Doble tilde, doble busqueda en bing, intente lo de otros temas y nada

Acabo de pasarlo, meto las dos imagenes.

No aparece nada raro creo. Se lo pase ayer tambien y supongo que apareceran menos cosas de las que normalmente saldrian. En el apartado de Plugins, no me aparece esa extension que esta instalada, me aparecen todas las demas menos esa, asi que no puedo eliminarla asi.

¡Saludos!

1 me gusta

Vale. Hay que proceder a usar otras herramientas de desinfección pero, antes que nada, le voy a pedir que suba de nuevo el informe de Malwarebytes, pues se me pasó comprobar las versiones y he visto que no están, se ve que no las copió. Por favor, súbalo entero.

Un saludo.

1 me gusta

Sin problema, a ver si es este

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 4/5/21
Hora del análisis: 10:21
Archivo de registro: ca2ed63a-acb1-11eb-a0d5-f8a963e0d115.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1273
Versión del paquete de actualización: 1.0.40123
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 19041.928)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 318065
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 8 min, 16 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

le he dado a ver informe y copiar al portapapeles, espero que ahi venga todo. Saludos

1 me gusta

No es ese el análisis que nosotros hicimos, pero me sirve, pues ya he visto que MBAM está debidamente actualizado.

Vamos a pasar ESET Online Scanner. Va a segur su manual:

Haga el análisis personalizado con todas las unidades externas que utilice conectadas, y marcándolas para analizar también.

Cuando termine, me sube el informe, cuya obtención está también en el manual.

Un saludo.

PD: Por si acaso, desactive temporalmente su antivirus antes de hacer el análisis:

1 me gusta

Buenos dias Pablo,

Se ha llevado toda la noche analizando. Pase el antivirus hace unos dias asi que supongo que en esa pasada quitaria algunos problemas menores. Subo el informe:

05/05/2021 8:16:56
Archivos analizados: 718371
Archivos detectados: 0
Archivos desinfectados: 0
Tiempo total de análisis: 02:57:03
Estado del análisis: Finalizado

Saludos

1 me gusta

Hola @belisario

Lo primero quiero volver a pedirle disculpas por la separación entre las respuestas y la lentitud del tema, pero es una época horrible en la que estoy 200% desbordado.

Atendiendo al asunto que nos ocupa, parece que es un bicho duro de roer. Vamos a por KVRT. Descárguelo desde este enlace oficial:

https://www.kaspersky.es/downloads/thank-you/free-virus-removal-tool

Lo ejecuta con las unidades externas de nuevo conectadas, por si son vector de infección. Siga su manual, mandando a cuarentena aquello que detecte:

Para el informe, suba una captura de pantalla pues, si no me equivoco, no permite exportarlo como tal.

Un saludo.

1 me gusta

Buenas @Pablo

Por favor ¡Demasiado que me estas ayudando a solucionar esto!

He conectado todo y lo he pasado, pongo el reporte, los problemas de la doble tilde, la extension y que salga la pestaña con busqueda bing persisten aun asi

¡Muchas gracias y saludos!

1 me gusta

Hola @belisario

Entiendo que ese objeto lo mandó a cuarentena y reinició el PC, ¿correcto?

Bien, si la respuesta es afirmativa, toca ZHPCleaner. Para usarlo, sigua su manual:

Primero haga scaner, después limpieza y, finalmente, adjunte el informe aquí. Reinicie el PC tras terminar.

Por otro lado, le recomiendo restablecer el navegador si ve que no se corrige todo. Le dejo las instrucciones para los más conocidos:

Chrome: Restablecer la configuración predeterminada de Chrome - Ayuda de Google Chrome

Firefox: Restablecer Firefox - una forma fácil de solucionar muchos problemas | Ayuda de Firefox

Edge: Cómo restablecer Microsoft Edge a sus valores iniciales

Un saludo.

1 me gusta

Buenas noches @Pablo

Acabo de pasarlo siguiendo el manual. El Google Chrome creo que lo restablecí hace poco, la extensión sigue sin irse y sigue apareciendo la pestaña que busca en bing cuando hago una búsqueda, la doble tilde desaparecio durante unos minutos, pero volvio, ya me ha pasado anteriormente. Adjunto el informe del ZHPCleaner:

~ ZHPCleaner v2021.5.1.293 by Nicolas Coolman (2021/05/01)
~ Run by Jose Manuel (Administrator)  (06/05/2021 22:54:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Jose Manuel\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Jose Manuel\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 19041)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (4)
MOVIDO carpeta: C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVIDO carpeta: C:\Users\Jose Manuel\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVIDO archivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVIDO archivo: C:\Users\Jose Manuel\AppData\Local\MSfree Inc  =>HackTool.WinActivator

---\  Registro ( Claves, Valores, Datos) (1)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b6c85995-a0bc-4991-a04a-24732d08e0f0}\\DhcpNameServer [Bad : 212.230.135.1 212.230.135.2]  =>Hijacker.Browser

---\  Resumen de elementos en su estación de trabajo (4)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser

---\ Limpieza adicional. (15)
~ Clave de registro Tracing borrados (15)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\ STATISTIQUES
~ Items escaneado : 1463
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17

---\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas

~ End of clean in 00h00mn16s

---\  Reporte (3)
ZHPCleaner-[S]-06052021-22_51_49.txt
ZHPCleaner-[S]-30042021-22_05_11.txt
ZHPCleaner-[R]-06052021-22_54_24.txt

Muchas gracias por estar dedicándome este tiempo y saludos

1 me gusta

Un saludo.

Más allá de los KMS tan habituales :thinking: como de dudosa seguridad no veo nada raro en el informe. Ay qué bonito Office gratis… ya luego los bichos no son tan bonitos. A modo de consejo personal, no utilice esas herramientas, por su seguridad principalmente. De todas formas, el malware que nos ocupa no tiene que ver (en principio, claro) con los KMS.

Vamos a ir tirando de DrWeb CureIt, a ver si hay más suerte. Se ve que el bicho está agusto en su PC :confused:

Siga su manual:

Dele a neutralizar aquello que detecte y súbame el informe mínimo que estará en C:\Nombre de Usuario\Dr Web\ Curelt.log, tal cual se indica en el manual.

NOTA: Al igual que antes, conecte las unidades externas y analícelas también.

Un saludo, suerte.

1 me gusta

Muy buenos dias @Pablo

Perdona que haya tardado tanto, no pude coger el pc hasta ahora y lo pase ayer por la noche cuando llegue a casa. He seguido todos los pasos y siguen ambas cosas, tildes y busqueda bing con la extension. Subo el informe

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\MozCompressor.dll#43872E77AD13E2FC - quarantined
C:\users\jose manuel\downloads\adaware_installer_um.exe - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Ad-Aware Web Companion.exe#7CF51017700F8807 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\BCUSDK.dll#835EE20F372F2C52 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\DotNetZip.dll#9B02B427F1D853D2 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Esent.Interop.dll#12DA5277B1D0FACC - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ICSharpCode.SharpZipLib.dll#A27493E8B63648E0 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Interop.IWshRuntimeLibrary.dll#8209593846D44B8D - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll#C9EF4B5CE4658A50 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Interop.Shell32.dll#519C1B22A1877B4A - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.adblocker.dll#54CF9A4CE0ED19B6 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Interop.SHDocVw.dll#19075EA2195796A4 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.AppCore.dll#41624F2670753300 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Compression.dll#40224114988E902A - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Automation.dll#D84E55472F8FABF6 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.CSharp.Utilities.dll#252636A9C011E666 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Events.dll#30A1275AE66F3DC4 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Omni.dll#86F90E3B7187C6AE - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll#1C98F0D1229E61EC - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.IEController.dll#1221C0E18BD96CC5 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Settings.dll#488ECBA755068445 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\BCUEngineS.dll#F346A47091BB9239 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.SysInfo.dll#33C2B3EEA7BF36BD - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.Utils.SqlLite.dll#74D8B7C058506596 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll#C2C7DE8D4F2B84BC - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll#D5891BA34176A459 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Lavasoft.SearchProtect.Business.dll#37E9A5FD37C9AC46 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\LZ4.dll#BB85D72D74ACB224 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\liblz4.dll#49B24C0F45FD2C47 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\log4net.dll#30D8776BC8AB1D09 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\System.Data.SQLite.dll#CDF0CE5B1DF9535A - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Newtonsoft.Json.dll#64EE08C5F7337E2B - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\vcruntime140d.dll#BE673B41E0264BC8 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\WebCompanion.Loader.exe#2776C7772881A542 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\de-DE\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ucrtbased.dll#14438B0622601059 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\en-US\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\es-ES\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\fr-CA\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\it-IT\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ja-JP\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\pt-BR\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ru-RU\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\WebCompanionExtensionIE.dll#BE57B50C96A6A6AA - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\tr-TR\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll#724D4BE97A0FB864 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\zh-Hans\WebCompanion.resources.dll#A7DF24B5F8A60E06 - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\x64\SQLite.Interop.dll#301E4E058FFCD32D - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\x86\SQLite.Interop.dll#301E4E058FFCD32D - quarantined
C:\AdwCleaner\Quarantine\v1\20200817.095627\3\Web Companion\Application\Microsoft.mshtml.dll#5985693D4A102B73 - quarantined
C:\Users\Jose Manuel\Downloads\remo-recover-windows.exe - quarantined
C:\Users\Jose Manuel\Downloads\UsbFix_2020 (1).exe - quarantined
C:\Users\Jose Manuel\Downloads\UsbFix_2020 (2).exe - quarantined
C:\Users\Jose Manuel\Downloads\UsbFix_2020 (3).exe - quarantined
C:\Users\Jose Manuel\Downloads\UsbFix_2020.exe - quarantined

Total 717727618607 bytes in 684013 files scanned (1030095 objects)
Total 683958 files (1029875 objects) are clean
Total 64 files (65 objects) are infected
Total 64 files are neutralized
Total 150 files are raised error condition
Scan time is 01:46:01.281

Despues las elimine como aparece en el manual.

