort=57211
FirewallRules: [{390351AB-912A-4B88-81F9-F6D16690FD2A}] => (Allow) LPort=57212
FirewallRules: [{8DCD0FA2-8755-4A8A-9EEE-F994DF751C75}] => (Allow) LPort=57213
FirewallRules: [{C27C111A-8B56-4922-A6AA-86952A9889A9}] => (Allow) LPort=57214
FirewallRules: [{A1858C2E-B951-408F-8B4F-26A673824367}] => (Allow) LPort=57215
FirewallRules: [{1BB5FF08-04B0-453C-A00E-E22A4F3884CE}] => (Allow) LPort=57216
FirewallRules: [{20FFBE33-70E6-4957-B51E-A1CB27D2E9CA}] => (Allow) LPort=57217
FirewallRules: [{F23FEAEA-E11E-410C-AF7B-5CD3F4B433FE}] => (Allow) LPort=57218
FirewallRules: [{8E0102F8-AF00-443A-A159-17285439A2D8}] => (Allow) LPort=23007
FirewallRules: [{B7EE762B-2552-4F99-9E42-0A430C88A2D6}] => (Allow) LPort=23008
FirewallRules: [{7EA24775-E94A-4331-BDB9-E3B45A6B1B7D}] => (Allow) LPort=33009
FirewallRules: [{5A8BC379-D981-4955-91C2-D2039C1C346E}] => (Allow) LPort=33010
FirewallRules: [{AEF4557D-03BC-4D53-B675-23685D880639}] => (Allow) LPort=33011
FirewallRules: [{0DE4754C-961B-4282-B60F-6A0CA48B7F6F}] => (Allow) LPort=43012
FirewallRules: [{5EA6236F-4AB9-4B36-99EC-999A58772D5C}] => (Allow) LPort=43013
FirewallRules: [{5770E6E4-5BCC-43A1-BA9A-01EC799A1727}] => (Allow) LPort=53014
FirewallRules: [{C3EE6FC0-55D3-4CE1-ABAB-09F47B4C7FB2}] => (Allow) LPort=53015
FirewallRules: [{4CEA9CCB-5E66-44C0-B84C-E7EE3AE7784F}] => (Allow) LPort=53016
FirewallRules: [{0E0CD630-FEBA-43B1-AC8F-D739E4253C61}] => (Allow) LPort=23007
FirewallRules: [{53E0798E-3AA7-4676-BE5F-ACB438060270}] => (Allow) LPort=23008
FirewallRules: [{004D7A06-ED98-40FF-B43F-912EED79DED1}] => (Allow) LPort=33009
FirewallRules: [{DBA371C2-8320-4122-951E-ED1C65EA81B2}] => (Allow) LPort=33010
FirewallRules: [{374FB90E-0684-41F0-8E7E-16768969B6D2}] => (Allow) LPort=33011
FirewallRules: [{B2217D52-00DE-440E-9A65-403BA7AB59DD}] => (Allow) LPort=43012
FirewallRules: [{6787EBBD-43AA-4A4F-8EC9-1288243A9C24}] => (Allow) LPort=43013
FirewallRules: [{478E0C37-A3A4-433C-94E3-0227BF04A484}] => (Allow) LPort=53014
FirewallRules: [{B1622E80-E642-4BB7-A6A1-86E68537F251}] => (Allow) LPort=53015
FirewallRules: [{E4BE5AAE-AE5B-443D-BCAE-0393713FAF2A}] => (Allow) LPort=53016
FirewallRules: [{CBF0F74D-F0F0-4CA7-94B6-25F88BC29B5A}] => (Allow) LPort=50053
FirewallRules: [{C7BF73CB-08C9-4B56-87ED-03EDD182CBA2}] => (Allow) LPort=50053
FirewallRules: [TCP Query User{059CEF3B-138F-4B70-9743-8A9705522DE0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3EF8708D-BCAC-49B0-BE07-340BB468C4C7}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3099A098-0235-4F43-8A8E-F161897009DA}C:\users\user\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{9A75F488-AFA0-4667-9111-690D3A42B904}C:\users\user\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\user\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{728E5713-11E7-4B62-BFC9-92FAF66EF2B4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [{41F5D7DB-399C-4047-B763-8617D647B9FC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{43DDD8AD-A1F9-4D16-BACC-2E87E469D1F8}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B7913089-CDA4-4330-9D5D-79C468C5EAC9}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2015AF28-0858-4BE9-90F6-845407049321}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{1233AA04-CAC7-4CA3-AD45-43670E17E0BD}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [{21E6CFF9-2085-4D99-A2C7-6157621B1A76}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{E3CF1D59-3E7C-44DC-BCFC-57DBE7250AE3}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{D374E1CE-07FD-4237-A0E2-5C75A5D50F36}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{36AD5BB8-86F5-4A7D-97A7-59E0DD3088E1}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{F74E8930-5D7F-4871-94B9-3B4ED0A9B54B}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{B36C3A59-96EF-467B-A691-6A6E6A619860}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{E91AF8D5-2681-416A-B671-47BEE3A9B43B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F594C858-436A-4162-9280-C3AC0DF51DDA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F501B954-0A03-4126-892B-CFB6845B703C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D17E9861-8A0F-4822-B796-56A37434A4F7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{C4114DBA-7D90-4795-8591-DF8D4F6F117A}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{F6B2790C-3849-43E6-BA62-3310DDEAAB3B}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{AD647F2E-B663-41EE-9362-14C9934957DF}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D639C085-4291-4C91-9EF1-9533EF02A84B}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C7D19DEE-17C0-4F48-AD0D-734A643498BD}C:\users\user\appdata\local\programs\opera\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F2A087D0-05E0-40BC-93A7-A058F912CA48}C:\users\user\appdata\local\programs\opera\opera.exe] => (Block) C:\users\user\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{7B18626B-81AD-4755-96D1-1C8798EB2958}D:\games\obs-studio\bin\64bit\obs64.exe] => (Block) D:\games\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [UDP Query User{00DC9770-01D7-4F36-81A7-5DA7D973AD89}D:\games\obs-studio\bin\64bit\obs64.exe] => (Block) D:\games\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [TCP Query User{2E0C1BD5-F5D4-4E62-BE04-B2CF1A1C5801}D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Allow) D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{0EC14559-BEC6-4535-9AA7-39161B30A5FA}D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Allow) D:\games\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [TCP Query User{F638BE4A-BB58-4F1A-9B10-F0307F4328E3}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [UDP Query User{7C2A4CFC-9953-4A3A-968E-5D7B24A9A10B}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [TCP Query User{0FB52BA5-DB58-4147-9CC7-E0B751A5689D}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{11989A07-965E-4A50-BD54-12BA651ED33C}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{1E80716D-72A9-4FC9-8252-49235F28E388}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [UDP Query User{986E7C8A-1F88-4C5E-9827-CC01AF97211C}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [TCP Query User{2CF15839-4065-4E7B-B066-217C3029F5BE}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [UDP Query User{2FDBD87C-BB03-450F-B9BE-6D180DF25A53}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [TCP Query User{0B914817-86CA-44FE-9C47-5D292B53AE2C}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{558AF163-0CA1-43CB-9E29-49D48CBFD31E}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [TCP Query User{F15671D2-6EA6-40F5-81A0-3FE5F8463FAC}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [UDP Query User{46E72302-9696-4429-9B2A-1D086DF54AAF}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [TCP Query User{25A63F34-0940-4DDA-BB7F-473F451BE9F4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{132FB279-41FF-4D6C-AAF7-EF4486A2F666}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D6E51BB4-EFE6-4CAA-A10E-0396841353C2}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{910664FE-BB1E-4838-8B8E-96F2D3E2CB73}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D2EE4EF2-C7DA-4FB2-B0C9-C2EF68974296}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [UDP Query User{F9812B30-AD1D-4867-B68C-5292558B0B94}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [{76A2B999-2665-42F1-B72E-02A4B9B51850}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{7343E570-3671-4377-9EC1-2649916FBE06}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [{117A69F5-E1EB-453B-AE19-D79D1F06D05B}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{CFAD5D93-456C-464A-9E13-940C228392AE}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [TCP Query User{CC7349C1-03CC-450A-AE70-5675C0691D6F}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [UDP Query User{56E72C81-7128-477E-8835-2DF7E8AA3355}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [{2FEDA01A-F181-464B-8AC9-563D01A2C71B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{FF456218-8788-4510-A077-099A71497D84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{321D945A-56E9-41B7-92C5-030124549075}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [{56967C4A-C830-41DA-8427-E41CDF8D3262}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [{2191D9DE-B8F6-4E6D-9547-23EF581760CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A3A0B24A-6627-424E-B481-FD7A6919D1E7}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{6D3DA545-7DCB-41C7-9B76-5ED0C10FCA80}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{A2024C70-29B1-489B-AEA1-8ADB385BF16E}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [UDP Query User{71708FB5-E1DD-462E-882A-8FFAD2EB844C}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [{8046AFC7-D311-478D-B315-DA5F6B4F2090}] => (Allow) D:\Games\ACValhallaDemo\ACValhalla_Plus.exe => Ningún archivo
FirewallRules: [TCP Query User{F8665BB9-9462-4664-8322-7C65F97DC01D}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{E1A6E68E-4875-43D1-97D3-1D6800870507}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{912FB7B4-24BF-4600-B7CA-B117B8F7EBAA}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
FirewallRules: [UDP Query User{996E2032-1F64-4D11-9843-B379687CB489}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
FirewallRules: [{33DF2F54-6E93-4F41-A2B4-C69BAC4049A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DAC5C81C-30B0-4A58-B1B4-8209F6619D22}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B78EBDC5-7CAC-4A89-927E-586A4A842D0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37B44D1E-7193-40D2-9423-9046963D1FF0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{EBD7942E-30AF-4493-AC8A-0A3287F96142}D:\games\saintsrow\sr5\saintsrow.exe] => (Allow) D:\games\saintsrow\sr5\saintsrow.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{C94DE96E-09D2-464E-90E8-E43BBA30B083}D:\games\saintsrow\sr5\saintsrow.exe] => (Allow) D:\games\saintsrow\sr5\saintsrow.exe () [Archivo no firmado]
FirewallRules: [{36F0F6D1-E884-4F80-AB50-6327B2994316}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{19DFD8F9-3803-4DBA-B62E-AD2D3FE8F141}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66CD9073-92B4-4CC8-B805-A9E7DE9F7EB4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C84C1C7-D37C-4419-BE30-CBC7BA6EBBF9}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Puntos de Restauración =========================

24-01-2024 11:17:08 Punto de control programado

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (01/24/2024 09:23:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (01/24/2024 09:23:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/24/2024 09:23:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/24/2024 12:45:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en DATOS (D:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (01/24/2024 12:44:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (C:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (01/24/2024 12:32:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en Reservado para el sistema debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (01/24/2024 12:15:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (01/24/2024 12:14:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


Errores del sistema:
=============
Error: (01/24/2024 09:20:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Administrador de mapas descargados no respondió después de iniciar.

Error: (01/24/2024 09:14:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BC0EK2J)
Description: El servidor Microsoft.AAD.BrokerPlugin_1000.19041.3636.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/24/2024 01:43:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/24/2024 01:43:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (01/24/2024 01:43:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/24/2024 01:43:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (01/24/2024 01:43:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (01/24/2024 01:43:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2024-01-21 12:14:47
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Nombre: VirTool:Win32/DefenderTamperingRestore
Id.: 2147741622
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Origen de detección: Desconocido
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.403.2472.0, AS: 1.403.2472.0, NIS: 1.403.2472.0
Versión de motor: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-01-20 15:30:28
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {F30BD765-D469-404C-8B0A-9117350622D8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-19 16:01:56
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {79B6F6DF-9E43-45BE-9D69-A4FCB825E849}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-17 22:09:21
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {6234B003-BA1E-45A9-8AC2-30DAC90E2E66}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-15 08:44:39
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {0ABF9CAD-C30F-456C-BCFE-447379A9F90A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2024-01-24 12:04:51
Description: 
Antivirus de Microsoft Defender encontró un error al intentar actualizar la inteligencia de seguridad e intentará revertir a una versión anterior.
Inteligencia de seguridad intentada: Actual
Código de error: 0x80501102
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 
Versión de inteligencia de seguridad: 1.403.2629.0;1.403.2629.0
Versión del motor: 1.1.23110.2

Date: 2023-12-11 08:57:35
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.149.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 

Date: 2023-12-11 08:57:35
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.149.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 

Date: 2023-12-11 08:57:35
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.149.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 

Date: 2023-12-07 18:30:27
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.105.0
Origen de actualización: Servidor de Microsoft Update
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80240009
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===============
Date: 2024-01-24 15:38:04
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wscript.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2023-11-20 14:16:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-17 17:20:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-02 20:48:15
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-21 17:08:00
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. 4.6.5 09/17/2014
Placa base: ECS H81H3-M4
Procesador: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Porcentaje de memoria en uso: 41%
RAM física total: 12225.12 MB
RAM física disponible: 7123.78 MB
Virtual total: 24225.12 MB
Virtual disponible: 17784.57 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:229.16 GB) (Free:109.8 GB) (Model: WDC WD15EARX-00PASB0) NTFS
Drive d: (DATOS) (Fixed) (Total:1166.38 GB) (Free:480.91 GB) (Model: WDC WD15EARX-00PASB0) NTFS

\\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{2bd2c32a-0000-0000-0000-406939000000}\ () (Fixed) (Total:0.53 GB) (Free:0.09 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=229.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1166.4 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================
1 me gusta
4

Hola @Yaniv_Goldstein

Estaré mirando el reporte y cuando finalice ya te indicare como seguir.