Respecto a lo del Office, uso una version legal, estoy matriculado en una universidad haciendo un master y tengo la cuenta de la universidad vinculada porque trae, entre otras cosas, el paquete office libre para usar, quizas sea anterior a eso, el ordenador (portatil) tiene ya sus 6 años.

Muchas gracias por todo y de nuevo perdona por la tardanza de la respuesta. Abrazos.

Hola y con permiso de @Pablo y tu permiso @belisario

Pues el malware que tienes en tu máquina es difícil de eliminar o tiene digamos que cierta persistencia en el sistema y por eso es más difícil de eliminarlo.

Así que de forma temporal pasaré yo a ayudarte en este tema. Pues debemos ahora de utilizar una herramienta “un poco especial” para eliminar esos malwares que persisten.

Una vez finalicemos con FRST, yo me retiraré del caso y sigues con @Pablo con lo que se tenga que acabar de hacer en la máquina o lo que él considere oportuno en el momento en que él retome el caso.

EN BUSCA / ELIMINACIÓN DE MALWARE

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:warning: Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

  3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.

  4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas los reportes de FRST.txt y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

2 Me gusta

Buenas noches @Marr0n ¡Mil gracias por ayudarme! con permiso de @Pablo te paso todo lo que me dices. Le he pasado la herramienta sin el disco duro externo ya que no aparecia nada de que lo contectase y tenia que desactivar la conexion a internet.

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 08-05-2021 01
Ejecutado por Jose Manuel (administrador) sobre DESKTOP-C53VVMC (Acer Aspire V3-572G) (08-05-2021 22:08:59)
Ejecutado desde C:\Users\Jose Manuel\Desktop
Perfiles cargados: Jose Manuel
Platform: Windows 10 Home Versión 2004 19041.928 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [164808 2021-04-20] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-04-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Archivo no firmado]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [451952 2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3137816 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32894024 2021-02-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [PTOneClick] => C:\Users\Jose Manuel\AppData\Local\Webex\Webex\Applications\ptoneclk.exe [7184192 2020-04-12] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [com.blitz.app] => C:\Users\Jose Manuel\AppData\Local\Programs\Blitz\Blitz.exe [109893896 2021-05-06] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Jose Manuel\AppData\Local\WebEx\CiscoWebExStart.exe [2841816 2021-04-16] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [274176 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\Windows\system32\hpinksts7212LM.dll [336904 2014-07-16] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6830): C:\Windows\system32\HPDiscoPM7212.dll [763968 2014-07-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {059522B1-CBFD-4F7C-8AA6-1E6E5490D38E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {18BFB1A3-71E5-4422-BF3A-BFC83F763507} - System32\Tasks\Microsoft\Windows\AppID\xrwcther => rundll32 "C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll",faiomwd_Netrjcz
Task: {1D35B215-9FD2-4222-92D3-D62F0346BECD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {25CDDEB2-AB17-4829-807B-D025CB67FABB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {27AEC313-B001-478F-A80D-E004197C79E1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EC9F746-CC5D-4D02-A6ED-3E16C5B3109F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {47F6DB9F-8964-4C91-9C53-580F3E8450AC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4ACC5FF7-7607-47D3-9123-2DC8790B67CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248776 2021-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E7DF88C-FFAD-417C-ADCE-FC2CB3374083} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6E8ADBEE-5B2D-44C1-8F1E-C1DAF34D6BA5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76E969ED-E479-4ECE-8DE1-1EE59199C0F5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A0038AE-C562-4E2F-8D4F-8AC38F144704} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8B3B429C-BCF5-4CFD-9075-745D9D309FA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C6B09C3-7CD5-4327-8052-29DAB2A4CFFA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96F0CC65-3FA5-48E1-BC5B-255C37C5BF83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9ADC3633-B18D-4020-A8D4-36CE76BAC973} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B3E4B60-E0DE-4DE1-8C5B-B912FDBBEC58} - \EOSv3 Scheduler onTime -> Ningún archivo <==== ATENCIÓN
Task: {A6660845-25B2-46F3-9421-38DA6B4B6440} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-16] (Google Inc -> Google LLC)
Task: {B6A3F472-6331-43E7-8EEC-750B1540C6E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248776 2021-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD021D1A-B58C-416D-B191-DEFA23ED3875} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CEE3BDB1-189B-4192-87D4-442D6121B907} - \EOSv3 Scheduler onLogOn -> Ningún archivo <==== ATENCIÓN
Task: {CF578134-F30B-4E74-A9BB-D38394FDE7A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-16] (Google Inc -> Google LLC)
Task: {E3EB1A59-FD47-4F1E-B7BC-4017327D2285} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EAE40F86-9129-4409-B888-E54A3378BD88} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F00E1CC8-AF4D-402B-889A-DFE85010862A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{af0e6388-3f32-40c2-bb6f-b8edd5230703}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
Edge Profile: C:\Users\Jose Manuel\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-08]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: lhqzlpgj.default
FF ProfilePath: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\lhqzlpgj.default [2021-05-02]
FF ProfilePath: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\bcpqw2ka.default-release [2021-05-03]
FF Homepage: Mozilla\Firefox\Profiles\bcpqw2ka.default-release -> hxxps://links.malwarebytes.com/link/restorebrowser?lic=trial&product=MBAM-C
FF SearchPlugin: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\bcpqw2ka.default-release\searchplugins\bing-lavasoft-ff59.xml [2019-08-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default [2021-05-08]
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Presentaciones) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-16]
CHR Extension: (Documentos) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-16]
CHR Extension: (Google Drive) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]
CHR Extension: (Hojas de cálculo) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-19]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-05-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]
CHR Extension: (vFlowSoft) - C:\ProgramData\Jmqgsep\Nnnsd [2021-05-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-26] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-04-24] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-05-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-20] (ESET, spol. s r.o. -> ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-20] (ESET, spol. s r.o. -> ESET)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [169400 2021-04-20] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [192624 2021-04-20] (ESET, spol. s r.o. -> ESET)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107400 2021-04-20] (ESET, spol. s r.o. -> ESET)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-12-16] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-05-01] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-05-08 22:08 - 2021-05-08 22:09 - 000026558 _____ C:\Users\Jose Manuel\Desktop\FRST.txt
2021-05-08 22:02 - 2021-05-08 22:02 - 002298880 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FRST64 (1).exe
2021-05-08 22:02 - 2021-05-08 22:02 - 002298880 _____ (Farbar) C:\Users\Jose Manuel\Desktop\FRST64 (1).exe
2021-05-07 11:31 - 2021-05-08 08:48 - 000000000 ____D C:\Users\Jose Manuel\Doctor Web
2021-05-07 11:27 - 2021-05-07 11:30 - 245179552 _____ C:\Users\Jose Manuel\Downloads\c1apgfe2.exe
2021-05-06 23:05 - 2021-05-06 23:05 - 006145921 _____ C:\Users\Jose Manuel\Downloads\IMSLP01259-Bach_Bmin3-1.pdf
2021-05-06 22:54 - 2021-05-06 22:54 - 000009538 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (R).html
2021-05-06 22:54 - 2021-05-06 22:54 - 000003091 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (R).txt
2021-05-06 22:51 - 2021-05-06 22:51 - 000009560 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (S).html
2021-05-06 22:51 - 2021-05-06 22:51 - 000003129 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (S).txt
2021-05-06 22:40 - 2021-05-06 22:40 - 003327128 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner (2).exe
2021-05-06 22:39 - 2021-05-06 22:39 - 000000881 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner.lnk
2021-05-06 22:37 - 2021-05-06 22:38 - 003327128 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner (1).exe
2021-05-06 12:30 - 2021-05-06 12:30 - 000189004 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-06 at 12.30.34.jpeg
2021-05-06 12:30 - 2021-05-06 12:30 - 000189004 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-06 at 12.30.34.jpeg
2021-05-06 10:00 - 2021-05-06 10:00 - 000256016 _____ (Cisco Webex LLC) C:\Users\Jose Manuel\Downloads\webex.exe
2021-05-06 09:36 - 2021-05-06 09:36 - 000000000 ____D C:\KVRT2020_Data
2021-05-06 09:35 - 2021-05-06 09:36 - 103333176 _____ (AO Kaspersky Lab) C:\Users\Jose Manuel\Downloads\KVRT (1).exe
2021-05-05 18:17 - 2021-05-05 18:16 - 001143175 _____ C:\Users\Jose Manuel\Desktop\Beethoven-Liszt_Symphony-5 erster Satz Jose Manuel Cuadrado.pdf
2021-05-05 18:16 - 2021-05-05 18:16 - 001143175 _____ C:\Users\Jose Manuel\Downloads\Beethoven-Liszt_Symphony-5 erster Satz.pdf
2021-05-04 23:13 - 2021-05-04 23:13 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner (2).exe
2021-05-04 23:13 - 2021-05-04 23:13 - 000000676 _____ C:\Users\Jose Manuel\Desktop\ESET Online Scanner.lnk
2021-05-04 22:58 - 2021-05-04 22:58 - 000103433 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-04 at 18.25.49.jpeg
2021-05-04 22:58 - 2021-05-04 22:58 - 000103433 _____ C:\Users\Jose Manuel\Desktop\Briefkasten.jpeg
2021-05-03 23:15 - 2021-05-03 23:16 - 000135820 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-03 at 23.08.45.jpeg
2021-05-03 23:15 - 2021-05-03 23:16 - 000107867 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-03 at 23.10.11.jpeg
2021-05-03 23:15 - 2021-05-03 23:15 - 000145388 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 23.08.45.jpeg
2021-05-03 23:15 - 2021-05-03 23:15 - 000110859 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 23.10.11.jpeg
2021-05-03 23:10 - 2021-05-03 23:10 - 000000552 _____ C:\Users\Jose Manuel\Desktop\cc_20210503_231029.reg
2021-05-03 22:46 - 2021-05-03 22:46 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (4).exe
2021-05-03 21:22 - 2021-05-03 21:22 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (3).exe
2021-05-03 21:14 - 2021-05-03 21:14 - 000477952 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 21.12.22 (1).jpeg
2021-05-03 21:14 - 2021-05-03 21:14 - 000477952 _____ C:\Users\Jose Manuel\Desktop\Streichholzbox.jpeg
2021-05-03 21:13 - 2021-05-03 21:13 - 000243432 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 21.12.22.jpeg
2021-05-03 21:13 - 2021-05-03 21:13 - 000243432 _____ C:\Users\Jose Manuel\Desktop\Streichholz und Zigarette.jpeg
2021-05-03 19:42 - 2021-05-03 19:42 - 000121511 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 19.42.16.jpeg
2021-05-03 19:42 - 2021-05-03 19:42 - 000121511 _____ C:\Users\Jose Manuel\Desktop\Rock.jpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 001764204 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.38.mpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 001182327 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.48.mpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 000967156 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.55.mpeg
2021-05-03 17:54 - 2021-05-03 17:54 - 001708198 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.57.mpeg
2021-05-03 17:54 - 2021-05-03 17:54 - 001374666 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.26.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 001589497 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.42.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000907388 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.24.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000787434 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.34.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000729337 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.50.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000850963 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.36.02.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000692975 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.41.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000470621 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.54.mpeg
2021-05-03 17:08 - 2021-05-03 17:08 - 001549791 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.24.mpeg
2021-05-03 17:08 - 2021-05-03 17:08 - 000881057 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.01.mpeg
2021-05-03 08:52 - 2021-05-08 09:01 - 000000000 ____D C:\Users\Jose Manuel\Desktop\foro antimalwares
2021-05-02 23:12 - 2021-05-02 23:12 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (3).exe
2021-05-02 20:45 - 2021-05-02 20:45 - 000265316 _____ C:\Users\Jose Manuel\Downloads\Drängen und Treiben Beethoven-Symphony_No_5.pdf
2021-05-02 19:38 - 2021-05-02 19:38 - 103321912 _____ (AO Kaspersky Lab) C:\Users\Jose Manuel\Downloads\KVRT.exe
2021-05-02 19:19 - 2021-05-02 19:19 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner (1).exe
2021-05-02 19:07 - 2021-05-02 19:07 - 000000253 _____ C:\DelFix.txt
2021-05-02 19:07 - 2021-05-02 19:07 - 000000000 ____D C:\WINDOWS\ERUNT
2021-05-02 19:06 - 2021-05-02 19:06 - 000797760 _____ C:\Users\Jose Manuel\Downloads\delfix.exe
2021-05-02 18:57 - 2021-05-08 22:09 - 000000000 ____D C:\FRST
2021-05-02 18:57 - 2021-05-02 18:57 - 002298368 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FRST64.exe
2021-05-02 18:55 - 2021-05-02 18:55 - 001599815 _____ C:\Users\Jose Manuel\Downloads\IFS.exe
2021-05-02 18:40 - 2021-05-02 18:40 - 000000000 ____D C:\ProgramData\McInstTemp0208631619973646
2021-05-02 16:02 - 2021-05-02 16:02 - 001790024 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\JRT.exe
2021-05-02 15:47 - 2021-05-08 22:00 - 000000000 ___HD C:\ProgramData\Jmqgsep
2021-05-02 15:21 - 2021-05-02 15:21 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (2).exe
2021-05-02 15:09 - 2021-05-02 15:09 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (3).exe
2021-05-02 14:16 - 2021-05-02 14:16 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (2).exe
2021-05-02 14:16 - 2021-05-02 14:16 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-02 14:13 - 2021-05-02 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-05-01 15:02 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\SET2F1F.tmp
2021-05-01 14:59 - 2021-05-02 19:05 - 000000000 ____D C:\Program Files\McAfee
2021-05-01 14:59 - 2021-05-02 19:05 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-05-01 14:59 - 2021-05-02 14:15 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-05-01 14:59 - 2021-05-01 14:59 - 000000000 ____D C:\Program Files\McAfee.com
2021-05-01 14:59 - 2021-05-01 14:59 - 000000000 ____D C:\Program Files\Common Files\AV
2021-05-01 14:57 - 2021-05-02 19:05 - 000000000 ____D C:\ProgramData\McAfee
2021-05-01 14:57 - 2021-05-01 15:04 - 000000048 _____ C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini
2021-05-01 14:57 - 2021-05-01 14:57 - 005794408 _____ (McAfee, LLC) C:\Users\Jose Manuel\Downloads\mcafee_trial_setup_433.0207.3919_key.exe
2021-05-01 13:47 - 2021-05-01 13:47 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill (1).zip
2021-05-01 13:19 - 2021-05-01 13:19 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (1).exe
2021-05-01 13:19 - 2021-05-01 13:19 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (1).exe
2021-05-01 13:16 - 2021-05-01 13:16 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (2).exe
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\ProgramData\ESET
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\Program Files\ESET
2021-05-01 12:07 - 2021-05-01 12:07 - 008702880 _____ (ESET) C:\Users\Jose Manuel\Downloads\eset_nod32_antivirus_live_installer.exe
2021-04-30 23:17 - 2021-04-30 23:17 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\AdAwareDesktop
2021-04-30 22:59 - 2021-04-30 22:59 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2.exe
2021-04-30 22:51 - 2021-04-30 22:51 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup.exe
2021-04-30 22:45 - 2021-04-30 22:47 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-30 22:45 - 2021-04-30 22:47 - 000000000 ____D C:\Program Files\AVAST Software
2021-04-30 22:43 - 2021-04-30 22:43 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (1).exe
2021-04-30 22:35 - 2021-05-02 14:53 - 000000000 ____D C:\DTRToll
2021-04-30 22:35 - 2021-05-02 14:52 - 000000073 _____ C:\Bug_TKill.txt
2021-04-30 22:35 - 2021-04-30 22:35 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill.zip
2021-04-30 22:25 - 2021-04-30 22:25 - 000289179 _____ C:\Users\Jose Manuel\Downloads\prueba sara 1.pdf
2021-04-30 22:24 - 2021-04-30 22:24 - 000186897 _____ C:\Users\Jose Manuel\Downloads\11010436_89030_pcr_b_20201218174920.91255065.pdf
2021-04-30 21:55 - 2021-05-06 22:54 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\ZHP
2021-04-30 21:55 - 2021-04-30 21:55 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ZHP
2021-04-30 21:51 - 2021-04-30 21:52 - 003326616 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner.exe
2021-04-30 21:46 - 2021-04-30 21:46 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577.exe
2021-04-30 21:45 - 2021-04-30 21:45 - 000909824 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FSS.exe
2021-04-30 20:26 - 2021-05-04 23:13 - 000000804 _____ C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-30 20:26 - 2021-04-30 20:26 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner.exe
2021-04-30 19:42 - 2021-04-30 22:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-30 10:14 - 2021-04-30 10:14 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Mosan
2021-04-30 10:12 - 2021-05-01 11:13 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\CAOEYJZhddKFmOGyfRihCVwOLVbXhRFrgDKEXTZEhaNfjsWAicXflQrGnqTrkeZmLGdVreocSDZloMBzZXPSUdTnAryW
2021-04-30 10:07 - 2021-05-06 12:37 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\wJLlafLcJliamdLygTmXtMRnEMahPONoQcXmWYyWEleaGPdUKBuwDzRfRhFGWbGUbZCrajpdODaUJmROcbCgILEbDHHJanZiEiVHhjBnaPhqwXFacQ
2021-04-30 10:06 - 2021-04-30 21:12 - 000000000 ____D C:\WINDOWS\PublicGaming
2021-04-29 12:36 - 2021-04-29 12:36 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\EaseUS
2021-04-29 12:36 - 2021-04-29 12:36 - 000000000 ____D C:\Program Files\EaseUS
2021-04-29 11:55 - 2021-04-29 11:55 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Remo
2021-04-29 11:55 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2021-04-29 09:00 - 2021-04-29 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-04-20 16:30 - 2021-04-20 16:30 - 000192624 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-04-20 16:30 - 2021-04-20 16:30 - 000169400 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-04-20 16:30 - 2021-04-20 16:30 - 000107400 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-04-20 13:02 - 2021-04-20 13:02 - 000015824 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2021-04-15 21:18 - 2021-04-15 21:18 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 21:18 - 2021-04-15 21:18 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 21:18 - 2021-04-15 21:18 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-05-08 22:09 - 2020-09-16 18:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-08 22:09 - 2020-09-16 18:32 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-05-08 22:04 - 2019-06-16 14:58 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Discord
2021-05-08 22:04 - 2019-06-16 14:58 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Discord
2021-05-08 22:01 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-08 22:00 - 2019-06-15 11:44 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-08 21:59 - 2020-10-10 12:10 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Blitz
2021-05-08 21:57 - 2019-06-15 11:44 - 000000000 __SHD C:\Users\Jose Manuel\IntelGraphicsProfiles
2021-05-08 21:57 - 2019-06-15 11:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-05-08 11:25 - 2020-08-16 18:05 - 000000000 ____D C:\Users\Jose Manuel
2021-05-08 09:07 - 2020-08-16 19:00 - 001772930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-08 09:07 - 2019-12-07 16:55 - 000789640 _____ C:\WINDOWS\system32\perfh00A.dat
2021-05-08 09:07 - 2019-12-07 16:55 - 000155992 _____ C:\WINDOWS\system32\perfc00A.dat
2021-05-08 09:07 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-08 09:03 - 2020-08-16 19:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-08 09:03 - 2020-08-16 18:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-08 09:03 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-08 08:33 - 2020-08-16 18:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-08 02:58 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-07 11:27 - 2020-07-04 22:17 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-07 11:27 - 2020-07-04 22:17 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-07 11:27 - 2020-07-04 22:17 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-07 11:27 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-06 22:56 - 2020-03-25 10:30 - 000001034 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-06 22:56 - 2020-03-25 10:30 - 000001030 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-05-06 13:59 - 2019-11-09 13:57 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\MuseScore
2021-05-06 13:15 - 2020-03-24 16:59 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\WebEx
2021-05-06 12:38 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-06 11:23 - 2020-03-24 16:59 - 000000000 ____D C:\Users\Jose Manuel\AppData\LocalLow\WebEx
2021-05-05 18:01 - 2019-06-18 17:02 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\CrashDumps
2021-05-05 16:47 - 2020-03-15 14:45 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-05 08:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-05 01:30 - 2020-08-16 19:01 - 000004094 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-05 01:30 - 2020-08-16 19:01 - 000003862 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-05-03 15:25 - 2019-06-16 13:41 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-02 14:46 - 2019-06-15 12:47 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ElevatedDiagnostics
2021-05-01 17:22 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-01 17:15 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-05-01 15:03 - 2019-03-19 06:49 - 000000124 _____ C:\WINDOWS\win.ini
2021-05-01 12:24 - 2019-06-15 11:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-01 12:14 - 2019-06-15 11:50 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-04-30 23:07 - 2020-08-16 18:53 - 000458680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-30 22:47 - 2019-06-15 11:44 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Packages
2021-04-30 21:50 - 2019-06-16 13:16 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Google
2021-04-30 21:48 - 2020-08-16 13:07 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-30 21:48 - 2019-08-07 21:14 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\BitTorrent
2021-04-30 21:31 - 2019-06-25 19:13 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\D3DSCache
2021-04-30 20:26 - 2019-06-27 15:51 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ESET
2021-04-30 20:08 - 2019-08-23 13:17 - 000000000 ____D C:\ProgramData\DAEMON Tools Ultra
2021-04-30 20:08 - 2018-07-26 14:46 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\PlatformCons
2021-04-30 20:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2021-04-30 19:43 - 2019-06-15 12:15 - 000000000 ____D C:\Users\Jose Manuel\AppData\LocalLow\Mozilla
2021-04-30 10:09 - 2019-08-23 13:17 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra
2021-04-29 21:34 - 2020-08-16 19:01 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1982497377-3505030188-412331071-1001
2021-04-29 21:34 - 2020-08-16 18:05 - 000002415 _____ C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 21:34 - 2019-06-15 11:46 - 000000000 ___RD C:\Users\Jose Manuel\OneDrive
2021-04-29 12:36 - 2021-02-15 12:52 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-04-29 11:48 - 2020-04-18 21:51 - 000000000 ___RD C:\Users\Jose Manuel\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2021-04-29 09:00 - 2020-03-25 10:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-04-27 19:23 - 2020-05-26 12:15 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\vlc
2021-04-26 23:24 - 2019-06-16 13:17 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 23:24 - 2019-06-16 13:17 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-26 23:24 - 2019-06-16 13:17 - 000002258 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-26 08:49 - 2020-08-16 19:01 - 000003652 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 08:49 - 2020-08-16 19:01 - 000003528 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-23 21:30 - 2021-01-24 16:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 20:06 - 2019-06-15 12:11 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 14:46 - 2020-08-16 19:01 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 14:46 - 2020-08-16 19:01 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 21:17 - 2020-08-16 18:57 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-15 21:10 - 2019-06-15 11:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-15 21:04 - 2019-06-15 11:51 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Archivos en la raíz de algunos directorios ========