Saludos

3 Me gusta
5

Hola nuevamente

Reconoces algunos de los siguientes programas?

aescripts + aeplugins components (HKLM-x32.…{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins)

ASIO4ALL (HKLM-x32.…\ASIO4ALL) (Version: 2.14 - Michael Tippach) VBCABLE, The Virtual Audio Cable (HKLM.…\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)

ZXP Installer (HKLM-x32.…{84781CC8-080F-4C35-BE00-69209AE2C215}) (Version: 1.6.226.0 - aescripts + aeplugins)

ZXP Installer (HKLM-x32.…{f0a18c8f-cd7f-499e-bc51-b8ece014932c}) (Version: 1.6.226.0 - aescripts + aeplugins) Hidden

Te suena de algo TaskbarSystem?

Saludos

1 me gusta
7

Hola Daniel

Solo reconozco el segundo, el VBcable, que es un componente de OBS studio el resto no los reconozco y el taskbar tampoco.

Muchas gracias

Hola Daniel de nuevo yo

No entendí si debo seguir esperando o debo eliminar esos archivos que mencionaste?

En caso de que tenga que eliminarlos, como?

Muchas gracias

2 Me gusta
8

Hola @Yaniv_Goldstein

No hagas nada de momento, espera mi respuesta, las tendrás en estos días

Saludos

2 Me gusta
9

:zero: PREGUNTAS

He detectado en tu equipo los siguientes antivirus instalados:

Malwarebytes
Windows Defender

Todo y que por el log me lo imagino… ¿Pero qué antivirus utilizas actualmente en tu equipo como protección residente? ¿Y qué Firewall?

:one: DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con el nombre de:

  • Wondershare o Wondershare + Lo que sea.
  • aescripts + Lo que sea.
  • ZXP Installer + Lo que sea

Pues en tu caso tienes instalados los siguientes:

Wondershare Recoverit(Build 10.0.3.14) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 10.0.3.14 - Wondershare Software Co.,Ltd.)
ZXP Installer (HKLM-x32\...\{84781CC8-080F-4C35-BE00-69209AE2C215}) (Version: 1.6.226.0 - aescripts + aeplugins)
aescripts + aeplugins components (HKLM-x32\...\{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins)

Estos deben de quedar completamente desinstalados.

:two: DESINSTALACIÓN EXTENSIONES

Para las extensiones en que te diga: puedes quitarlas. Hazlo así:

Accedes a Opera y quitas la extensión llamada Rich Hints Agent

:three: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Reinicias el ordenador en Modo Normal.
  • Descargas DelFix en tu escritorio.
  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.
  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Unlock: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
(explorer.exe ->) (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe

Folder: C:\Users\User\AppData\Local\Programs\TaskbarSystem
Folder: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation
Folder: C:\ProgramData\Ptnfd
Folder: C:\Users\User\AppData\Roaming\UbPublic
Folder: C:\Users\User\AppData\Local\LegalHelper2
Folder: C:\ProgramData\IEUpdater2
File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml;C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml;C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restricción <==== ATENCIÓN
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [utweb] => "C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Ningún archivo)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [TaskbarSystem] => C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe [911360 2022-12-08] (Cleversort FZ-LLC -> ) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (Ningún archivo) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\MountPoints2: {1fdd738f-a082-11ec-b8da-b8aeed316b41} - "H:\Setup.exe" 
GroupPolicy: Restricción - Windows Defender <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
Task: {CB9496C5-DA47-41F3-8564-639BADA10D9D} - System32\Tasks\Microsoft\OneCore\ipsecunch => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll" rtwrptyDCredefck
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CHR Notifications: Default -> hxxps://n19.biz; hxxps://onevenadvnow.com; hxxps://regadsacademy.com; hxxps://richhackers.club.hotmart.com; hxxps://se05.biz; hxxps://shotvideoair.ru; hxxps://totalcoolblog.com; hxxps://totalrecaptcha.top; hxxps://typiccor.com; hxxps://www4.elbaestes.pro; hxxps://www55.richardwashington.pro
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-02-19]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
H:\Setup.exe
C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
C:\Program Files (x86)\Lavasoft
2024-01-20 17:17 - 2024-01-21 12:01 - 000000000 ___HD C:\ProgramData\Ptnfd
2024-01-10 08:54 - 2024-01-10 09:07 - 000000000 ___HD C:\$WinREAgent
AlternateDataStreams: C:\Users\User\Datos de programa:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:$DATA​ [16]
FirewallRules: [{8BAC97CB-689A-4E0B-84BE-C95A325DF51D}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{31786635-09BF-4603-A886-BE526B152B7C}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{2A483153-384D-42CB-97D6-0CCA68C12D87}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{8191BF81-C4EF-44CD-8E05-9FDE8ED50204}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{F64D2FF7-16A5-408A-8716-1D5C3820353B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{15DE4E5E-9DFD-4251-B1AC-83370EC0EBA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{3AFB423D-521D-4B22-B6BB-3B9632E38983}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{C5D9FC8F-3502-439F-B595-91A6807F92AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{760AF113-1791-4FB6-A562-FAF8B374DDF6}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{062669A2-B842-4265-97B6-BFB5B71F4F94}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{2797F975-1583-445C-87F8-69B8070879F3}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{33A62920-33DB-4985-B735-A109B8433A64}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [TCP Query User{D02C0617-F030-4AD6-A355-64392407CD17}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [UDP Query User{DB880AB2-2914-4C78-859C-06DB166DE375}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [TCP Query User{40BFD34F-1C35-48E9-8908-EF13B682D687}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [UDP Query User{8F22AF78-E406-455D-A09C-D3428F61C6E3}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [TCP Query User{BDEAF558-D4F7-490A-8C18-E1131507B38B}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [UDP Query User{03F0825F-AF5D-4176-87F5-0CA570F04C85}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [{2F354541-9E68-4EBC-8513-027F4D74E993}] => (Allow) LPort=57209
FirewallRules: [{CCEB46A3-F1D9-48EB-8216-3056BE74E6BB}] => (Allow) LPort=57210
FirewallRules: [{B5A338AF-A5CB-418A-B844-738F363D5359}] => (Allow) LPort=57211
FirewallRules: [{FFB6775B-60AD-4CC1-869C-A4E58316C0B2}] => (Allow) LPort=57212
FirewallRules: [{5BE3223B-89BA-4BE6-91D0-5487392184D0}] => (Allow) LPort=57213
FirewallRules: [{7F6212BA-91CE-4B03-860A-A3298A52A8BB}] => (Allow) LPort=57214
FirewallRules: [{BFA9E742-1CE6-418D-81B9-6245B75F3F62}] => (Allow) LPort=57215
FirewallRules: [{6998860A-5F27-4CC3-91EF-0FFC79F605D2}] => (Allow) LPort=57216
FirewallRules: [{E96782C8-511D-466D-A7CF-7EB3F13E754C}] => (Allow) LPort=57217
FirewallRules: [{BD2E8CD9-DFBA-4CC4-B1A3-3929AEE19617}] => (Allow) LPort=57218
FirewallRules: [{F4241F83-E3D0-4966-86A5-7231C4CFD726}] => (Allow) LPort=57209
FirewallRules: [{8E2D881B-5FAD-4459-B418-CE5B39E009D1}] => (Allow) LPort=57210
FirewallRules: [{C3253F57-E97C-4684-B653-2235EC5B44E3}] => (Allow) LPort=57211
FirewallRules: [{7C32CCD7-C95E-473F-BAD5-E679FDB93A14}] => (Allow) LPort=57212
FirewallRules: [{3331FAE0-DCFB-4456-B314-B6E37C0EAF34}] => (Allow) LPort=57213
FirewallRules: [{6FD49376-819A-49BC-A579-A94E6CEBE191}] => (Allow) LPort=57214
FirewallRules: [{7912C273-0A17-4BCA-A4B4-8CD95CAB8DB3}] => (Allow) LPort=57215
FirewallRules: [{1C871826-BD5D-47CB-9234-9E3B758A1101}] => (Allow) LPort=57216
FirewallRules: [{10059EF7-91BE-44C6-B861-77EE418BF08E}] => (Allow) LPort=57217
FirewallRules: [{23A24F4A-8620-4E81-8765-59EFEC6196C2}] => (Allow) LPort=57218
FirewallRules: [{C67573FE-E442-4056-89C9-3BFAD2B6B472}] => (Allow) LPort=23007
FirewallRules: [{13C95C4A-139A-45AF-80B0-F13C68C73E14}] => (Allow) LPort=23008
FirewallRules: [{805A2B58-42EF-498B-865E-10E3DBF5585C}] => (Allow) LPort=33009
FirewallRules: [{425C6E8B-94FF-4089-9D72-B91EBA7B4685}] => (Allow) LPort=33010
FirewallRules: [{B536B66E-A792-4082-85F7-39A82D65BB3E}] => (Allow) LPort=33011
FirewallRules: [{4D016C07-892B-492D-9404-285F5CA742FB}] => (Allow) LPort=43012
FirewallRules: [{5D03FA26-EDC3-4C2C-8847-0D3E1051386E}] => (Allow) LPort=43013
FirewallRules: [{836AC180-F163-4D2B-B8B9-F03B6E3A9A62}] => (Allow) LPort=53014
FirewallRules: [{04755E86-D58B-4A47-AB3F-780B3BAD762B}] => (Allow) LPort=53015
FirewallRules: [{96701CF8-436A-4306-ABF9-20B4CA141991}] => (Allow) LPort=53016
FirewallRules: [{93E1382A-8233-478F-B1D0-28F35B747059}] => (Allow) LPort=23007
FirewallRules: [{57D28CC1-52F8-48EC-8AAE-5305FE857681}] => (Allow) LPort=23008
FirewallRules: [{CAEF3A4C-35D7-4F15-89F1-C829F308508E}] => (Allow) LPort=33009
FirewallRules: [{0AE8253D-0AE3-40A6-ADC8-210F5469EB68}] => (Allow) LPort=33010
FirewallRules: [{7F914BE1-320D-4E2C-8E8D-94F7684DEBBA}] => (Allow) LPort=33011
FirewallRules: [{05B4CE86-9DE6-48C9-AAEA-1705C5FE8A77}] => (Allow) LPort=43012
FirewallRules: [{18EF3BA8-8C4E-41AB-9348-DEB075FDA8B9}] => (Allow) LPort=43013
FirewallRules: [{9F55609F-F145-42F8-A889-1BADFF2028D1}] => (Allow) LPort=53014
FirewallRules: [{97CFF60B-C039-4021-9F57-26780F0C74F2}] => (Allow) LPort=53015
FirewallRules: [{9C9ABB0E-5815-4510-A390-3C47E24C5FB1}] => (Allow) LPort=53016
FirewallRules: [{C1384698-57CD-4C34-BA02-DFED51C585D5}] => (Allow) LPort=50053
FirewallRules: [{7296B120-9C67-4F56-8654-D6BA7DBBF873}] => (Allow) LPort=50053
FirewallRules: [{7826D0C7-3BD3-4645-AFED-F57B2EA73D67}] => (Allow) LPort=57209
FirewallRules: [{B6B14D00-0554-4FCC-9655-6E3C3CE0E989}] => (Allow) LPort=57210
FirewallRules: [{96396BAB-B7DE-49E9-AE81-644E26FFA126}] => (Allow) LPort=57211
FirewallRules: [{8FDEAF59-FCE9-4CB1-AD5C-E85537E586B5}] => (Allow) LPort=57212
FirewallRules: [{F3FDFEE0-E14A-43C6-8815-5A316D4C63F7}] => (Allow) LPort=57213
FirewallRules: [{EE0F67CC-2D3E-4AD4-9A46-9EAFC8697C4A}] => (Allow) LPort=57214
FirewallRules: [{035621C0-FD49-4176-9A5A-2F8751F74834}] => (Allow) LPort=57215
FirewallRules: [{C1577EBF-62FC-485C-8701-691920FCBFD9}] => (Allow) LPort=57216
FirewallRules: [{8045DF09-745A-4720-B3C7-C647883FA419}] => (Allow) LPort=57217
FirewallRules: [{E0B26E36-7877-49E8-9F9E-ABF1FE69163C}] => (Allow) LPort=57218
FirewallRules: [{DC18D752-3E1B-4D01-A49A-DE9D0C1F6874}] => (Allow) LPort=57209
FirewallRules: [{08E76581-E47D-4715-BA35-23B093530323}] => (Allow) LPort=57210
FirewallRules: [{22E983C1-F7E3-41BB-A8B4-E08C305356BF}] => (Allow) LPort=57211
FirewallRules: [{390351AB-912A-4B88-81F9-F6D16690FD2A}] => (Allow) LPort=57212
FirewallRules: [{8DCD0FA2-8755-4A8A-9EEE-F994DF751C75}] => (Allow) LPort=57213
FirewallRules: [{C27C111A-8B56-4922-A6AA-86952A9889A9}] => (Allow) LPort=57214
FirewallRules: [{A1858C2E-B951-408F-8B4F-26A673824367}] => (Allow) LPort=57215
FirewallRules: [{1BB5FF08-04B0-453C-A00E-E22A4F3884CE}] => (Allow) LPort=57216
FirewallRules: [{20FFBE33-70E6-4957-B51E-A1CB27D2E9CA}] => (Allow) LPort=57217
FirewallRules: [{F23FEAEA-E11E-410C-AF7B-5CD3F4B433FE}] => (Allow) LPort=57218
FirewallRules: [{8E0102F8-AF00-443A-A159-17285439A2D8}] => (Allow) LPort=23007
FirewallRules: [{B7EE762B-2552-4F99-9E42-0A430C88A2D6}] => (Allow) LPort=23008
FirewallRules: [{7EA24775-E94A-4331-BDB9-E3B45A6B1B7D}] => (Allow) LPort=33009
FirewallRules: [{5A8BC379-D981-4955-91C2-D2039C1C346E}] => (Allow) LPort=33010
FirewallRules: [{AEF4557D-03BC-4D53-B675-23685D880639}] => (Allow) LPort=33011
FirewallRules: [{0DE4754C-961B-4282-B60F-6A0CA48B7F6F}] => (Allow) LPort=43012
FirewallRules: [{5EA6236F-4AB9-4B36-99EC-999A58772D5C}] => (Allow) LPort=43013
FirewallRules: [{5770E6E4-5BCC-43A1-BA9A-01EC799A1727}] => (Allow) LPort=53014
FirewallRules: [{C3EE6FC0-55D3-4CE1-ABAB-09F47B4C7FB2}] => (Allow) LPort=53015
FirewallRules: [{4CEA9CCB-5E66-44C0-B84C-E7EE3AE7784F}] => (Allow) LPort=53016
FirewallRules: [{0E0CD630-FEBA-43B1-AC8F-D739E4253C61}] => (Allow) LPort=23007
FirewallRules: [{53E0798E-3AA7-4676-BE5F-ACB438060270}] => (Allow) LPort=23008
FirewallRules: [{004D7A06-ED98-40FF-B43F-912EED79DED1}] => (Allow) LPort=33009
FirewallRules: [{DBA371C2-8320-4122-951E-ED1C65EA81B2}] => (Allow) LPort=33010
FirewallRules: [{374FB90E-0684-41F0-8E7E-16768969B6D2}] => (Allow) LPort=33011
FirewallRules: [{B2217D52-00DE-440E-9A65-403BA7AB59DD}] => (Allow) LPort=43012
FirewallRules: [{6787EBBD-43AA-4A4F-8EC9-1288243A9C24}] => (Allow) LPort=43013
FirewallRules: [{478E0C37-A3A4-433C-94E3-0227BF04A484}] => (Allow) LPort=53014
FirewallRules: [{B1622E80-E642-4BB7-A6A1-86E68537F251}] => (Allow) LPort=53015
FirewallRules: [{E4BE5AAE-AE5B-443D-BCAE-0393713FAF2A}] => (Allow) LPort=53016
FirewallRules: [{CBF0F74D-F0F0-4CA7-94B6-25F88BC29B5A}] => (Allow) LPort=50053
FirewallRules: [{C7BF73CB-08C9-4B56-87ED-03EDD182CBA2}] => (Allow) LPort=50053
FirewallRules: [{728E5713-11E7-4B62-BFC9-92FAF66EF2B4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [{41F5D7DB-399C-4047-B763-8617D647B9FC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{2015AF28-0858-4BE9-90F6-845407049321}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{1233AA04-CAC7-4CA3-AD45-43670E17E0BD}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [{21E6CFF9-2085-4D99-A2C7-6157621B1A76}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{E3CF1D59-3E7C-44DC-BCFC-57DBE7250AE3}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{D374E1CE-07FD-4237-A0E2-5C75A5D50F36}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{36AD5BB8-86F5-4A7D-97A7-59E0DD3088E1}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [TCP Query User{C4114DBA-7D90-4795-8591-DF8D4F6F117A}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{F6B2790C-3849-43E6-BA62-3310DDEAAB3B}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{F638BE4A-BB58-4F1A-9B10-F0307F4328E3}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [UDP Query User{7C2A4CFC-9953-4A3A-968E-5D7B24A9A10B}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [TCP Query User{0FB52BA5-DB58-4147-9CC7-E0B751A5689D}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{11989A07-965E-4A50-BD54-12BA651ED33C}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{1E80716D-72A9-4FC9-8252-49235F28E388}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [UDP Query User{986E7C8A-1F88-4C5E-9827-CC01AF97211C}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [TCP Query User{2CF15839-4065-4E7B-B066-217C3029F5BE}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [UDP Query User{2FDBD87C-BB03-450F-B9BE-6D180DF25A53}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [TCP Query User{0B914817-86CA-44FE-9C47-5D292B53AE2C}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{558AF163-0CA1-43CB-9E29-49D48CBFD31E}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [TCP Query User{F15671D2-6EA6-40F5-81A0-3FE5F8463FAC}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [UDP Query User{46E72302-9696-4429-9B2A-1D086DF54AAF}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [TCP Query User{D2EE4EF2-C7DA-4FB2-B0C9-C2EF68974296}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [UDP Query User{F9812B30-AD1D-4867-B68C-5292558B0B94}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [{76A2B999-2665-42F1-B72E-02A4B9B51850}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{7343E570-3671-4377-9EC1-2649916FBE06}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [{117A69F5-E1EB-453B-AE19-D79D1F06D05B}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{CFAD5D93-456C-464A-9E13-940C228392AE}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [TCP Query User{CC7349C1-03CC-450A-AE70-5675C0691D6F}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [UDP Query User{56E72C81-7128-477E-8835-2DF7E8AA3355}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [{2FEDA01A-F181-464B-8AC9-563D01A2C71B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{FF456218-8788-4510-A077-099A71497D84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{321D945A-56E9-41B7-92C5-030124549075}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [{56967C4A-C830-41DA-8427-E41CDF8D3262}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [TCP Query User{A2024C70-29B1-489B-AEA1-8ADB385BF16E}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [UDP Query User{71708FB5-E1DD-462E-882A-8FFAD2EB844C}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [{8046AFC7-D311-478D-B315-DA5F6B4F2090}] => (Allow) D:\Games\ACValhallaDemo\ACValhalla_Plus.exe => Ningún archivo
FirewallRules: [TCP Query User{F8665BB9-9462-4664-8322-7C65F97DC01D}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{E1A6E68E-4875-43D1-97D3-1D6800870507}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{912FB7B4-24BF-4600-B7CA-B117B8F7EBAA}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
FirewallRules: [UDP Query User{996E2032-1F64-4D11-9843-B379687CB489}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
ZXP Installer (HKLM-x32\...\{f0a18c8f-cd7f-499e-bc51-b8ece014932c}) (Version: 1.6.226.0 - aescripts + aeplugins) Hidden