2021-05-01 14:57 - 2021-05-01 15:04 - 000000048 _____ () C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini
2020-09-16 18:29 - 2020-09-16 18:29 - 000000410 _____ () C:\Users\Jose Manuel\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================
1 me gusta
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 08-05-2021 01
Ejecutado por Jose Manuel (08-05-2021 22:10:11)
Ejecutado desde C:\Users\Jose Manuel\Desktop
Windows 10 Home Versión 2004 19041.928 (X64) (2020-08-16 17:02:03)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-1982497377-3505030188-412331071-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1982497377-3505030188-412331071-503 - Limited - Disabled)
Invitado (S-1-5-21-1982497377-3505030188-412331071-501 - Limited - Disabled)
Jose Manuel (S-1-5-21-1982497377-3505030188-412331071-1001 - Administrator - Enabled) => C:\Users\Jose Manuel
WDAGUtilityAccount (S-1-5-21-1982497377-3505030188-412331071-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: ESET Security (Disabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Cortafuegos (Disabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_2) (Version: 24.2 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2) (Version: 21.2.0.225 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0) (Version: 14.0 - Adobe Systems Incorporated)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.1.8 - Electronic Arts, Inc.)
Aplicaciones de Microsoft 365 para empresas - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Apple Application Support (32 bits) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
AutoFirma (HKLM-x32\...\AutoFirma ) (Version: 1.5.0.JAv01 - Junta de Andalucía)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blitz 1.14.10 (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.14.10 - Blitz, Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{B38F6A4E-D38B-44C8-BEB7-8C3F7970DD5D}) (Version: 4.9.04043 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.04043 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{F59D9D5D-DAA7-477A-AB73-198CAC8CD044}) (Version: 4.9.04043 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{09D8937A-D7A2-49D9-91B4-C8D260E30583}) (Version: 4.9.04043 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.4.0.0894 - Disc Soft Ltd)
Desinst. control. impres. UFR II (HKLM\...\Canon UFR II Printer Driver) (Version: 5, 4, 1, 0 - Canon Inc.)
Discord (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 121.4.4267 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
EaseUS MobiMover 5.3.6 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
EaseUS Todo PCTrans 12.2 (HKLM-x32\...\EaseUS Todo PCTrans_is1) (Version:  - EaseUS)
Epic Games Launcher (HKLM-x32\...\{3A595C95-121D-4EB0-8D57-C7A309BA6C09}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{D6A86FCC-022C-435F-AD8D-3493C35CB275}) (Version: 14.1.19.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HP Officejet Pro 6830 Software básico del dispositivo (HKLM\...\{1ce98de5-8387-480c-a0f0-b5d581b32749}) (Version: 33.1.74.49987 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Excel 2016 - es-es (HKLM\...\ExcelRetail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Outlook 2016 - es-es (HKLM\...\OutLookRetail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Microsoft PowerPoint 2016 - es-es (HKLM\...\PowerPointRetail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Microsoft Project - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visio - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.13901.20312 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.1 - Mozilla)
Mozilla Thunderbird 78.6.1 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 78.6.1 (x86 es-ES)) (Version: 78.6.1 - Mozilla)
MuseScore 3 (HKLM\...\{E7E1D46F-6CD7-441B-88F7-84A25ADC0B09}) (Version: 3.3.0.8737 - Werner Schweer and Others)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.32.25.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVIDIA Controlador de gráficos 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20312 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20312 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.13901.20230 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.56.33908 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paradox Launcher v2 (HKLM\...\{3D662AC5-4616-4A1C-912E-BD5BF9C9F4C8}) (Version: 2.0.0.0 - Paradox Interactive)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7589 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation)
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-30] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-04] (Spotify AB) [Startup Task]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-1982497377-3505030188-412331071-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Jose Manuel\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-1982497377-3505030188-412331071-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Jose Manuel\Dropbox [2020-03-25 10:31]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [DaemonShellExtDriveUltra] -> {F0E53CA3-02F8-40AE-9470-309F0309036F} => C:\Program Files\DAEMON Tools Ultra\DTShl64.dll [2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [DaemonShellExtImageUltra] -> {B5EBA666-2B94-4C7A-9CAA-A4539F329646} => C:\Program Files\DAEMON Tools Ultra\DTShl64.dll [2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Ningún archivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-08-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-04-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo

==================== Codecs (Lista blanca) ====================

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"
ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"

==================== Módulos cargados (Lista blanca) =============

2018-07-26 14:46 - 2017-09-22 10:31 - 000262656 _____ () [Archivo no firmado] [El archivo está en uso] C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll
2019-06-15 12:10 - 2018-04-30 14:00 - 000075776 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

HKU\S-1-5-21-1982497377-3505030188-412331071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.es/?gws_rd=ssl
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\sharepoint.com -> hxxps://fhnw365-files.sharepoint.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2019-03-19 06:49 - 2021-05-02 19:14 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall de Windows está habilitado.

Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "appOnt"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "HP Officejet Pro 6830 (NET)"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "NordVPN"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{E2D44FA4-D307-4AFD-B423-7D876FAB33E9}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{66FABCAE-FB83-4D79-B355-5D5A3C1F4C63}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{41445D35-6F8B-41DA-BC23-D83C40CDD99C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{062AA51D-F5B9-4ABB-8932-CDF0D917D1FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{50FA6AAC-88B8-4201-9599-A08CA996F39F}C:\users\jose manuel\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\jose manuel\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [UDP Query User{83DC7463-DC03-489A-866F-6BE62A8E0E1C}C:\users\jose manuel\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\jose manuel\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [TCP Query User{9108EBCC-99C1-436F-A5E1-F14225FCBC9C}C:\users\jose manuel\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\jose manuel\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{13BBB258-22A6-4AC3-8031-ACD57AE16565}C:\users\jose manuel\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\jose manuel\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7DD61EF1-3E17-4680-BA54-8B7B56B4C2A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1D03435-0356-4201-8EC2-91E88688BDC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7BEAE22-0538-4DAD-B671-5EA079BFEE31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{871A2957-14A4-41E1-ACDB-66F30EC2F318}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2447785F-846B-4C32-9109-B57D21095723}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5B0E5304-134B-4AF2-ACBE-64772DAB45A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A02B813E-5E4A-4932-A26D-F665868AEAD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D5C5394-E30A-417D-9EE0-6968295E4E59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Puntos de Restauración =========================

02-05-2021 18:47:31 JRT Pre-Junkware Removal
06-05-2021 22:53:42 ZHPcleaner

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (05/08/2021 10:01:25 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (05/08/2021 09:59:08 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (05/08/2021 09:58:02 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (05/08/2021 11:22:02 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado de  a SECURITY_PRODUCT_STATE_OFF.