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).
  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.
  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.
  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

report

Salu2.

P.D.: Finalmente quitas de la misma forma que te he indicado en: :one: DESINSTALACIÓN PROGRAMAS quitas los siguientes:

  • ZXP Installer + Lo que sea
ZXP Installer (HKLM-x32\...\{f0a18c8f-cd7f-499e-bc51-b8ece014932c}) (Version: 1.6.226.0 - aescripts + aeplugins) Hidden

Aunque ya lo hayas hecho antes. Es probable en que ahora te aparezca de nuevo.

2 Me gusta
10

Hola Daniel,

Acabo de ejecutar todos los pasos y al parecer ya no tengo el problema de la doble tilde, espero que se haya solucionado y que ya no intenten ingresar a todas mis cuentas, Muchas gracias por eso.

Por otro lado respondiendo a tu pregunta, regularmente uso el CCleaner como antivirus y el Windows defender que siempre está activo, igual firewall el de Windows, no sé si me recomiendes algún programa que me ayude a mejorar la seguridad, puesto que el malwarebytes solo estará activo en versión de prueba 14 días.

2 Me gusta
11

Dejo por acá el reporte:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 27.01.2024 01
Ejecutado por User (29-01-2024 13:43:51) Run:1
Ejecutado desde C:\Users\User\OneDrive\Escritorio
Perfiles cargados: User
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Unlock: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
(explorer.exe ->) (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe

Folder: C:\Users\User\AppData\Local\Programs\TaskbarSystem
Folder: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation
Folder: C:\ProgramData\Ptnfd
Folder: C:\Users\User\AppData\Roaming\UbPublic
Folder: C:\Users\User\AppData\Local\LegalHelper2
Folder: C:\ProgramData\IEUpdater2
File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml;C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml;C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restricción <==== ATENCIÓN
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [utweb] => "C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Ningún archivo)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [TaskbarSystem] => C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe [911360 2022-12-08] (Cleversort FZ-LLC -> ) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (Ningún archivo) <==== ATENCIÓN
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\MountPoints2: {1fdd738f-a082-11ec-b8da-b8aeed316b41} - "H:\Setup.exe" 
GroupPolicy: Restricción - Windows Defender <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
Task: {CB9496C5-DA47-41F3-8564-639BADA10D9D} - System32\Tasks\Microsoft\OneCore\ipsecunch => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll" rtwrptyDCredefck
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CHR Notifications: Default -> hxxps://n19.biz; hxxps://onevenadvnow.com; hxxps://regadsacademy.com; hxxps://richhackers.club.hotmart.com; hxxps://se05.biz; hxxps://shotvideoair.ru; hxxps://totalcoolblog.com; hxxps://totalrecaptcha.top; hxxps://typiccor.com; hxxps://www4.elbaestes.pro; hxxps://www55.richardwashington.pro
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-02-19]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
H:\Setup.exe
C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
C:\Program Files (x86)\Lavasoft
2024-01-20 17:17 - 2024-01-21 12:01 - 000000000 ___HD C:\ProgramData\Ptnfd
2024-01-10 08:54 - 2024-01-10 09:07 - 000000000 ___HD C:\$WinREAgent
AlternateDataStreams: C:\Users\User\Datos de programa:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:$DATA​ [16]
FirewallRules: [{8BAC97CB-689A-4E0B-84BE-C95A325DF51D}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{31786635-09BF-4603-A886-BE526B152B7C}] => (Allow) D:\Games\Red Dead Redemption 2\RDR2.exe => Ningún archivo
FirewallRules: [{2A483153-384D-42CB-97D6-0CCA68C12D87}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{8191BF81-C4EF-44CD-8E05-9FDE8ED50204}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{F64D2FF7-16A5-408A-8716-1D5C3820353B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{15DE4E5E-9DFD-4251-B1AC-83370EC0EBA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe => Ningún archivo
FirewallRules: [{3AFB423D-521D-4B22-B6BB-3B9632E38983}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{C5D9FC8F-3502-439F-B595-91A6807F92AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe => Ningún archivo
FirewallRules: [{760AF113-1791-4FB6-A562-FAF8B374DDF6}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{062669A2-B842-4265-97B6-BFB5B71F4F94}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{2797F975-1583-445C-87F8-69B8070879F3}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{33A62920-33DB-4985-B735-A109B8433A64}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [TCP Query User{D02C0617-F030-4AD6-A355-64392407CD17}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [UDP Query User{DB880AB2-2914-4C78-859C-06DB166DE375}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => Ningún archivo
FirewallRules: [TCP Query User{40BFD34F-1C35-48E9-8908-EF13B682D687}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [UDP Query User{8F22AF78-E406-455D-A09C-D3428F61C6E3}D:\games\rage2\rage2.exe] => (Allow) D:\games\rage2\rage2.exe => Ningún archivo
FirewallRules: [TCP Query User{BDEAF558-D4F7-490A-8C18-E1131507B38B}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [UDP Query User{03F0825F-AF5D-4176-87F5-0CA570F04C85}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => Ningún archivo
FirewallRules: [{2F354541-9E68-4EBC-8513-027F4D74E993}] => (Allow) LPort=57209
FirewallRules: [{CCEB46A3-F1D9-48EB-8216-3056BE74E6BB}] => (Allow) LPort=57210
FirewallRules: [{B5A338AF-A5CB-418A-B844-738F363D5359}] => (Allow) LPort=57211
FirewallRules: [{FFB6775B-60AD-4CC1-869C-A4E58316C0B2}] => (Allow) LPort=57212
FirewallRules: [{5BE3223B-89BA-4BE6-91D0-5487392184D0}] => (Allow) LPort=57213
FirewallRules: [{7F6212BA-91CE-4B03-860A-A3298A52A8BB}] => (Allow) LPort=57214
FirewallRules: [{BFA9E742-1CE6-418D-81B9-6245B75F3F62}] => (Allow) LPort=57215
FirewallRules: [{6998860A-5F27-4CC3-91EF-0FFC79F605D2}] => (Allow) LPort=57216
FirewallRules: [{E96782C8-511D-466D-A7CF-7EB3F13E754C}] => (Allow) LPort=57217
FirewallRules: [{BD2E8CD9-DFBA-4CC4-B1A3-3929AEE19617}] => (Allow) LPort=57218
FirewallRules: [{F4241F83-E3D0-4966-86A5-7231C4CFD726}] => (Allow) LPort=57209
FirewallRules: [{8E2D881B-5FAD-4459-B418-CE5B39E009D1}] => (Allow) LPort=57210
FirewallRules: [{C3253F57-E97C-4684-B653-2235EC5B44E3}] => (Allow) LPort=57211
FirewallRules: [{7C32CCD7-C95E-473F-BAD5-E679FDB93A14}] => (Allow) LPort=57212
FirewallRules: [{3331FAE0-DCFB-4456-B314-B6E37C0EAF34}] => (Allow) LPort=57213
FirewallRules: [{6FD49376-819A-49BC-A579-A94E6CEBE191}] => (Allow) LPort=57214
FirewallRules: [{7912C273-0A17-4BCA-A4B4-8CD95CAB8DB3}] => (Allow) LPort=57215
FirewallRules: [{1C871826-BD5D-47CB-9234-9E3B758A1101}] => (Allow) LPort=57216
FirewallRules: [{10059EF7-91BE-44C6-B861-77EE418BF08E}] => (Allow) LPort=57217
FirewallRules: [{23A24F4A-8620-4E81-8765-59EFEC6196C2}] => (Allow) LPort=57218
FirewallRules: [{C67573FE-E442-4056-89C9-3BFAD2B6B472}] => (Allow) LPort=23007
FirewallRules: [{13C95C4A-139A-45AF-80B0-F13C68C73E14}] => (Allow) LPort=23008
FirewallRules: [{805A2B58-42EF-498B-865E-10E3DBF5585C}] => (Allow) LPort=33009
FirewallRules: [{425C6E8B-94FF-4089-9D72-B91EBA7B4685}] => (Allow) LPort=33010
FirewallRules: [{B536B66E-A792-4082-85F7-39A82D65BB3E}] => (Allow) LPort=33011
FirewallRules: [{4D016C07-892B-492D-9404-285F5CA742FB}] => (Allow) LPort=43012
FirewallRules: [{5D03FA26-EDC3-4C2C-8847-0D3E1051386E}] => (Allow) LPort=43013
FirewallRules: [{836AC180-F163-4D2B-B8B9-F03B6E3A9A62}] => (Allow) LPort=53014
FirewallRules: [{04755E86-D58B-4A47-AB3F-780B3BAD762B}] => (Allow) LPort=53015
FirewallRules: [{96701CF8-436A-4306-ABF9-20B4CA141991}] => (Allow) LPort=53016
FirewallRules: [{93E1382A-8233-478F-B1D0-28F35B747059}] => (Allow) LPort=23007
FirewallRules: [{57D28CC1-52F8-48EC-8AAE-5305FE857681}] => (Allow) LPort=23008
FirewallRules: [{CAEF3A4C-35D7-4F15-89F1-C829F308508E}] => (Allow) LPort=33009
FirewallRules: [{0AE8253D-0AE3-40A6-ADC8-210F5469EB68}] => (Allow) LPort=33010
FirewallRules: [{7F914BE1-320D-4E2C-8E8D-94F7684DEBBA}] => (Allow) LPort=33011
FirewallRules: [{05B4CE86-9DE6-48C9-AAEA-1705C5FE8A77}] => (Allow) LPort=43012
FirewallRules: [{18EF3BA8-8C4E-41AB-9348-DEB075FDA8B9}] => (Allow) LPort=43013
FirewallRules: [{9F55609F-F145-42F8-A889-1BADFF2028D1}] => (Allow) LPort=53014
FirewallRules: [{97CFF60B-C039-4021-9F57-26780F0C74F2}] => (Allow) LPort=53015
FirewallRules: [{9C9ABB0E-5815-4510-A390-3C47E24C5FB1}] => (Allow) LPort=53016
FirewallRules: [{C1384698-57CD-4C34-BA02-DFED51C585D5}] => (Allow) LPort=50053
FirewallRules: [{7296B120-9C67-4F56-8654-D6BA7DBBF873}] => (Allow) LPort=50053
FirewallRules: [{7826D0C7-3BD3-4645-AFED-F57B2EA73D67}] => (Allow) LPort=57209
FirewallRules: [{B6B14D00-0554-4FCC-9655-6E3C3CE0E989}] => (Allow) LPort=57210
FirewallRules: [{96396BAB-B7DE-49E9-AE81-644E26FFA126}] => (Allow) LPort=57211
FirewallRules: [{8FDEAF59-FCE9-4CB1-AD5C-E85537E586B5}] => (Allow) LPort=57212
FirewallRules: [{F3FDFEE0-E14A-43C6-8815-5A316D4C63F7}] => (Allow) LPort=57213
FirewallRules: [{EE0F67CC-2D3E-4AD4-9A46-9EAFC8697C4A}] => (Allow) LPort=57214
FirewallRules: [{035621C0-FD49-4176-9A5A-2F8751F74834}] => (Allow) LPort=57215
FirewallRules: [{C1577EBF-62FC-485C-8701-691920FCBFD9}] => (Allow) LPort=57216
FirewallRules: [{8045DF09-745A-4720-B3C7-C647883FA419}] => (Allow) LPort=57217
FirewallRules: [{E0B26E36-7877-49E8-9F9E-ABF1FE69163C}] => (Allow) LPort=57218
FirewallRules: [{DC18D752-3E1B-4D01-A49A-DE9D0C1F6874}] => (Allow) LPort=57209
FirewallRules: [{08E76581-E47D-4715-BA35-23B093530323}] => (Allow) LPort=57210
FirewallRules: [{22E983C1-F7E3-41BB-A8B4-E08C305356BF}] => (Allow) LPort=57211
FirewallRules: [{390351AB-912A-4B88-81F9-F6D16690FD2A}] => (Allow) LPort=57212
FirewallRules: [{8DCD0FA2-8755-4A8A-9EEE-F994DF751C75}] => (Allow) LPort=57213
FirewallRules: [{C27C111A-8B56-4922-A6AA-86952A9889A9}] => (Allow) LPort=57214
FirewallRules: [{A1858C2E-B951-408F-8B4F-26A673824367}] => (Allow) LPort=57215
FirewallRules: [{1BB5FF08-04B0-453C-A00E-E22A4F3884CE}] => (Allow) LPort=57216
FirewallRules: [{20FFBE33-70E6-4957-B51E-A1CB27D2E9CA}] => (Allow) LPort=57217
FirewallRules: [{F23FEAEA-E11E-410C-AF7B-5CD3F4B433FE}] => (Allow) LPort=57218
FirewallRules: [{8E0102F8-AF00-443A-A159-17285439A2D8}] => (Allow) LPort=23007
FirewallRules: [{B7EE762B-2552-4F99-9E42-0A430C88A2D6}] => (Allow) LPort=23008
FirewallRules: [{7EA24775-E94A-4331-BDB9-E3B45A6B1B7D}] => (Allow) LPort=33009
FirewallRules: [{5A8BC379-D981-4955-91C2-D2039C1C346E}] => (Allow) LPort=33010
FirewallRules: [{AEF4557D-03BC-4D53-B675-23685D880639}] => (Allow) LPort=33011
FirewallRules: [{0DE4754C-961B-4282-B60F-6A0CA48B7F6F}] => (Allow) LPort=43012
FirewallRules: [{5EA6236F-4AB9-4B36-99EC-999A58772D5C}] => (Allow) LPort=43013
FirewallRules: [{5770E6E4-5BCC-43A1-BA9A-01EC799A1727}] => (Allow) LPort=53014
FirewallRules: [{C3EE6FC0-55D3-4CE1-ABAB-09F47B4C7FB2}] => (Allow) LPort=53015
FirewallRules: [{4CEA9CCB-5E66-44C0-B84C-E7EE3AE7784F}] => (Allow) LPort=53016
FirewallRules: [{0E0CD630-FEBA-43B1-AC8F-D739E4253C61}] => (Allow) LPort=23007
FirewallRules: [{53E0798E-3AA7-4676-BE5F-ACB438060270}] => (Allow) LPort=23008
FirewallRules: [{004D7A06-ED98-40FF-B43F-912EED79DED1}] => (Allow) LPort=33009
FirewallRules: [{DBA371C2-8320-4122-951E-ED1C65EA81B2}] => (Allow) LPort=33010
FirewallRules: [{374FB90E-0684-41F0-8E7E-16768969B6D2}] => (Allow) LPort=33011
FirewallRules: [{B2217D52-00DE-440E-9A65-403BA7AB59DD}] => (Allow) LPort=43012
FirewallRules: [{6787EBBD-43AA-4A4F-8EC9-1288243A9C24}] => (Allow) LPort=43013
FirewallRules: [{478E0C37-A3A4-433C-94E3-0227BF04A484}] => (Allow) LPort=53014
FirewallRules: [{B1622E80-E642-4BB7-A6A1-86E68537F251}] => (Allow) LPort=53015
FirewallRules: [{E4BE5AAE-AE5B-443D-BCAE-0393713FAF2A}] => (Allow) LPort=53016
FirewallRules: [{CBF0F74D-F0F0-4CA7-94B6-25F88BC29B5A}] => (Allow) LPort=50053
FirewallRules: [{C7BF73CB-08C9-4B56-87ED-03EDD182CBA2}] => (Allow) LPort=50053
FirewallRules: [{728E5713-11E7-4B62-BFC9-92FAF66EF2B4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [{41F5D7DB-399C-4047-B763-8617D647B9FC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{2015AF28-0858-4BE9-90F6-845407049321}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{1233AA04-CAC7-4CA3-AD45-43670E17E0BD}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [{21E6CFF9-2085-4D99-A2C7-6157621B1A76}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{E3CF1D59-3E7C-44DC-BCFC-57DBE7250AE3}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe => Ningún archivo
FirewallRules: [{D374E1CE-07FD-4237-A0E2-5C75A5D50F36}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [{36AD5BB8-86F5-4A7D-97A7-59E0DD3088E1}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe => Ningún archivo
FirewallRules: [TCP Query User{C4114DBA-7D90-4795-8591-DF8D4F6F117A}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{F6B2790C-3849-43E6-BA62-3310DDEAAB3B}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe] => (Allow) C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{F638BE4A-BB58-4F1A-9B10-F0307F4328E3}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [UDP Query User{7C2A4CFC-9953-4A3A-968E-5D7B24A9A10B}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe => Ningún archivo
FirewallRules: [TCP Query User{0FB52BA5-DB58-4147-9CC7-E0B751A5689D}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{11989A07-965E-4A50-BD54-12BA651ED33C}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{1E80716D-72A9-4FC9-8252-49235F28E388}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [UDP Query User{986E7C8A-1F88-4C5E-9827-CC01AF97211C}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe => Ningún archivo
FirewallRules: [TCP Query User{2CF15839-4065-4E7B-B066-217C3029F5BE}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [UDP Query User{2FDBD87C-BB03-450F-B9BE-6D180DF25A53}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe] => (Allow) C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe => Ningún archivo
FirewallRules: [TCP Query User{0B914817-86CA-44FE-9C47-5D292B53AE2C}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{558AF163-0CA1-43CB-9E29-49D48CBFD31E}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe => Ningún archivo
FirewallRules: [TCP Query User{F15671D2-6EA6-40F5-81A0-3FE5F8463FAC}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [UDP Query User{46E72302-9696-4429-9B2A-1D086DF54AAF}D:\games\destiny2\destiny2.exe] => (Allow) D:\games\destiny2\destiny2.exe => Ningún archivo
FirewallRules: [TCP Query User{D2EE4EF2-C7DA-4FB2-B0C9-C2EF68974296}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [UDP Query User{F9812B30-AD1D-4867-B68C-5292558B0B94}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe] => (Allow) C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe => Ningún archivo
FirewallRules: [{76A2B999-2665-42F1-B72E-02A4B9B51850}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{7343E570-3671-4377-9EC1-2649916FBE06}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [{117A69F5-E1EB-453B-AE19-D79D1F06D05B}] => (Allow) D:\Games\FarCry5Trial\bin\FarCry5.exe => Ningún archivo
FirewallRules: [{CFAD5D93-456C-464A-9E13-940C228392AE}] => (Allow) D:\Games\FarCry5Trial\bin\ArcadeEditor64.exe => Ningún archivo
FirewallRules: [TCP Query User{CC7349C1-03CC-450A-AE70-5675C0691D6F}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [UDP Query User{56E72C81-7128-477E-8835-2DF7E8AA3355}D:\games\farcry5trial\bin_plus\farcry5.exe] => (Allow) D:\games\farcry5trial\bin_plus\farcry5.exe => Ningún archivo
FirewallRules: [{2FEDA01A-F181-464B-8AC9-563D01A2C71B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{FF456218-8788-4510-A077-099A71497D84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Ningún archivo
FirewallRules: [{321D945A-56E9-41B7-92C5-030124549075}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [{56967C4A-C830-41DA-8427-E41CDF8D3262}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Ningún archivo
FirewallRules: [TCP Query User{A2024C70-29B1-489B-AEA1-8ADB385BF16E}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [UDP Query User{71708FB5-E1DD-462E-882A-8FFAD2EB844C}D:\games\smite\binaries\win64\smite.exe] => (Allow) D:\games\smite\binaries\win64\smite.exe => Ningún archivo
FirewallRules: [{8046AFC7-D311-478D-B315-DA5F6B4F2090}] => (Allow) D:\Games\ACValhallaDemo\ACValhalla_Plus.exe => Ningún archivo
FirewallRules: [TCP Query User{F8665BB9-9462-4664-8322-7C65F97DC01D}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [UDP Query User{E1A6E68E-4875-43D1-97D3-1D6800870507}D:\games\fallguys\fallguys_client_game.exe] => (Allow) D:\games\fallguys\fallguys_client_game.exe => Ningún archivo
FirewallRules: [TCP Query User{912FB7B4-24BF-4600-B7CA-B117B8F7EBAA}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
FirewallRules: [UDP Query User{996E2032-1F64-4D11-9843-B379687CB489}D:\games\survivingtheaftermath\aftermath64.exe] => (Allow) D:\games\survivingtheaftermath\aftermath64.exe => Ningún archivo
ZXP Installer (HKLM-x32\...\{f0a18c8f-cd7f-499e-bc51-b8ece014932c}) (Version: 1.6.226.0 - aescripts + aeplugins) Hidden

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.
"C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll" => fue desbloqueado
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe => No se encontró ningún proceso en ejecución

========================= Folder: C:\Users\User\AppData\Local\Programs\TaskbarSystem ========================

2023-02-04 13:44 - 2018-01-10 15:34 - 000024064 ____A [35CBDBE6987B9951D3467DDA2F318F3C] (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [Archivo no firmado] C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll
2023-02-04 13:44 - 2022-06-29 13:13 - 000131072 ____A [304E0F414C764D7A5C2647D721646E13] (Countly) [Archivo no firmado] C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll
2023-02-04 13:44 - 2022-12-08 14:55 - 000059904 ____A [F2F7D97BBF5910F3FAC8227B4B8E60E3] (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\Gh.Common.dll
2023-02-04 13:44 - 2018-03-24 19:44 - 000475136 ____A [83222120C8095B8623FE827FB70FAF6B] (Newtonsoft) [Archivo no firmado] C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll
2023-02-04 13:44 - 2022-12-08 14:55 - 007280128 ____A [4C4F58F530769D2EFF7DA49AE830ECC8] (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\sdk.dll
2023-02-04 13:44 - 2018-05-11 11:52 - 000074240 ____A [C1A31AB7394444FD8AA2E8FE3C7C5094] (Sentry) [Archivo no firmado] C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
2023-02-04 13:44 - 2012-04-14 23:35 - 000387408 ____A [F5EE17938D7C545BF62AD955803661C7] (Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Programs\TaskbarSystem\System.Threading.dll
2023-02-04 13:44 - 2022-12-08 14:55 - 000911360 ____A [2F9EC20235EA0DCDB950E877D8DD7694] (Cleversort FZ-LLC -> ) C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe

====== Final de Folder: ======


========================= Folder: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation ========================

2021-05-30 02:50 - 2020-10-06 21:16 - 010341447 ____A [44EF761ED1C20FF5B63A6968ED1D16C9] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log
2021-05-30 02:50 - 2020-10-06 21:16 - 004917576 ____A [F1C1DB2A9846DCB3D5648BDB133CB831] (Spotify AB -> Microsoft Corporation) C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll
2021-05-30 02:50 - 2020-10-06 21:16 - 068943872 ____A [0AFB639CDD7A7646F9FC6B5575C7E555] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs
2021-05-30 02:50 - 2020-10-06 21:16 - 000002120 ____A [AC3B64C0DC9AC46003D382EBC28EB03F] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm
2021-05-30 02:50 - 2020-10-06 21:16 - 006291456 ____A [DA50593055C458693D75E9B3693951B6] () [Archivo no firmado] C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll
2021-05-30 02:50 - 2020-10-06 21:16 - 006168650 ____A [6FC584BD451C4F61C946C82CA079AF47] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log
2021-05-30 02:50 - 2020-10-06 21:16 - 002158863 ____A [AA61EB0DFA7D400B5C657E492AC0CA06] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub
2021-05-30 02:50 - 2020-10-06 21:16 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl
2021-05-30 02:50 - 2020-10-06 21:16 - 017976480 ____A [AA03052D79DA9A43E12944FF744F8183] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml
2021-05-30 02:50 - 2020-10-06 21:16 - 003770272 ____A [C61F52005A8F1B8D20DD34D31EDDA77A] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml
2021-05-30 02:50 - 2020-10-06 21:16 - 000153600 ____A [125FB211DCF38DB400C90D71ED674FB1] () [Archivo no firmado] C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
2021-05-30 02:50 - 2020-10-06 21:16 - 012550144 ____A [6D342B5F7A0CD378F5EAE0B4B6337DBD] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db
2021-05-30 02:50 - 2020-10-06 21:16 - 008458853 ____A [C354F8A41A287E2C602BD22E360696F8] () C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa

====== Final de Folder: ======


========================= Folder: C:\ProgramData\Ptnfd ========================


====== Final de Folder: ======


========================= Folder: C:\Users\User\AppData\Roaming\UbPublic ========================


====== Final de Folder: ======


========================= Folder: C:\Users\User\AppData\Local\LegalHelper2 ========================


====== Final de Folder: ======


========================= Folder: C:\ProgramData\IEUpdater2 ========================


====== Final de Folder: ======


========================= File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml;C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml ========================

C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
El archivo está firmado digitalmente
MD5: 2F9EC20235EA0DCDB950E877D8DD7694
Fecha de creación y modificación: 2023-02-04 13:44 - 2022-12-08 14:55
Tamaño: 000911360
Atributos: ----A
Nombre de la compañía: Cleversort FZ-LLC -> 
Interno Nombre: TaskbarSystem.exe
Original Nombre: TaskbarSystem.exe
Producto: Taskbar system
Descripción: Taskbar system
Archivo Versión: 1.0.6.2
Producto Versión: 1.0.6.2
Copyright: Copyright © 2022 Taskbar system
VirusTotal: 0

C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll
Archivo no firmado
MD5: 125FB211DCF38DB400C90D71ED674FB1
Fecha de creación y modificación: 2021-05-30 02:50 - 2020-10-06 21:16
Tamaño: 000153600
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: Sqvtxm3WebzAbrestr.dll
Original Nombre: Sqvtxm3WebzAbrestr.dll
Producto: 
Descripción:  
Archivo Versión: 0.0.0.0
Producto Versión: 0.0.0.0
Copyright:  
VirusTotal: 0

C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml
Archivo no firmado
MD5: B03711444D1E11D66E39FA03B5DD2072
Fecha de creación y modificación: 2021-03-25 17:54 - 2021-03-25 22:38
Tamaño: 000037925
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0

C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
Archivo no firmado
MD5: E1B011B7FA92E520F745A4E3AFDA8877
Fecha de creación y modificación: 2021-03-25 22:18 - 2021-03-25 22:18
Tamaño: 000006096
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0

====== Final de File: ======


========================= File: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll;C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll ========================

C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll
Archivo no firmado
MD5: 304E0F414C764D7A5C2647D721646E13
Fecha de creación y modificación: 2023-02-04 13:44 - 2022-06-29 13:13
Tamaño: 000131072
Atributos: ----A
Nombre de la compañía: Countly
Interno Nombre: Countly.dll
Original Nombre: Countly.dll
Producto: Countly SDK
Descripción: Countly SDK
Archivo Versión: 21.11.2.0
Producto Versión: 21.11.2.0
Copyright: Copyright © Countly 2022
VirusTotal: 0

C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll
Archivo no firmado
MD5: 35CBDBE6987B9951D3467DDA2F318F3C
Fecha de creación y modificación: 2023-02-04 13:44 - 2018-01-10 15:34
Tamaño: 000024064
Atributos: ----A
Nombre de la compañía: Daniel Grunwald, Omer Mor, Alex Davies, jnm2
Interno Nombre: AsyncBridge.Net35.dll
Original Nombre: AsyncBridge.Net35.dll
Producto: AsyncBridge.Net35
Descripción: C# 5 async/await support for .NET Framework pre-4.5
Archivo Versión: 0.3.1.0
Producto Versión: 0.3.1
Copyright: Copyright © 2012–2018 Daniel Grunwald, Omer Mor, Alex Davies, Joseph Musser
VirusTotal: 0

C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll
Archivo no firmado
MD5: 83222120C8095B8623FE827FB70FAF6B
Fecha de creación y modificación: 2023-02-04 13:44 - 2018-03-24 19:44
Tamaño: 000475136
Atributos: ----A
Nombre de la compañía: Newtonsoft
Interno Nombre: Newtonsoft.Json.dll
Original Nombre: Newtonsoft.Json.dll
Producto: Json.NET
Descripción: Json.NET .NET 3.5
Archivo Versión: 11.0.2.21924
Producto Versión: 11.0.2
Copyright: Copyright © James Newton-King 2008
VirusTotal: 0

C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
Archivo no firmado
MD5: C1A31AB7394444FD8AA2E8FE3C7C5094
Fecha de creación y modificación: 2023-02-04 13:44 - 2018-05-11 11:52
Tamaño: 000074240
Atributos: ----A
Nombre de la compañía: Sentry
Interno Nombre: SharpRaven.dll
Original Nombre: SharpRaven.dll
Producto: SharpRaven
Descripción: SharpRaven
Archivo Versión: 2.4.0.0
Producto Versión: 2.4.0+Branch.develop.Sha.0b5adbad693b18323886c26bedd51d321902d693
Copyright: Copyright � Sentry
VirusTotal: 0

====== Final de File: ======

VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe => 0
VirusTotal: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll => 0
VirusTotal: C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml => 0
VirusTotal: C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml => 0
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll => 0
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll => 0
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll => 0
VirusTotal: C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll => 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => eliminado correctamente
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => eliminado correctamente
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => eliminado correctamente
"HKLM\Software\Policies\Microsoft\Windows\System\\EnableSmartScreen" => eliminado correctamente
"HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => eliminado correctamente
"HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TaskbarSystem" => eliminado correctamente
"HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => eliminado correctamente
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fdd738f-a082-11ec-b8da-b8aeed316b41} => eliminado correctamente

"C:\WINDOWS\system32\GroupPolicy\Machine" carpeta mover:

C:\WINDOWS\system32\GroupPolicy\Machine => movido correctamente
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido correctamente
C:\ProgramData\NTUSER.pol => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB9496C5-DA47-41F3-8564-639BADA10D9D}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9496C5-DA47-41F3-8564-639BADA10D9D}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\Microsoft\OneCore\ipsecunch => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\OneCore\ipsecunch" => eliminado correctamente
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => movido correctamente
"Chrome Notifications" => eliminado correctamente
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-02-19] => Error: Ninguna corrección automática encontrada para esta entrada.
HKLM\System\CurrentControlSet\Services\rsDwf => eliminado correctamente
rsDwf => servicio eliminado correctamente
"C:\Users\User\AppData\Roaming\uTorrent Web\utweb.exe" => no encontrado
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe => movido correctamente
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" => no encontrado
"H:\Setup.exe" => no encontrado
C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll => movido correctamente
"C:\Program Files (x86)\Lavasoft" => no encontrado

"C:\ProgramData\Ptnfd" carpeta mover:

C:\ProgramData\Ptnfd => movido correctamente

"C:\$WinREAgent" carpeta mover:

C:\$WinREAgent => movido correctamente
C:\Users\User\Datos de programa => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS eliminado correctamente
"C:\Users\User\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS no encontrado.
C:\Users\User\AppData\Local\Temp => ":$DATA​" ADS eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BAC97CB-689A-4E0B-84BE-C95A325DF51D}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31786635-09BF-4603-A886-BE526B152B7C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A483153-384D-42CB-97D6-0CCA68C12D87}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8191BF81-C4EF-44CD-8E05-9FDE8ED50204}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F64D2FF7-16A5-408A-8716-1D5C3820353B}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15DE4E5E-9DFD-4251-B1AC-83370EC0EBA9}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AFB423D-521D-4B22-B6BB-3B9632E38983}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5D9FC8F-3502-439F-B595-91A6807F92AE}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{760AF113-1791-4FB6-A562-FAF8B374DDF6}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{062669A2-B842-4265-97B6-BFB5B71F4F94}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2797F975-1583-445C-87F8-69B8070879F3}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A62920-33DB-4985-B735-A109B8433A64}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D02C0617-F030-4AD6-A355-64392407CD17}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DB880AB2-2914-4C78-859C-06DB166DE375}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{40BFD34F-1C35-48E9-8908-EF13B682D687}D:\games\rage2\rage2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8F22AF78-E406-455D-A09C-D3428F61C6E3}D:\games\rage2\rage2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDEAF558-D4F7-490A-8C18-E1131507B38B}D:\games\call of duty modern warfare\modernwarfare.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{03F0825F-AF5D-4176-87F5-0CA570F04C85}D:\games\call of duty modern warfare\modernwarfare.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F354541-9E68-4EBC-8513-027F4D74E993}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCEB46A3-F1D9-48EB-8216-3056BE74E6BB}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5A338AF-A5CB-418A-B844-738F363D5359}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFB6775B-60AD-4CC1-869C-A4E58316C0B2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BE3223B-89BA-4BE6-91D0-5487392184D0}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F6212BA-91CE-4B03-860A-A3298A52A8BB}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFA9E742-1CE6-418D-81B9-6245B75F3F62}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6998860A-5F27-4CC3-91EF-0FFC79F605D2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E96782C8-511D-466D-A7CF-7EB3F13E754C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD2E8CD9-DFBA-4CC4-B1A3-3929AEE19617}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4241F83-E3D0-4966-86A5-7231C4CFD726}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E2D881B-5FAD-4459-B418-CE5B39E009D1}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3253F57-E97C-4684-B653-2235EC5B44E3}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C32CCD7-C95E-473F-BAD5-E679FDB93A14}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3331FAE0-DCFB-4456-B314-B6E37C0EAF34}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FD49376-819A-49BC-A579-A94E6CEBE191}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7912C273-0A17-4BCA-A4B4-8CD95CAB8DB3}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C871826-BD5D-47CB-9234-9E3B758A1101}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10059EF7-91BE-44C6-B861-77EE418BF08E}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23A24F4A-8620-4E81-8765-59EFEC6196C2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C67573FE-E442-4056-89C9-3BFAD2B6B472}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13C95C4A-139A-45AF-80B0-F13C68C73E14}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{805A2B58-42EF-498B-865E-10E3DBF5585C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{425C6E8B-94FF-4089-9D72-B91EBA7B4685}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B536B66E-A792-4082-85F7-39A82D65BB3E}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D016C07-892B-492D-9404-285F5CA742FB}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D03FA26-EDC3-4C2C-8847-0D3E1051386E}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{836AC180-F163-4D2B-B8B9-F03B6E3A9A62}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04755E86-D58B-4A47-AB3F-780B3BAD762B}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96701CF8-436A-4306-ABF9-20B4CA141991}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93E1382A-8233-478F-B1D0-28F35B747059}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57D28CC1-52F8-48EC-8AAE-5305FE857681}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAEF3A4C-35D7-4F15-89F1-C829F308508E}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AE8253D-0AE3-40A6-ADC8-210F5469EB68}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F914BE1-320D-4E2C-8E8D-94F7684DEBBA}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05B4CE86-9DE6-48C9-AAEA-1705C5FE8A77}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18EF3BA8-8C4E-41AB-9348-DEB075FDA8B9}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F55609F-F145-42F8-A889-1BADFF2028D1}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97CFF60B-C039-4021-9F57-26780F0C74F2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C9ABB0E-5815-4510-A390-3C47E24C5FB1}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1384698-57CD-4C34-BA02-DFED51C585D5}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7296B120-9C67-4F56-8654-D6BA7DBBF873}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7826D0C7-3BD3-4645-AFED-F57B2EA73D67}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6B14D00-0554-4FCC-9655-6E3C3CE0E989}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96396BAB-B7DE-49E9-AE81-644E26FFA126}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FDEAF59-FCE9-4CB1-AD5C-E85537E586B5}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3FDFEE0-E14A-43C6-8815-5A316D4C63F7}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE0F67CC-2D3E-4AD4-9A46-9EAFC8697C4A}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{035621C0-FD49-4176-9A5A-2F8751F74834}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1577EBF-62FC-485C-8701-691920FCBFD9}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8045DF09-745A-4720-B3C7-C647883FA419}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0B26E36-7877-49E8-9F9E-ABF1FE69163C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC18D752-3E1B-4D01-A49A-DE9D0C1F6874}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08E76581-E47D-4715-BA35-23B093530323}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22E983C1-F7E3-41BB-A8B4-E08C305356BF}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{390351AB-912A-4B88-81F9-F6D16690FD2A}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DCD0FA2-8755-4A8A-9EEE-F994DF751C75}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C27C111A-8B56-4922-A6AA-86952A9889A9}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1858C2E-B951-408F-8B4F-26A673824367}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BB5FF08-04B0-453C-A00E-E22A4F3884CE}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20FFBE33-70E6-4957-B51E-A1CB27D2E9CA}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F23FEAEA-E11E-410C-AF7B-5CD3F4B433FE}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E0102F8-AF00-443A-A159-17285439A2D8}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7EE762B-2552-4F99-9E42-0A430C88A2D6}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EA24775-E94A-4331-BDB9-E3B45A6B1B7D}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A8BC379-D981-4955-91C2-D2039C1C346E}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEF4557D-03BC-4D53-B675-23685D880639}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE4754C-961B-4282-B60F-6A0CA48B7F6F}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EA6236F-4AB9-4B36-99EC-999A58772D5C}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5770E6E4-5BCC-43A1-BA9A-01EC799A1727}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3EE6FC0-55D3-4CE1-ABAB-09F47B4C7FB2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CEA9CCB-5E66-44C0-B84C-E7EE3AE7784F}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E0CD630-FEBA-43B1-AC8F-D739E4253C61}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53E0798E-3AA7-4676-BE5F-ACB438060270}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{004D7A06-ED98-40FF-B43F-912EED79DED1}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBA371C2-8320-4122-951E-ED1C65EA81B2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{374FB90E-0684-41F0-8E7E-16768969B6D2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2217D52-00DE-440E-9A65-403BA7AB59DD}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6787EBBD-43AA-4A4F-8EC9-1288243A9C24}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{478E0C37-A3A4-433C-94E3-0227BF04A484}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1622E80-E642-4BB7-A6A1-86E68537F251}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4BE5AAE-AE5B-443D-BCAE-0393713FAF2A}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBF0F74D-F0F0-4CA7-94B6-25F88BC29B5A}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7BF73CB-08C9-4B56-87ED-03EDD182CBA2}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{728E5713-11E7-4B62-BFC9-92FAF66EF2B4}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41F5D7DB-399C-4047-B763-8617D647B9FC}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2015AF28-0858-4BE9-90F6-845407049321}C:\program files\epic games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1233AA04-CAC7-4CA3-AD45-43670E17E0BD}C:\program files\epic games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21E6CFF9-2085-4D99-A2C7-6157621B1A76}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3CF1D59-3E7C-44DC-BCFC-57DBE7250AE3}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D374E1CE-07FD-4237-A0E2-5C75A5D50F36}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36AD5BB8-86F5-4A7D-97A7-59E0DD3088E1}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4114DBA-7D90-4795-8591-DF8D4F6F117A}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6B2790C-3849-43E6-BA62-3310DDEAAB3B}C:\program files\epic games\rumbleverse\rumbleverse\binaries\win64\rumbleverseclient-win64-shipping.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F638BE4A-BB58-4F1A-9B10-F0307F4328E3}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C2A4CFC-9953-4A3A-968E-5D7B24A9A10B}C:\program files\epic games\pubgbhx8r\tslgame\binaries\win64\tslgame.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0FB52BA5-DB58-4147-9CC7-E0B751A5689D}C:\program files\epic games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{11989A07-965E-4A50-BD54-12BA651ED33C}C:\program files\epic games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1E80716D-72A9-4FC9-8252-49235F28E388}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{986E7C8A-1F88-4C5E-9827-CC01AF97211C}D:\games\left 4 dead 2\left 4 dead 2\left4dead2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2CF15839-4065-4E7B-B066-217C3029F5BE}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FDBD87C-BB03-450F-B9BE-6D180DF25A53}C:\program files\epic games\dishonoredde\binaries\win64\dishonored.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B914817-86CA-44FE-9C47-5D292B53AE2C}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{558AF163-0CA1-43CB-9E29-49D48CBFD31E}C:\users\user\appdata\local\discord\app-1.0.9008\discord.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F15671D2-6EA6-40F5-81A0-3FE5F8463FAC}D:\games\destiny2\destiny2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{46E72302-9696-4429-9B2A-1D086DF54AAF}D:\games\destiny2\destiny2.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D2EE4EF2-C7DA-4FB2-B0C9-C2EF68974296}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F9812B30-AD1D-4867-B68C-5292558B0B94}C:\users\user\downloads\office 2013-2019 c2r install v6.5.9\office 2013-2019 c2r install v6.5.9\files\bin\kmss.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76A2B999-2665-42F1-B72E-02A4B9B51850}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7343E570-3671-4377-9EC1-2649916FBE06}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{117A69F5-E1EB-453B-AE19-D79D1F06D05B}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFAD5D93-456C-464A-9E13-940C228392AE}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CC7349C1-03CC-450A-AE70-5675C0691D6F}D:\games\farcry5trial\bin_plus\farcry5.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{56E72C81-7128-477E-8835-2DF7E8AA3355}D:\games\farcry5trial\bin_plus\farcry5.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FEDA01A-F181-464B-8AC9-563D01A2C71B}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF456218-8788-4510-A077-099A71497D84}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{321D945A-56E9-41B7-92C5-030124549075}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56967C4A-C830-41DA-8427-E41CDF8D3262}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A2024C70-29B1-489B-AEA1-8ADB385BF16E}D:\games\smite\binaries\win64\smite.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71708FB5-E1DD-462E-882A-8FFAD2EB844C}D:\games\smite\binaries\win64\smite.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8046AFC7-D311-478D-B315-DA5F6B4F2090}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F8665BB9-9462-4664-8322-7C65F97DC01D}D:\games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E1A6E68E-4875-43D1-97D3-1D6800870507}D:\games\fallguys\fallguys_client_game.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{912FB7B4-24BF-4600-B7CA-B117B8F7EBAA}D:\games\survivingtheaftermath\aftermath64.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{996E2032-1F64-4D11-9843-B379687CB489}D:\games\survivingtheaftermath\aftermath64.exe" => eliminado correctamente
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f0a18c8f-cd7f-499e-bc51-b8ece014932c}" => no encontrado

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::8049:720:c2b:ec6%12
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.3
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.



========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar



========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar



========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.

De nuevo muchas muchas gracias por la ayuda con mi PC, un abrazo.

2 Me gusta
12 
========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12694929 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 672457868 B
Windows/system/drivers => 25510160 B
Edge => 0 B
Chrome => 60053939 B
Firefox => 19951725 B
Opera => 18136503 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2986178 B
systemprofile32 => 2986557 B
LocalService => 3031323 B
NetworkService => 116872843 B
User => 203764483 B

RecycleBin => 66759121 B
EmptyTemp: => 1.1 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 13:48:37 ====

Final del reporte

1 me gusta
13

Hola @Yaniv_Goldstein

Aun hay que continuar para asegurarnos que no queden rastros que puedan restablecer el problema.

Realiza lo siguiente

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

:one: Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:warning: Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).
  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.
  3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.
  4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Saludos

1 me gusta
14

Perfecto, estos son los últimos reportes:

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 27.01.2024 01
Ejecutado por User (administrador) sobre DESKTOP-BC0EK2J (ECS H81H3-M4) (30-01-2024 09:53:00)
Ejecutado desde C:\Users\User\OneDrive\Escritorio\FRST64.exe
Perfiles cargados: User
Plataforma: Microsoft Windows 10 Pro Versión 22H2 19045.3930 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Edge
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe <7>
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [Archivo no firmado] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Games\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atieclxx.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0380462.inf_amd64_98be862657f36791\B378995\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [EpicGamesLauncher] => D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37277648 2024-01-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788224 2024-01-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44540320 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [30487880 2024-01-20] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70920704 2024-01-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2591296 2024-01-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.37.0\GoogleDriveFS.exe [58857760 2024-01-24] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\121.0.6167.86\Installer\chrmstp.exe [2024-01-29] (Google LLC -> Google LLC)

==================== Tareas programadas (Lista blanca) =================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {787B5CB3-4B3C-4F2F-BAB6-2094B3AF67C4} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1707056 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {804349CE-FC32-4A1D-BFFC-A520FD0CD561} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {566556CC-0978-49AC-A0F7-B2D70CFA451D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F33742D0-3874-4483-9ABA-61B3CAC6C4C4} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "ae185ab3-422e-441b-ba51-ce46bffacfa1" --version "6.20.10897" --silent
Task: {4F2253BE-D04F-42E0-9BA2-10768915E1E9} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [38319520 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9FC3EDD8-5E96-42A5-A6DB-E1576FAB332E} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-12-01] (CyberLink Corp. -> )
Task: {8CEDF641-137A-4AB6-8202-3134DF0E030A} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-12-01] (CyberLink Corp. -> )
Task: {542E3734-D79A-4C40-81B9-46C1A7DE3FC3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-01-24] (ESET, spol. s r.o. -> ESET)
Task: {60352E6D-A0AC-4FCD-9F90-6F8CE36EA2D1} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-01-24] (ESET, spol. s r.o. -> ESET)
Task: {01D7DE65-3C1F-4458-8D35-147AC0E0E931} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-27] (Google LLC -> Google LLC)
Task: {F17C6C02-A0C3-4A49-B6B2-0D0B8B7DC622} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-27] (Google LLC -> Google LLC)
Task: {9BCCACEB-6665-41B1-928D-F5174380B336} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB4EE7B5-99B6-4CC1-B483-E9A1D058697F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3662C54B-1C50-4BBB-BE45-8D543ECD9972} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {792CD04E-9825-44CE-B788-0124EF21A7BE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAC6A874-6D47-44EA-BE6B-F98510E07AD3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {16670A37-C2FB-43D1-AC96-F42EFDF5B143} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [662432 2023-05-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F5D51F10-DC72-45A5-9CF2-D794B311E9C6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [713120 2023-05-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {56D9A966-EB89-49D0-A2FC-D73520018928} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {79E4E449-7126-45F8-B11E-2D6EE20D3C87} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1889977516-2818661329-1748021256-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DE1235C-3E78-4021-A7EE-8ED708EA16C1} - System32\Tasks\Opera scheduled Autoupdate 1638252513 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2350496 2024-01-25] (Opera Norway AS -> Opera Software)
Task: {2B5B0355-3D87-469D-9240-82FEEF711804} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55856 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E0004E4A-947D-40C4-A9CE-44DF295DC326} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c06a78d7-9339-4710-abd8-9447d3e1ad4f}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-30]
Edge Extension: (ColorZilla) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-09-13]
Edge Extension: (Meta Pixel Helper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-01-29]
Edge Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-20]
Edge Extension: (Corrector ortográfico y gramatical y parafraseador de textos — LanguageTool) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hfjadhjooeceemgojogkhlppanjkbobc [2024-01-09]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: ([DEPRECATED] Tag Assistant Legacy) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2023-10-16]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-01-30]
Edge Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-24]
Edge Extension: (The Elder Scrolls V: Skyrim 10th Anniversary) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\icahgcdchandbkbhminlkmeljdoflpoi [2023-01-30]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: q0x8zfph.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\q0x8zfph.default [2024-01-29]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7hnuoy5i.default-release [2024-01-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-27] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2024-01-29]
CHR Extension: (ColorZilla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2023-11-17]
CHR Extension: (Meta Pixel Helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2023-11-17]
CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2023-11-17]
CHR Extension: (Menú de aplicaciones de Drive (de Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-11-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Corrector ortográfico y gramatical — LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldceeleldhonbafppcapldpdifcinji [2023-03-31]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-01-29]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-01-29]
CHR Extension: (Color Picker for Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\clldacgmdnnanihiibdgemajcfkmfhia [2023-05-07]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-01-17]
CHR Extension: (Google Meet Grid View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kklailfgofogmmdlhgmjgenehkjoioip [2021-01-28]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-28]
CHR Extension: (Microsoft 365) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2024-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Grammar Checker & Paraphraser – LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oldceeleldhonbafppcapldpdifcinji [2024-01-17]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-01-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-08]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-11-20]
CHR Extension: (Google Scholar Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2022-08-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-17]
CHR Extension: (Grammar Checker & Paraphraser – LanguageTool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\oldceeleldhonbafppcapldpdifcinji [2023-11-20]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-29]
CHR HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Opera: 
=======
OPR DefaultProfile: Default