Error: (05/08/2021 11:21:57 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado de  a SECURITY_PRODUCT_STATE_OFF.

Error: (05/08/2021 11:21:52 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado de  a SECURITY_PRODUCT_STATE_OFF.

Error: (05/08/2021 11:21:47 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado de  a SECURITY_PRODUCT_STATE_OFF.

Error: (05/08/2021 11:21:42 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error al actualizar el estado de  a SECURITY_PRODUCT_STATE_OFF.


Errores del sistema:
=============
Error: (05/08/2021 09:05:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Origin Web Helper Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/07/2021 04:30:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Origin Web Helper Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/07/2021 04:30:25 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Error de inicialización; no se puede crear el dispositivo del controlador.
Use la cadena "%2" para identificar la interfaz con errores de inicialización.
Representa la dirección MAC de la interfaz con errores o el Identificador de
interfaz único global (GUID), si NetBT no pudo asignar de GUID a direcciones
MAC. Si no estaban disponibles ni la dirección MAC ni el GUID, la
cadena representa el nombre de un dispositivo de clúster.

Error: (05/07/2021 04:30:25 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Error de inicialización; no se puede crear el dispositivo del controlador.
Use la cadena "%2" para identificar la interfaz con errores de inicialización.
Representa la dirección MAC de la interfaz con errores o el Identificador de
interfaz único global (GUID), si NetBT no pudo asignar de GUID a direcciones
MAC. Si no estaban disponibles ni la dirección MAC ni el GUID, la
cadena representa el nombre de un dispositivo de clúster.

Error: (05/07/2021 04:29:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 13:51:32 del ‎07/‎05/‎2021 resultó inesperado.

Error: (05/06/2021 10:57:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Origin Web Helper Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/04/2021 11:17:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (05/04/2021 11:17:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\JOSEMA~1\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2021-01-19 21:42:11
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {490087C9-DE72-47D4-AE99-67794B031005}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-01-18 18:31:33
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {03512F7D-EA40-4F90-951B-034206355E20}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-01-17 14:34:43
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {1E2172AA-2E5C-4059-9AEE-1675BC92A050}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-01-15 12:02:07
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {87C9D1A3-99B4-4EDA-B4F8-85CF6A06B2C9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-01-14 17:59:47
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {0B28E3FD-E3EF-460B-89EF-3F20B30F3022}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-05-08 22:00:08
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Información de la memoria =========================== 

BIOS: Insyde Corp. V1.09 07/11/2014
Placa base: Acer EA50_HB
Procesador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Porcentaje de memoria en uso: 41%
RAM física total: 8115.27 MB
RAM física disponible: 4757.13 MB
Virtual total: 9395.27 MB
Virtual disponible: 5861.75 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:930.88 GB) (Free:271.82 GB) NTFS

\\?\Volume{3182c21f-dccc-47cd-b7f3-fd93b8c82d54}\ (Recuperación) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{a7962669-3fd1-4d72-83a0-955b72c0b53f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Final de Addition.txt =======================

¡Gracias por todo y saludos!

1 me gusta

Adelante, vía libre al especialista. FRST es una herramienta muy potente pero que hay que saber manejar, cosa que, a día de hoy, escapa a mi conocimiento. Cuando él acabe, volveré por aquí y terminaremos de dejar tu PC como nuevo :slight_smile:

Saludos!

2 Me gusta

Hola, buenas @belisario

:+1: en cuanto hayamos hecho lo que debemos hacer vuelves tú @Pablo

:zero: PREGUNTAS

¿Tú has instalado en tu ordenador los siguientes programas o te suenan? Son estos:

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
League of Legends (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
MuseScore 3 (HKLM\...\{E7E1D46F-6CD7-441B-88F7-84A25ADC0B09}) (Version: 3.3.0.8737 - Werner Schweer and Others)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VALORANT (HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paradox Launcher v2 (HKLM\...\{3D662AC5-4616-4A1C-912E-BD5BF9C9F4C8}) (Version: 2.0.0.0 - Paradox Interactive)

¿Los descargaste del sitio oficial? ¿Son piratas :pirate_flag: :pirate_flag:? ¿O son legales? Dime el estado de cada uno… si es legal… pirata y si lo descargaste del sitio oficial o no.

He detectado en tu equipo los siguientes antivirus instalados:

ESET Security
Malwarebytes
ESET Cortafuegos
Windows Defender

Todo y que por el log me lo imagino… ¿Pero qué antivirus utilizas actualmente en tu equipo como protección residente? ¿Y qué Firewall?

También he detectado rastros de los siguientes Antivirus en tu máquina:

AVAST
McAfee

¿Los utilizaste en el pasado? ¿Los desinstalaste? Cuéntame todo acerca de estos…

:one: DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con el nombre de Wondershare o Wondershare + Lo que sea.

Pues en tu caso tienes instalados los siguientes:

Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Estos deben de quedar completamente desinstalados.

:two: DESINSTALACIÓN EXTENSIONES

Para las extensiones en que te diga: puedes quitarlas. Hazlo así:

Accedes a Chrome y quitas la extensión llamada vFlowSoft

:three: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Reinicias el ordenador en Modo Normal.

  • Descargas DelFix en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
Task: {9B3E4B60-E0DE-4DE1-8C5B-B912FDBBEC58} - \EOSv3 Scheduler onTime -> Ningún archivo <==== ATENCIÓN
Task: {CEE3BDB1-189B-4192-87D4-442D6121B907} - \EOSv3 Scheduler onLogOn -> Ningún archivo <==== ATENCIÓN
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
CHR Extension: (vFlowSoft) - C:\ProgramData\Jmqgsep\Nnnsd [2021-05-02]
2021-05-02 16:02 - 2021-05-02 16:02 - 001790024 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\JRT.exe
2021-05-02 15:47 - 2021-05-08 22:00 - 000000000 ___HD C:\ProgramData\Jmqgsep
2021-05-02 14:13 - 2021-05-02 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-05-01 13:47 - 2021-05-01 13:47 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill (1).zip
2021-04-30 22:35 - 2021-05-02 14:53 - 000000000 ____D C:\DTRToll
2021-04-30 22:35 - 2021-05-02 14:52 - 000000073 _____ C:\Bug_TKill.txt
2021-04-30 22:35 - 2021-04-30 22:35 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill.zip
2021-04-30 10:12 - 2021-05-01 11:13 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\CAOEYJZhddKFmOGyfRihCVwOLVbXhRFrgDKEXTZEhaNfjsWAicXflQrGnqTrkeZmLGdVreocSDZloMBzZXPSUdTnAryW
2021-04-30 10:07 - 2021-05-06 12:37 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\wJLlafLcJliamdLygTmXtMRnEMahPONoQcXmWYyWEleaGPdUKBuwDzRfRhFGWbGUbZCrajpdODaUJmROcbCgILEbDHHJanZiEiVHhjBnaPhqwXFacQ
2021-04-29 11:55 - 2021-04-29 11:55 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Remo
2021-04-29 11:48 - 2020-04-18 21:51 - 000000000 ___RD C:\Users\Jose Manuel\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2020-09-16 18:29 - 2020-09-16 18:29 - 000000410 _____ () C:\Users\Jose Manuel\AppData\Local\oobelibMkey.log
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Ningún archivo
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"
ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "btweb"
C:\Program Files (x86)\Common Files\Wondershare
C:\ProgramData\Jmqgsep\Nnnsd
Folder: C:\ProgramData\Jmqgsep;C:\ProgramData\SystemAcCrux;C:\Program Files\Common Files\AV;C:\Users\Jose Manuel\AppData\Roaming\Mosan;C:\ProgramData\McInstTemp0208631619973646
File: C:\WINDOWS\System32\drivers\ScpVBus.sys;C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini;C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\containerdevicemanagement.dll;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll
VirusTotal: C:\WINDOWS\System32\drivers\ScpVBus.sys;C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini;C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\containerdevicemanagement.dll;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

Salu2.

2 Me gusta

Buenos dias @Marr0n ,

Ayer me fui a dormir temprano y no lo vi hasta esta mañana, he hecho todo nada mas estar en pie. Primeramente decir que esos programas los instale yo y que o son comprados o descargados del sitio oficial, asi que en principio no deberia haber problemas, son todos legales. Uso el Eset Security version de prueba, le he metido tambien el avast y mcAfee anteriormente cuando empezo todo este problema de la doble tilde para ver si alguno lo detectaba, pero una vez pasados los elimine. He desinstalado el Wondershare (lo que quedaba de el) con la herramienta. Quite la extension, pero volvio a aparecer nuevamente. Pongo el fichero FIXLOG aqui:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 08-05-2021 01
Ejecutado por Jose Manuel (09-05-2021 09:13:07) Run:2
Ejecutado desde C:\Users\Jose Manuel\Desktop
Perfiles cargados: Jose Manuel
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
Task: {9B3E4B60-E0DE-4DE1-8C5B-B912FDBBEC58} - \EOSv3 Scheduler onTime -> Ningún archivo <==== ATENCIÓN
Task: {CEE3BDB1-189B-4192-87D4-442D6121B907} - \EOSv3 Scheduler onLogOn -> Ningún archivo <==== ATENCIÓN
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
CHR Extension: (vFlowSoft) - C:\ProgramData\Jmqgsep\Nnnsd [2021-05-02]
2021-05-02 16:02 - 2021-05-02 16:02 - 001790024 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\JRT.exe
2021-05-02 15:47 - 2021-05-08 22:00 - 000000000 ___HD C:\ProgramData\Jmqgsep
2021-05-02 14:13 - 2021-05-02 14:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-05-01 13:47 - 2021-05-01 13:47 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill (1).zip
2021-04-30 22:35 - 2021-05-02 14:53 - 000000000 ____D C:\DTRToll
2021-04-30 22:35 - 2021-05-02 14:52 - 000000073 _____ C:\Bug_TKill.txt
2021-04-30 22:35 - 2021-04-30 22:35 - 000655848 _____ C:\Users\Jose Manuel\Downloads\DT-Kill.zip
2021-04-30 10:12 - 2021-05-01 11:13 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\CAOEYJZhddKFmOGyfRihCVwOLVbXhRFrgDKEXTZEhaNfjsWAicXflQrGnqTrkeZmLGdVreocSDZloMBzZXPSUdTnAryW
2021-04-30 10:07 - 2021-05-06 12:37 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\wJLlafLcJliamdLygTmXtMRnEMahPONoQcXmWYyWEleaGPdUKBuwDzRfRhFGWbGUbZCrajpdODaUJmROcbCgILEbDHHJanZiEiVHhjBnaPhqwXFacQ
2021-04-29 11:55 - 2021-04-29 11:55 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Remo
2021-04-29 11:48 - 2020-04-18 21:51 - 000000000 ___RD C:\Users\Jose Manuel\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2020-09-16 18:29 - 2020-09-16 18:29 - 000000410 _____ () C:\Users\Jose Manuel\AppData\Local\oobelibMkey.log
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Ningún archivo
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Ningún archivo
ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"
ShortcutWithArgument: C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Jmqgsep\Nnnsd\8EB3FEA5"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\StartupApproved\Run: => "btweb"
C:\Program Files (x86)\Common Files\Wondershare
C:\ProgramData\Jmqgsep\Nnnsd
Folder: C:\ProgramData\Jmqgsep;C:\ProgramData\SystemAcCrux;C:\Program Files\Common Files\AV;C:\Users\Jose Manuel\AppData\Roaming\Mosan;C:\ProgramData\McInstTemp0208631619973646
File: C:\WINDOWS\System32\drivers\ScpVBus.sys;C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini;C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\containerdevicemanagement.dll;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll
VirusTotal: C:\WINDOWS\System32\drivers\ScpVBus.sys;C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini;C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\containerdevicemanagement.dll;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B3E4B60-E0DE-4DE1-8C5B-B912FDBBEC58}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B3E4B60-E0DE-4DE1-8C5B-B912FDBBEC58}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEE3BDB1-189B-4192-87D4-442D6121B907}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE3BDB1-189B-4192-87D4-442D6121B907}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => eliminado correctamente
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => movido correctamente
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => eliminado correctamente
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => eliminado correctamente
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => eliminado correctamente
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => eliminado correctamente
CHR Extension: (vFlowSoft) - C:\ProgramData\Jmqgsep\Nnnsd [2021-05-02] => Error: Ninguna corrección automática encontrada para esta entrada.
C:\Users\Jose Manuel\Downloads\JRT.exe => movido correctamente
C:\ProgramData\Jmqgsep => movido correctamente
"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => no encontrado
C:\Users\Jose Manuel\Downloads\DT-Kill (1).zip => movido correctamente
C:\DTRToll => movido correctamente
C:\Bug_TKill.txt => movido correctamente
C:\Users\Jose Manuel\Downloads\DT-Kill.zip => movido correctamente
C:\Users\Jose Manuel\AppData\Roaming\CAOEYJZhddKFmOGyfRihCVwOLVbXhRFrgDKEXTZEhaNfjsWAicXflQrGnqTrkeZmLGdVreocSDZloMBzZXPSUdTnAryW => movido correctamente
C:\Users\Jose Manuel\AppData\Roaming\wJLlafLcJliamdLygTmXtMRnEMahPONoQcXmWYyWEleaGPdUKBuwDzRfRhFGWbGUbZCrajpdODaUJmROcbCgILEbDHHJanZiEiVHhjBnaPhqwXFacQ => movido correctamente
C:\Users\Jose Manuel\AppData\Roaming\Remo => movido correctamente
C:\Users\Jose Manuel\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App => movido correctamente
C:\Users\Jose Manuel\AppData\Local\oobelibMkey.log => movido correctamente
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => eliminado correctamente
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => eliminado correctamente
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => eliminado correctamente
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => eliminado correctamente
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => eliminado correctamente
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => eliminado correctamente
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => eliminado correctamente
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => eliminado correctamente
C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Acceso directo argumento eliminado correctamente
C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Acceso directo argumento eliminado correctamente
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Wondershare Helper Compact.exe" => eliminado correctamente
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => no encontrado
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Wondershare Helper Compact.exe" => eliminado correctamente
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => no encontrado
"HKU\S-1-5-21-1982497377-3505030188-412331071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\btweb" => eliminado correctamente
"HKU\S-1-5-21-1982497377-3505030188-412331071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\btweb" => no encontrado
"C:\Program Files (x86)\Common Files\Wondershare" => no encontrado
"C:\ProgramData\Jmqgsep\Nnnsd" => no encontrado

========================= Folder: C:\ProgramData\Jmqgsep;C:\ProgramData\SystemAcCrux;C:\Program Files\Common Files\AV;C:\Users\Jose Manuel\AppData\Roaming\Mosan;C:\ProgramData\McInstTemp0208631619973646 ========================

no encontrado.

====== Final de Folder: ======


========================= File: C:\WINDOWS\System32\drivers\ScpVBus.sys;C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini;C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\containerdevicemanagement.dll;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll ========================

C:\WINDOWS\System32\drivers\ScpVBus.sys
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.cat
El archivo está firmado digitalmente
MD5: 0447065A6E10774EFCECFDD0EB970A79
Fecha de creación y modificación: 2019-08-01 20:48 - 2013-05-19 09:02
Tamaño: 000039168
Atributos: ----A
Nombre de la compañía: Bruce James -> Scarlet.Crush Productions
Interno Nombre: ScpVBus.sys
Original Nombre: ScpVBus.sys
Producto: Scp Virtual Bus Driver
Descripción: Scp Virtual Bus Driver
Archivo Versión: 1.0.0.103 built by: WinDDK
Producto Versión: 1.0.0.103
Copyright: Copyright © 2012, 2013 Scarlet.Crush Productions. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/384a9ac72e756f96d43ee4b144a466564476afd8778092c979116bb29a514433/detection/f-384a9ac72e756f96d43ee4b144a466564476afd8778092c979116bb29a514433-1618877797

C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini
Archivo no firmado
MD5: A802917CE99D7517139179CD66C336CC
Fecha de creación y modificación: 2021-05-01 14:57 - 2021-05-01 15:04
Tamaño: 000000048
Atributos: ----A
Nombre de la compañía: Bruce James -> Scarlet.Crush Productions
Interno Nombre: ScpVBus.sys
Original Nombre: ScpVBus.sys
Producto: Scp Virtual Bus Driver
Descripción: Scp Virtual Bus Driver
Archivo Versión: 1.0.0.103 built by: WinDDK
Producto Versión: 1.0.0.103
Copyright: Copyright © 2012, 2013 Scarlet.Crush Productions. All rights reserved.
VirusTotal: 0

C:\WINDOWS\system32\DrtmAuthTxt.wim
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-IsolatedUserMode-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat
El archivo está firmado digitalmente
MD5: 36E69E20A1A69682F3E713DF8BECFDD4
Fecha de creación y modificación: 2021-04-15 21:18 - 2021-04-15 21:18
Tamaño: 000011357
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> Bruce James -> Scarlet.Crush Productions
Interno Nombre: ScpVBus.sys
Original Nombre: ScpVBus.sys
Producto: Scp Virtual Bus Driver
Descripción: Scp Virtual Bus Driver
Archivo Versión: 1.0.0.103 built by: WinDDK
Producto Versión: 1.0.0.103
Copyright: Copyright © 2012, 2013 Scarlet.Crush Productions. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/a05879b310c1edfdfecb7010a656157bcbc50f18a74fc2c980809adfd9b7f663/detection/f-a05879b310c1edfdfecb7010a656157bcbc50f18a74fc2c980809adfd9b7f663-1618687547

C:\WINDOWS\system32\containerdevicemanagement.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Containers-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat
El archivo está firmado digitalmente
MD5: C113EC3ABF481A1B41F99BD721B513C3
Fecha de creación y modificación: 2021-04-15 21:18 - 2021-04-15 21:18
Tamaño: 000231248
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> Microsoft Windows -> Bruce James -> Scarlet.Crush Productions
Interno Nombre: ScpVBus.sys
Original Nombre: ScpVBus.sys
Producto: Scp Virtual Bus Driver
Descripción: Scp Virtual Bus Driver
Archivo Versión: 1.0.0.103 built by: WinDDK
Producto Versión: 1.0.0.103
Copyright: Copyright © 2012, 2013 Scarlet.Crush Productions. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/e07ea2d6d72498a8e499175445b081d2172327a6663f4379f2bbde901c962142/detection/f-e07ea2d6d72498a8e499175445b081d2172327a6663f4379f2bbde901c962142-1619790010