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-01-14] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777080 2024-01-14] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1137576 2023-10-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2023-12-15] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [375248 2023-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
S3 Rockstar Service; D:\Games\Launcher\RockstarService.exe [1631360 2021-01-28] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16360768 2022-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5963304 2022-12-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [10533960 2022-12-23] (PUBG CORPORATION -> KRAFTON, Inc)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [136760 2019-05-07] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 HoYoProtect; C:\WINDOWS\system32\HoYoKProtect.sys [3669520 2022-12-30] (Microsoft Windows Hardware Compatibility Publisher -> miHoYo)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 NewTek_AudioPortClass; C:\WINDOWS\System32\drivers\NewTek_AudioPortClass.sys [33336 2020-10-18] (Microsoft Windows Hardware Compatibility Publisher -> NewTek)
R3 NewTek_WDM_KS; C:\WINDOWS\System32\drivers\NewTek_WDM_KS.sys [27832 2020-10-18] (Microsoft Windows Hardware Compatibility Publisher -> NewTek)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2021-04-10] (Microsoft Corporation) [Archivo no firmado]
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-03-25] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1432232 2022-12-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2024-01-30 09:40 - 2024-01-30 09:40 - 000000000 ___HD C:\OneDriveTemp
2024-01-29 14:25 - 2024-01-29 14:25 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-01-29 13:43 - 2024-01-29 13:48 - 000067880 _____ C:\Users\User\OneDrive\Escritorio\Fixlog.txt
2024-01-29 13:43 - 2024-01-29 13:43 - 000000000 ____D C:\Users\User\OneDrive\Escritorio\FRST-OlderVersion
2024-01-29 13:40 - 2024-01-29 13:40 - 000000252 _____ C:\Users\User\OneDrive\Escritorio\DelFix.txt
2024-01-29 13:39 - 2024-01-29 13:39 - 000000252 _____ C:\DelFix.txt
2024-01-29 13:39 - 2024-01-29 13:39 - 000000000 ____D C:\WINDOWS\ERUNT
2024-01-29 13:37 - 2024-01-29 13:37 - 000797760 _____ C:\Users\User\OneDrive\Escritorio\delfix_1.013.exe
2024-01-29 13:03 - 2024-01-29 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-01-29 13:03 - 2024-01-29 13:03 - 000000000 ____D C:\Program Files\VS Revo Group
2024-01-29 13:02 - 2024-01-29 13:02 - 006970144 _____ (VS Revo Group ) C:\Users\User\OneDrive\Escritorio\revosetup (1).exe
2024-01-24 22:01 - 2024-01-24 22:21 - 000080149 _____ C:\Users\User\OneDrive\Escritorio\Addition.txt
2024-01-24 21:59 - 2024-01-30 09:55 - 000027705 _____ C:\Users\User\OneDrive\Escritorio\FRST.txt
2024-01-24 21:57 - 2024-01-30 09:54 - 000000000 ____D C:\FRST
2024-01-24 21:56 - 2024-01-29 13:43 - 002389504 _____ (Farbar) C:\Users\User\OneDrive\Escritorio\FRST64.exe
2024-01-24 21:13 - 2024-01-24 21:13 - 000003854 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-01-24 21:13 - 2024-01-24 21:13 - 000003412 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-01-24 13:41 - 2024-01-24 21:54 - 000001381 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-01-24 13:41 - 2024-01-24 21:54 - 000001281 _____ C:\Users\User\OneDrive\Escritorio\ESET Online Scanner.lnk
2024-01-24 13:41 - 2024-01-24 13:41 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2024-01-24 11:44 - 2024-01-24 11:44 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2024-01-24 11:43 - 2024-01-30 09:40 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes
2024-01-24 11:43 - 2024-01-24 11:43 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-01-24 11:42 - 2024-01-24 11:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-24 11:42 - 2024-01-24 11:42 - 000000000 ____D C:\Program Files\Malwarebytes
2024-01-22 12:21 - 2024-01-22 12:21 - 000028273 _____ C:\Users\User\Downloads\Pago Fb Ads 22 enero.jpeg
2024-01-20 17:17 - 2024-01-20 17:17 - 000001205 _____ C:\Users\User\OneDrive\Escritorio\Google Chrome.lnk
2024-01-20 17:17 - 2024-01-20 17:17 - 000001066 _____ C:\Users\User\OneDrive\Escritorio\Epic Games Launcher.lnk
2024-01-20 17:17 - 2024-01-20 17:17 - 000000000 ____D C:\Users\User\AppData\Local\DesktopCleanup
2024-01-20 17:17 - 2024-01-20 17:17 - 000000000 ____D C:\Users\User\AppData\Local\Default
2024-01-20 17:16 - 2024-01-21 12:08 - 000000000 ____D C:\Users\User\AppData\Roaming\UbPublic
2024-01-19 13:02 - 2024-01-24 12:03 - 000000000 ____D C:\Users\User\AppData\Local\LegalHelper2
2024-01-19 13:02 - 2024-01-24 12:02 - 000000000 ____D C:\ProgramData\IEUpdater2
2024-01-19 13:01 - 2024-01-24 15:08 - 000000000 ____D C:\Users\User\OneDrive\Documents\GuardFox
2024-01-14 20:37 - 2024-01-14 20:37 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2024-01-30 09:48 - 2023-01-19 10:46 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2024-01-30 09:47 - 2021-12-19 17:32 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-30 09:47 - 2021-01-27 15:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-30 09:46 - 2023-02-06 10:57 - 000004218 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CF2E06EB-E955-46CA-8582-3DEF51669B8B}
2024-01-30 09:46 - 2021-10-03 23:04 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2024-01-30 09:44 - 2023-01-19 13:56 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2024-01-30 09:41 - 2023-10-17 12:03 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Teams
2024-01-30 09:40 - 2021-01-27 14:28 - 000000000 ___RD C:\Users\User\OneDrive
2024-01-29 21:13 - 2021-04-11 02:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-29 18:48 - 2021-01-27 15:32 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-29 17:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-01-29 14:25 - 2022-08-24 18:21 - 000000000 ____D C:\Program Files\TeamViewer
2024-01-29 14:25 - 2021-04-11 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-29 14:25 - 2021-04-11 02:39 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-29 14:25 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-29 14:24 - 2021-01-27 15:34 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2024-01-29 14:24 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-01-29 14:03 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-29 14:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-29 13:49 - 2021-02-09 09:30 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-29 13:47 - 2023-03-09 17:07 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2024-01-29 13:45 - 2018-09-15 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-01-29 13:19 - 2021-01-28 11:05 - 000000000 ____D C:\ProgramData\Package Cache
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\ProgramData\Wondershare
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\Program Files\Wondershare
2024-01-29 13:04 - 2021-11-30 01:08 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638252513
2024-01-29 13:04 - 2021-11-30 01:08 - 000001406 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2024-01-29 12:59 - 2022-08-24 19:40 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-01-24 21:49 - 2022-08-24 19:40 - 000000000 ____D C:\Program Files\CCleaner
2024-01-24 21:16 - 2022-10-01 19:06 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-01-24 12:10 - 2023-03-06 21:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-01-24 12:09 - 2022-10-01 19:06 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-01-24 11:43 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-01-24 09:48 - 2023-01-15 15:38 - 000000000 ____D C:\Users\User\AppData\Local\AMD_Common
2024-01-24 09:45 - 2021-05-24 11:31 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-01-22 11:45 - 2021-01-27 14:25 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-01-21 21:00 - 2022-01-09 14:13 - 000000000 ____D C:\ProgramData\Riot Games
2024-01-21 12:33 - 2022-02-10 14:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-21 12:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-01-21 12:06 - 2023-01-15 14:47 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2024-01-21 12:02 - 2021-01-27 14:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-20 22:42 - 2021-01-27 14:25 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Protect
2024-01-19 13:02 - 2023-04-15 17:53 - 000000000 ____D C:\Users\User\AppData\Local\Steam
2024-01-19 13:02 - 2021-06-01 17:49 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2024-01-19 13:01 - 2023-01-06 17:15 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2024-01-19 13:01 - 2021-11-30 01:08 - 000000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2024-01-19 12:54 - 2021-10-06 09:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-01-19 12:45 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-19 12:42 - 2021-04-11 03:04 - 000003852 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-01-19 12:42 - 2021-04-11 03:04 - 000003728 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-01-17 10:59 - 2022-01-09 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-01-16 23:22 - 2021-01-28 17:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Word
2024-01-16 23:22 - 2021-01-28 17:58 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Office
2024-01-16 20:14 - 2021-04-11 02:55 - 001773686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-16 20:14 - 2019-12-07 09:55 - 000788582 _____ C:\WINDOWS\system32\perfh00A.dat
2024-01-16 20:14 - 2019-12-07 09:55 - 000155970 _____ C:\WINDOWS\system32\perfc00A.dat
2024-01-16 20:07 - 2021-04-11 02:39 - 000450336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-16 20:04 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-14 20:35 - 2021-01-27 15:23 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-14 20:27 - 2021-01-27 16:29 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-10 09:51 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-10 09:05 - 2021-01-27 18:44 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-01-10 08:36 - 2021-01-27 18:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-10 00:11 - 2021-01-27 18:15 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-09 13:57 - 2021-01-27 14:43 - 000000000 ____D C:\ProgramData\Packages
2024-01-04 00:55 - 2023-10-17 12:03 - 000002363 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic.lnk
2023-12-31 20:31 - 2023-01-06 17:14 - 000000000 ____D C:\Users\User\AppData\Local\Discord
2023-12-31 20:25 - 2021-01-28 20:56 - 000000000 ____D C:\Program Files\Rockstar Games
2023-12-31 20:25 - 2021-01-28 20:56 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2023-12-31 20:23 - 2023-05-10 11:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-12-31 09:53 - 2021-02-12 18:18 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper

==================== Archivos en la raíz de algunos directorios ========

2022-08-24 18:20 - 2022-08-24 18:20 - 043404592 _____ (TeamViewer Germany GmbH) C:\Users\User\TeamViewer_Setup_x64.exe
2023-01-15 14:50 - 2023-01-15 14:50 - 383999808 _____ (AMD Inc.) C:\Users\User\win10-64Bit-Radeon-Software-Adrenalin-2019-Edition-19.6.3-June27.exe
2021-03-24 17:09 - 2021-11-30 21:16 - 000000015 _____ () C:\Users\User\AppData\Roaming\obs-virtualcam.txt
2021-03-25 17:54 - 2021-03-25 22:38 - 000037925 _____ () C:\Users\User\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-03-25 22:18 - 2021-03-25 22:18 - 000006096 _____ () C:\Users\User\AppData\Roaming\VoiceMeeterDefault.xml
2023-02-04 13:50 - 2023-02-04 13:50 - 000016438 _____ () C:\Users\User\AppData\Local\partner.bmp
2022-08-24 19:32 - 2023-04-22 19:57 - 000007603 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================
16

Hola @Yaniv_Goldstein

Pusiste 2 veces el mismo log correspondiente al de FRST faltaría el de ADDITION

Saludos

1 me gusta
17 
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 27.01.2024 01
Ejecutado por User (30-01-2024 09:56:25)
Ejecutado desde C:\Users\User\OneDrive\Escritorio
Microsoft Windows 10 Pro Versión 22H2 19045.3930 (X64) (2021-04-11 08:05:51)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-1889977516-2818661329-1748021256-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1889977516-2818661329-1748021256-503 - Limited - Disabled)
Invitado (S-1-5-21-1889977516-2818661329-1748021256-501 - Limited - Disabled)
User (S-1-5-21-1889977516-2818661329-1748021256-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1889977516-2818661329-1748021256-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audio Monitor version 0.7.1 (HKLM-x32\...\{50EFE25B-5233-48A8-B23E-A51AB83BC1FC}}_is1) (Version: 0.7.1 - Exeldro)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.20 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Comprobación de estado de PC Windows (HKLM\...\{8B474A92-CE3A-4F46-B6F1-6DFA1390F826}) (Version: 3.6.2204.08001 - Microsoft Corporation)
CyberLink PhotoDirector 14 (HKLM-x32\...\{EF76B1BC-DB92-4A4F-8411-849406461806}) (Version: 14.1.1130.0 - CyberLink Corp.)
Epic Games Launcher (HKLM-x32\...\{5EDB15EA-8B3E-4C51-AE28-7BFFE25208C2}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.86 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 85.0.37.0 - Google LLC)
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.83 - Microsoft Corporation)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Teams) (Version: 1.6.00.35961 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.33413 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 es-ES) (HKLM\...\Mozilla Firefox 107.0.1 (x64 es-ES)) (Version: 107.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0.1 - Mozilla)
NDI 4 Runtime (HKLM\...\{71AFF296-ED43-4166-8301-4649285EE712}_is1) (Version:  - NewTek, inc.)
NDI 4 Tools (HKLM\...\{35D49334-910D-4519-B971-C7B604214855}_is1) (Version:  - NewTek, inc.)
NewTek SpeedHQ Video Codec (x64) (Remove Only) (HKLM\...\NewTek_SpeedHQ_Codec_x64) (Version:  - )
NewTek SpeedHQ Video Codec (x86) (Remove Only) (HKLM-x32\...\NewTek_SpeedHQ_Codec) (Version:  - )
obs-ndi version 4.9.0 (HKLM-x32\...\{69FA0C71-8BEB-4E0D-B5D2-53BFF9192EE2}_is1) (Version: 4.9.0 - Stephane Lepin)
obs-virtualcam (HKLM-x32\...\obs-virtualcam) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Opera Stable 106.0.4998.66 (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Opera 106.0.4998.66) (Version: 106.0.4998.66 - Opera Software)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REDlauncher (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Spotify (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\Spotify) (Version: 1.2.29.605.g66a43ceb - Spotify AB)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.33.7 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.430.0_x64__ynb6jyjzte8ga [2023-07-22] (Adobe Inc.)
Complemento de motor multimedia para Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-26] (Microsoft Corporation)
Extensión de video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe [2024-01-24] (Microsoft) [Startup Task]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_4.1.38.0_x86__k5ye2zvjqqeaw [2024-01-11] (Nero AG)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.609.387.0_x64__55nm5eh3cm0pr [2024-01-29] (Roblox Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-10] (Microsoft Studios) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{04271989-C4D2-D418-1540-C5BA5276A163} -> [OneDrive - Universidad Distrital Francisco José de Caldas] => D:\OneDrive - Universidad Distrital Francisco José de Caldas [2023-01-10 16:59]
CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.33413\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-06-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\85.0.37.0\drivefsext.dll [2024-01-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.SHQ0] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\WINDOWS\system32\Codec.SpeedHQ.x64.dll [27721904 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2853040 2021-03-10] (Newtek Inc -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-06] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2023-03-06] (Electronic Arts -> On2.com)

==================== Accesos directos & WMI ========================

==================== Módulos cargados (Lista blanca) =============

2020-07-27 15:14 - 2020-07-27 15:14 - 000017920 _____ () [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003567616 _____ () [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000057856 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000039424 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000031744 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000414720 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000025088 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000024576 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000023552 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000532992 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001441792 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 001189888 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000134656 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006184448 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 006867456 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000735232 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000120832 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001104896 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000325120 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 003668480 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000517120 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000051712 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 004228608 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000171008 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 001085440 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000480256 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000205824 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000329728 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000127488 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000390656 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 095598080 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 005587968 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000462848 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 000188928 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 15:14 - 2020-07-27 15:14 - 002878464 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000055808 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000059392 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000262144 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000284160 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000333824 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000136704 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000090112 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000313856 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000017920 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-07-27 15:15 - 2020-07-27 15:15 - 000091648 _____ (The Qt Company Ltd.) [Archivo no firmado] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\sharepoint.com -> hxxps://udistritaleduco-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2018-09-15 02:31 - 2024-01-29 13:46 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{2aae0178-9bac-4afc-b4e4-3208f7444526}.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C"
HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{4E518380-8E4C-4B15-B57C-4685B5225F9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{55C2DD24-3190-4138-A056-47B6085907EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6400029D-F7EA-408B-AC20-B9CA433C4D4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18129791-74FD-40C5-B580-FB6F46569055}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{D76F7179-6AA6-46D9-8A95-1C0AF5348F42}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{348B6AD3-46E8-4149-88CE-2F1247300940}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9ED852AF-DCFC-48B4-A525-FA642CD4D272}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

24-01-2024 11:17:08 Punto de control programado
29-01-2024 13:15:37 Removed aescripts + aeplugins components
29-01-2024 13:17:55 Revo Uninstaller's restore point - ZXP Installer
29-01-2024 13:19:07 Removed ZXP Installer

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (01/30/2024 09:46:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (01/30/2024 09:46:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/30/2024 09:46:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/29/2024 02:34:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (01/29/2024 02:34:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/29/2024 02:34:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/29/2024 02:23:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.]

Error: (01/29/2024 02:06:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en DATOS (D:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)


Errores del sistema:
=============
Error: (01/29/2024 02:29:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Administrador de mapas descargados no respondió después de iniciar.

Error: (01/29/2024 01:45:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (01/29/2024 01:45:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Microsoft Office Click-to-Run Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (01/29/2024 01:45:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Wireless Keyboard 850 Notification Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/29/2024 01:45:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio TeamViewer terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 2000 milisegundos: Reiniciar el servicio.

Error: (01/29/2024 01:45:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/29/2024 01:45:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD Crash Defender Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/29/2024 01:25:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BC0EK2J)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
================
Date: 2024-01-21 12:14:47
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Nombre: VirTool:Win32/DefenderTamperingRestore
Id.: 2147741622
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Origen de detección: Desconocido
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.403.2472.0, AS: 1.403.2472.0, NIS: 1.403.2472.0
Versión de motor: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-01-20 15:30:28
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {F30BD765-D469-404C-8B0A-9117350622D8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-19 16:01:56
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {79B6F6DF-9E43-45BE-9D69-A4FCB825E849}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-17 22:09:21
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {6234B003-BA1E-45A9-8AC2-30DAC90E2E66}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2024-01-15 08:44:39
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {0ABF9CAD-C30F-456C-BCFE-447379A9F90A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2024-01-29 14:23:59
Description: 
Antivirus de Microsoft Defender encontró un error al intentar actualizar la inteligencia de seguridad e intentará revertir a una versión anterior.
Inteligencia de seguridad intentada: Actual
Código de error: 0x80501102
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 
Versión de inteligencia de seguridad: 1.403.2629.0;1.403.2629.0
Versión del motor: 1.1.23110.2

Date: 2024-01-29 13:26:16
Description: 
Antivirus de Microsoft Defender encontró un error al intentar actualizar la inteligencia de seguridad e intentará revertir a una versión anterior.
Inteligencia de seguridad intentada: Actual
Código de error: 0x80501102
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 
Versión de inteligencia de seguridad: 1.403.2629.0;1.403.2629.0
Versión del motor: 1.1.23110.2

Date: 2024-01-24 12:04:51
Description: 
Antivirus de Microsoft Defender encontró un error al intentar actualizar la inteligencia de seguridad e intentará revertir a una versión anterior.
Inteligencia de seguridad intentada: Actual
Código de error: 0x80501102
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 
Versión de inteligencia de seguridad: 1.403.2629.0;1.403.2629.0
Versión del motor: 1.1.23110.2

Date: 2023-12-11 08:57:35
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.149.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 

Date: 2023-12-11 08:57:35
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 
Versión anterior de inteligencia de seguridad: 1.403.149.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 
Versión anterior del motor: 1.1.23110.2
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 

CodeIntegrity:
===============
Date: 2024-01-29 12:52:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wscript.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2023-11-20 14:16:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-17 17:20:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-02 20:48:15
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-21 17:08:00
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. 4.6.5 09/17/2014
Placa base: ECS H81H3-M4
Procesador: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Porcentaje de memoria en uso: 41%
RAM física total: 12225.12 MB
RAM física disponible: 7122.92 MB
Virtual total: 24225.12 MB
Virtual disponible: 17658.84 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:229.16 GB) (Free:106.03 GB) (Model: WDC WD15EARX-00PASB0) NTFS
Drive d: (DATOS) (Fixed) (Total:1166.38 GB) (Free:480.91 GB) (Model: WDC WD15EARX-00PASB0) NTFS

\\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{2bd2c32a-0000-0000-0000-406939000000}\ () (Fixed) (Total:0.53 GB) (Free:0.09 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=229.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1166.4 GB) - (Type=07 NTFS)

==================== Final de Addition.txt =======================

Perdón, creo que este si es

1 me gusta
18

Hola @Yaniv_Goldstein

Mañana o a mas tardar el jueves te diré como continuar

Perdon por la demora

Saludos

2 Me gusta
19

Hola @Yaniv_Goldstein

Aun quedaban rastros del malware, realiza lo siguiente

:one: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Reinicias el ordenador en Modo Normal.

  • Descargas DelFix en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:

Folder: C:\Users\User\OneDrive\Documents\GuardFox
File: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa
VirusTotal: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa

2024-01-20 17:16 - 2024-01-21 12:08 - 000000000 ____D C:\Users\User\AppData\Roaming\UbPublic
2024-01-19 13:02 - 2024-01-24 12:03 - 000000000 ____D C:\Users\User\AppData\Local\LegalHelper2
2024-01-19 13:02 - 2024-01-24 12:02 - 000000000 ____D C:\ProgramData\IEUpdater2
2024-01-19 13:01 - 2024-01-24 15:08 - 000000000 ____D C:\Users\User\OneDrive\Documents\GuardFox
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\ProgramData\Wondershare
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\Program Files\Wondershare
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Gh.Common.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\sdk.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\System.Threading.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
C:\Users\User\AppData\Local\Programs\TaskbarSystem

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

2 Me gusta
20

Hola, gracias por continuar el proceso, aquí dejo el último reporte.

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 03.02.2024 01
Ejecutado por User (08-02-2024 11:15:30) Run:2
Ejecutado desde C:\Users\User\OneDrive\Escritorio
Perfiles cargados: User
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:

Folder: C:\Users\User\OneDrive\Documents\GuardFox
File: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa
VirusTotal: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa

2024-01-20 17:16 - 2024-01-21 12:08 - 000000000 ____D C:\Users\User\AppData\Roaming\UbPublic
2024-01-19 13:02 - 2024-01-24 12:03 - 000000000 ____D C:\Users\User\AppData\Local\LegalHelper2
2024-01-19 13:02 - 2024-01-24 12:02 - 000000000 ____D C:\ProgramData\IEUpdater2
2024-01-19 13:01 - 2024-01-24 15:08 - 000000000 ____D C:\Users\User\OneDrive\Documents\GuardFox
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\ProgramData\Wondershare
2024-01-29 13:11 - 2021-10-26 11:56 - 000000000 ____D C:\Program Files\Wondershare
IE trusted site: HKU\S-1-5-21-1889977516-2818661329-1748021256-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Users\User\AppData\Local\Programs\TaskbarSystem\AsyncBridge.Net35.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Countly.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Gh.Common.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\Newtonsoft.Json.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\sdk.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\SharpRaven.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\System.Threading.dll
C:\Users\User\AppData\Local\Programs\TaskbarSystem\TaskbarSystem.exe
C:\Users\User\AppData\Local\Programs\TaskbarSystem

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.

========================= Folder: C:\Users\User\OneDrive\Documents\GuardFox ========================

2024-01-19 13:01 - 2024-01-19 13:01 - 000240946 ____A [2FE1D1DB5635145CE0857BE1E0B0582A] () [Archivo no firmado] C:\Users\User\OneDrive\Documents\GuardFox\tSreqoRmrHvcbMV0jBENwLCX.exe

====== Final de Folder: ======


========================= File: C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\hpt4mSWebmCore.dcm;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\libGLESv2.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\MpCmdRun.log;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\p2pndowr0sisupd.tub;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\sbsrivatecGBSW.hwl;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.back.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sessions.xml;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\Sqvtxm3WebzAbrestr.dll;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\store.db;C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\xpui.spa ========================

C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\CBS.log
Archivo no firmado
MD5: 44EF761ED1C20FF5B63A6968ED1D16C9
Fecha de creación y modificación: 2021-05-30 02:50 - 2020-10-06 21:16
Tamaño: 010341447
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0

C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\d3dcompiler_47.dll
El archivo está firmado digitalmente
MD5: F1C1DB2A9846DCB3D5648BDB133CB831
Fecha de creación y modificación: 2021-05-30 02:50 - 2020-10-06 21:16
Tamaño: 004917576
Atributos: ----A
Nombre de la compañía: Spotify AB -> Microsoft Corporation
Interno Nombre: d3dcompiler_47.dll
Original Nombre: d3dcompiler_47.dll
Producto: Microsoft® Windows® Operating System
Descripción: Direct3D HLSL Compiler for Redistribution
Archivo Versión: 10.0.22621.755 (WinBuild.160101.0800)
Producto Versión: 10.0.22621.755
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/edd910fb3bc056582c052e14cfbbd82bf99e3a52f7bd89a1bf105c5b2cc84142/detection/f-edd910fb3bc056582c052e14cfbbd82bf99e3a52f7bd89a1bf105c5b2cc84142-1706788394

C:\Program Files (x86)\Common Files\WorkImage\CojmandGreseptation\eveop_Sexasvc.pcs
Archivo no firmado
MD5: 0AFB639CDD7A7646F9FC6B5575C7E555
Fecha de creación y modificación: 2021-05-30 02:50 - 2020-10-06 21:16
Tamaño: 068943872
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0
21

Hola @Yaniv_Goldstein

El reporte esta incompleto… ese es todo el contenido que tenia el archivo o te falto agregar el resto?

Si el informe es muy largo puedes usar varias respuestas.

Saludos

2 Me gusta
22

Hola @DanielG

Te comento que ese es todo el contenido que tenía el archivo

Saludos

2 Me gusta