C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Archivo no firmado
MD5: 5C5A797761421CF9B72087F3BC8A5259
Fecha de creación y modificación: 2019-06-15 11:41 - 2021-05-09 09:07
Tamaño: 000000180
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> Microsoft Windows -> Bruce James -> Scarlet.Crush Productions
Interno Nombre: ScpVBus.sys
Original Nombre: ScpVBus.sys
Producto: Scp Virtual Bus Driver
Descripción: Scp Virtual Bus Driver
Archivo Versión: 1.0.0.103 built by: WinDDK
Producto Versión: 1.0.0.103
Copyright: Copyright © 2012, 2013 Scarlet.Crush Productions. All rights reserved.
VirusTotal: https://www.virustotal.com/gui/file/3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e/detection/f-3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e-1620237394

C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll
Archivo no firmado
MD5: EF755CCA56A874637E3C3F618C5A8280
Fecha de creación y modificación: 0000-00-00 00:00 - 0000-00-00 00:00
Tamaño: 000000000
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: BEPLep_loc001f.dll
Original Nombre: BEPLep_loc001f.dll
Producto: 
Descripción:  
Archivo Versión: 0.0.0.0
Producto Versión: 0.0.0.0
Copyright:  
VirusTotal: 0

====== Final de File: ======

VirusTotal: C:\WINDOWS\System32\drivers\ScpVBus.sys => (3) Error
VirusTotal: C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini => (3) Error
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim => (3) Error
VirusTotal: C:\WINDOWS\system32\containerdevicemanagement.dll => (3) Error
VirusTotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => (3) Error
VirusTotal: C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll => (3) Error

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : Home

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : home
   Direcci¢n IPv6 . . . . . . . . . . : 2001:1715:9d9c:a820:cc99:b016:7043:7ba7
   Direcci¢n IPv6 . . . . . . . . . . : 2001:1715:9d9c:a820:fde4:e674:a24f:3730
   Direcci¢n IPv6 . . . . . . . . . . : fdaa:bbcc:ddee:0:fde4:e674:a24f:3730
   Direcci¢n IPv6 temporal. . . . . . : 2001:1715:9d9c:a820:cd8a:a9d9:f5d9:edaf
   Direcci¢n IPv6 temporal. . . . . . : fdaa:bbcc:ddee:0:cd8a:a9d9:f5d9:edaf
   V¡nculo: direcci¢n IPv6 local. . . : fe80::fde4:e674:a24f:3730%12
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.195
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::924d:4aff:febf:a943%12
                                       192.168.1.1

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-1982497377-3505030188-412331071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-1982497377-3505030188-412331071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29691413 B
Java, Flash, Steam htmlcache => 28623966 B
Windows/system/drivers => 15407898 B
Edge => 0 B
Chrome => 755887269 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 21634 B
NetworkService => 21634 B
Jose Manuel => 514918616 B

RecycleBin => 251080639 B
EmptyTemp: => 1.5 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 09:15:58 ====

La doble tilde persiste y la extension sigue ahi, el bicho este es mas duro de lo que creia. Saludos y mil gracias por estar ayudandome.

1 me gusta

Buenas tarde @pepitogrillo

Tiene toda la razon, se me olvido comentarlo. Estaba usando el disco duro externo de mi pareja para hacer una copia de seguridad de mi pc, pero sin darme cuenta borre una carpeta de descargas que estaba en el disco duro creyendome que era la mia, en ese momento empece a buscar programas para recuperar datos borrados de discos duros, tonto de mi, descargue unos que vi y a partir de ese momento empezo todo. Todo comenzo el jueves 29 de Abril. El programa no tengo ni idea de cual era ya que empece a borrar todo en cuanto vi como iba la cosa, y bueno, luego empece a buscar soluciones hasta que llegue a este foro en donde intente las medidas que se proponian en otros temas que trataban este problema, pero no lo consegui, y ya despues abri el tema. Siento si se me paso decirlo antes.

Saludos.

Hola buenas @belisario

:+1: perfecto simplemente era para tenerlo todo claro en cuanto a este aspecto. Pues a veces hay usuarios que tienen una parte de Juegos totalmente legales y otra parte que son piratas :pirate_flag:. Todo y que por lo que vi en los logs ya me parecía que piratas no eran.

Ok… bueno… el caso es que quedan restos varios de estos diferentes antivirus que instalaste y luego quitaste. Lo primordial ahora es herradicar el malware de la máquina. Después ya eliminaremos restos de esos antivirus que ya no utilizas.

OK.

OK.

He estado revisando todo el caso.

Vuelve a ejecutar FRST de la forma que te indique en:

Y traes los dos nuevos logs correspondientes: Frst.txt y Addition.txt.

Salu2.

1 me gusta

Buenas noches @Marr0n

Adjunto los nuevos archivos generados. Frst.txt:

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 09-05-2021
Ejecutado por Jose Manuel (administrador) sobre DESKTOP-C53VVMC (Acer Aspire V3-572G) (10-05-2021 23:25:42)
Ejecutado desde C:\Users\Jose Manuel\Desktop
Perfiles cargados: Jose Manuel
Platform: Windows 10 Home Versión 2004 19041.928 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [164808 2021-04-20] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-04-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Archivo no firmado]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [451952 2018-11-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3137816 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32894024 2021-02-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [PTOneClick] => C:\Users\Jose Manuel\AppData\Local\Webex\Webex\Applications\ptoneclk.exe [7184192 2020-04-12] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [com.blitz.app] => C:\Users\Jose Manuel\AppData\Local\Programs\Blitz\Blitz.exe [109893896 2021-05-06] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKU\S-1-5-21-1982497377-3505030188-412331071-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Jose Manuel\AppData\Local\WebEx\CiscoWebExStart.exe [2841816 2021-04-16] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\Windows\system32\hpinksts7212LM.dll [336904 2014-07-16] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6830): C:\Windows\system32\HPDiscoPM7212.dll [763968 2014-07-18] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {059522B1-CBFD-4F7C-8AA6-1E6E5490D38E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {18BFB1A3-71E5-4422-BF3A-BFC83F763507} - System32\Tasks\Microsoft\Windows\AppID\xrwcther => rundll32 "C:\Users\Jose Manuel\AppData\Local\PlatformCons\DebuuPain\BEPLep_loc001f.dll",faiomwd_Netrjcz
Task: {1D35B215-9FD2-4222-92D3-D62F0346BECD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {25CDDEB2-AB17-4829-807B-D025CB67FABB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {27AEC313-B001-478F-A80D-E004197C79E1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EC9F746-CC5D-4D02-A6ED-3E16C5B3109F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {47F6DB9F-8964-4C91-9C53-580F3E8450AC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4ACC5FF7-7607-47D3-9123-2DC8790B67CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248776 2021-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E7DF88C-FFAD-417C-ADCE-FC2CB3374083} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6E8ADBEE-5B2D-44C1-8F1E-C1DAF34D6BA5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76E969ED-E479-4ECE-8DE1-1EE59199C0F5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A0038AE-C562-4E2F-8D4F-8AC38F144704} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8B3B429C-BCF5-4CFD-9075-745D9D309FA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C6B09C3-7CD5-4327-8052-29DAB2A4CFFA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96F0CC65-3FA5-48E1-BC5B-255C37C5BF83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9ADC3633-B18D-4020-A8D4-36CE76BAC973} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6660845-25B2-46F3-9421-38DA6B4B6440} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-16] (Google Inc -> Google LLC)
Task: {B6A3F472-6331-43E7-8EEC-750B1540C6E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248776 2021-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD021D1A-B58C-416D-B191-DEFA23ED3875} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF578134-F30B-4E74-A9BB-D38394FDE7A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-16] (Google Inc -> Google LLC)
Task: {E3EB1A59-FD47-4F1E-B7BC-4017327D2285} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EAE40F86-9129-4409-B888-E54A3378BD88} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F00E1CC8-AF4D-402B-889A-DFE85010862A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{af0e6388-3f32-40c2-bb6f-b8edd5230703}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Profile: C:\Users\Jose Manuel\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-10]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: lhqzlpgj.default
FF ProfilePath: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\lhqzlpgj.default [2021-05-02]
FF ProfilePath: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\bcpqw2ka.default-release [2021-05-09]
FF Homepage: Mozilla\Firefox\Profiles\bcpqw2ka.default-release -> hxxps://links.malwarebytes.com/link/restorebrowser?lic=trial&product=MBAM-C
FF SearchPlugin: C:\Users\Jose Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\bcpqw2ka.default-release\searchplugins\bing-lavasoft-ff59.xml [2019-08-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default [2021-05-10]
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Presentaciones) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-16]
CHR Extension: (Documentos) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-16]
CHR Extension: (Google Drive) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]
CHR Extension: (Hojas de cálculo) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-19]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Jose Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]
CHR Extension: (vFlowSoft) - C:\ProgramData\Jmqgsep\Cfzrhs [2021-05-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-26] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-04-24] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-05-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-20] (ESET, spol. s r.o. -> ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2954416 2021-04-20] (ESET, spol. s r.o. -> ESET)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [169400 2021-04-20] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [192624 2021-04-20] (ESET, spol. s r.o. -> ESET)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107400 2021-04-20] (ESET, spol. s r.o. -> ESET)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-11-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-05-01] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-05-10 23:25 - 2021-05-10 23:26 - 000024477 _____ C:\Users\Jose Manuel\Desktop\FRST.txt
2021-05-10 23:22 - 2021-05-10 23:22 - 002298880 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FRST64 (2).exe
2021-05-10 23:22 - 2021-05-10 23:22 - 002298880 _____ (Farbar) C:\Users\Jose Manuel\Desktop\FRST64 (2).exe
2021-05-10 09:31 - 2021-05-10 09:32 - 000000000 ____D C:\Users\Jose Manuel\Desktop\fotos del vecino
2021-05-10 09:24 - 2021-05-10 09:24 - 002859708 _____ C:\Users\Jose Manuel\Downloads\IMSLP386047-PMLP545808-Vivaldi,_Antonio-Opere_Ricordi_F_VII_No_1_scan.pdf
2021-05-09 09:22 - 2021-05-10 18:05 - 000000000 ___HD C:\ProgramData\Jmqgsep
2021-05-09 09:08 - 2021-05-09 09:08 - 000797760 _____ C:\Users\Jose Manuel\Downloads\delfix (1).exe
2021-05-09 09:08 - 2021-05-09 09:08 - 000797760 _____ C:\Users\Jose Manuel\Desktop\delfix (1).exe
2021-05-09 08:59 - 2021-05-09 08:59 - 007495512 _____ (VS Revo Group ) C:\Users\Jose Manuel\Downloads\revosetup.exe
2021-05-09 08:59 - 2021-05-09 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-05-09 08:59 - 2021-05-09 08:59 - 000000000 ____D C:\Program Files\VS Revo Group
2021-05-08 22:19 - 2021-05-08 22:19 - 000208361 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-08 at 22.18.53 (1).jpeg
2021-05-08 22:19 - 2021-05-08 22:19 - 000163836 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-08 at 22.18.53 (2).jpeg
2021-05-08 22:18 - 2021-05-08 22:18 - 000096762 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-08 at 22.18.53.jpeg
2021-05-08 22:02 - 2021-05-08 22:02 - 002298880 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FRST64 (1).exe
2021-05-07 11:31 - 2021-05-08 08:48 - 000000000 ____D C:\Users\Jose Manuel\Doctor Web
2021-05-07 11:27 - 2021-05-07 11:30 - 245179552 _____ C:\Users\Jose Manuel\Downloads\c1apgfe2.exe
2021-05-06 23:05 - 2021-05-06 23:05 - 006145921 _____ C:\Users\Jose Manuel\Downloads\IMSLP01259-Bach_Bmin3-1.pdf
2021-05-06 22:54 - 2021-05-06 22:54 - 000009538 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (R).html
2021-05-06 22:54 - 2021-05-06 22:54 - 000003091 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (R).txt
2021-05-06 22:51 - 2021-05-06 22:51 - 000009560 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (S).html
2021-05-06 22:51 - 2021-05-06 22:51 - 000003129 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner (S).txt
2021-05-06 22:40 - 2021-05-06 22:40 - 003327128 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner (2).exe
2021-05-06 22:39 - 2021-05-06 22:39 - 000000881 _____ C:\Users\Jose Manuel\Desktop\ZHPCleaner.lnk
2021-05-06 22:37 - 2021-05-06 22:38 - 003327128 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner (1).exe
2021-05-06 12:30 - 2021-05-06 12:30 - 000189004 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-06 at 12.30.34.jpeg
2021-05-06 12:30 - 2021-05-06 12:30 - 000189004 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-06 at 12.30.34.jpeg
2021-05-06 10:00 - 2021-05-06 10:00 - 000256016 _____ (Cisco Webex LLC) C:\Users\Jose Manuel\Downloads\webex.exe
2021-05-06 09:36 - 2021-05-06 09:36 - 000000000 ____D C:\KVRT2020_Data
2021-05-06 09:35 - 2021-05-06 09:36 - 103333176 _____ (AO Kaspersky Lab) C:\Users\Jose Manuel\Downloads\KVRT (1).exe
2021-05-05 18:17 - 2021-05-05 18:16 - 001143175 _____ C:\Users\Jose Manuel\Desktop\Beethoven-Liszt_Symphony-5 erster Satz Jose Manuel Cuadrado.pdf
2021-05-05 18:16 - 2021-05-05 18:16 - 001143175 _____ C:\Users\Jose Manuel\Downloads\Beethoven-Liszt_Symphony-5 erster Satz.pdf
2021-05-04 23:13 - 2021-05-04 23:13 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner (2).exe
2021-05-04 23:13 - 2021-05-04 23:13 - 000000676 _____ C:\Users\Jose Manuel\Desktop\ESET Online Scanner.lnk
2021-05-04 22:58 - 2021-05-04 22:58 - 000103433 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-04 at 18.25.49.jpeg
2021-05-03 23:15 - 2021-05-03 23:16 - 000135820 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-03 at 23.08.45.jpeg
2021-05-03 23:15 - 2021-05-03 23:16 - 000107867 _____ C:\Users\Jose Manuel\Desktop\WhatsApp Image 2021-05-03 at 23.10.11.jpeg
2021-05-03 23:15 - 2021-05-03 23:15 - 000145388 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 23.08.45.jpeg
2021-05-03 23:15 - 2021-05-03 23:15 - 000110859 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 23.10.11.jpeg
2021-05-03 23:10 - 2021-05-03 23:10 - 000000552 _____ C:\Users\Jose Manuel\Desktop\cc_20210503_231029.reg
2021-05-03 22:46 - 2021-05-03 22:46 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (4).exe
2021-05-03 21:22 - 2021-05-03 21:22 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (3).exe
2021-05-03 21:14 - 2021-05-03 21:14 - 000477952 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 21.12.22 (1).jpeg
2021-05-03 21:13 - 2021-05-03 21:13 - 000243432 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 21.12.22.jpeg
2021-05-03 19:42 - 2021-05-03 19:42 - 000121511 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Image 2021-05-03 at 19.42.16.jpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 001764204 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.38.mpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 001182327 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.48.mpeg
2021-05-03 17:55 - 2021-05-03 17:55 - 000967156 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.55.mpeg
2021-05-03 17:54 - 2021-05-03 17:54 - 001708198 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.57.mpeg
2021-05-03 17:54 - 2021-05-03 17:54 - 001374666 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.38.26.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 001589497 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.42.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000907388 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.24.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000787434 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.34.mpeg
2021-05-03 17:47 - 2021-05-03 17:47 - 000729337 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.37.50.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000850963 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.36.02.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000692975 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.41.mpeg
2021-05-03 17:09 - 2021-05-03 17:09 - 000470621 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.54.mpeg
2021-05-03 17:08 - 2021-05-03 17:08 - 001549791 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.24.mpeg
2021-05-03 17:08 - 2021-05-03 17:08 - 000881057 _____ C:\Users\Jose Manuel\Downloads\WhatsApp Audio 2021-05-03 at 16.35.01.mpeg
2021-05-03 08:52 - 2021-05-10 23:18 - 000000000 ____D C:\Users\Jose Manuel\Desktop\foro antimalwares
2021-05-02 23:12 - 2021-05-02 23:12 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (3).exe
2021-05-02 20:45 - 2021-05-02 20:45 - 000265316 _____ C:\Users\Jose Manuel\Downloads\Drängen und Treiben Beethoven-Symphony_No_5.pdf
2021-05-02 19:38 - 2021-05-02 19:38 - 103321912 _____ (AO Kaspersky Lab) C:\Users\Jose Manuel\Downloads\KVRT.exe
2021-05-02 19:19 - 2021-05-02 19:19 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner (1).exe
2021-05-02 19:07 - 2021-05-09 09:09 - 000000253 _____ C:\DelFix.txt
2021-05-02 19:07 - 2021-05-02 19:07 - 000000000 ____D C:\WINDOWS\ERUNT
2021-05-02 19:06 - 2021-05-02 19:06 - 000797760 _____ C:\Users\Jose Manuel\Downloads\delfix.exe
2021-05-02 18:57 - 2021-05-10 23:26 - 000000000 ____D C:\FRST
2021-05-02 18:57 - 2021-05-02 18:57 - 002298368 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FRST64.exe
2021-05-02 18:55 - 2021-05-02 18:55 - 001599815 _____ C:\Users\Jose Manuel\Downloads\IFS.exe
2021-05-02 18:40 - 2021-05-02 18:40 - 000000000 ____D C:\ProgramData\McInstTemp0208631619973646
2021-05-02 15:21 - 2021-05-02 15:21 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (2).exe
2021-05-02 15:09 - 2021-05-02 15:09 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (3).exe
2021-05-02 14:16 - 2021-05-02 14:16 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (2).exe
2021-05-01 15:02 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\SET2F1F.tmp
2021-05-01 14:59 - 2021-05-02 19:05 - 000000000 ____D C:\Program Files\McAfee
2021-05-01 14:59 - 2021-05-02 19:05 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-05-01 14:59 - 2021-05-02 14:15 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-05-01 14:59 - 2021-05-01 14:59 - 000000000 ____D C:\Program Files\McAfee.com
2021-05-01 14:59 - 2021-05-01 14:59 - 000000000 ____D C:\Program Files\Common Files\AV
2021-05-01 14:57 - 2021-05-02 19:05 - 000000000 ____D C:\ProgramData\McAfee
2021-05-01 14:57 - 2021-05-01 15:04 - 000000048 _____ C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini
2021-05-01 14:57 - 2021-05-01 14:57 - 005794408 _____ (McAfee, LLC) C:\Users\Jose Manuel\Downloads\mcafee_trial_setup_433.0207.3919_key.exe
2021-05-01 13:19 - 2021-05-01 13:19 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2 (1).exe
2021-05-01 13:19 - 2021-05-01 13:19 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup (1).exe
2021-05-01 13:16 - 2021-05-01 13:16 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (2).exe
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\ProgramData\ESET
2021-05-01 12:24 - 2021-05-01 12:24 - 000000000 ____D C:\Program Files\ESET
2021-05-01 12:07 - 2021-05-01 12:07 - 008702880 _____ (ESET) C:\Users\Jose Manuel\Downloads\eset_nod32_antivirus_live_installer.exe
2021-04-30 23:17 - 2021-04-30 23:17 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\AdAwareDesktop
2021-04-30 22:59 - 2021-04-30 22:59 - 008534696 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\adwcleaner_8.2.exe
2021-04-30 22:51 - 2021-04-30 22:51 - 002078632 _____ (Malwarebytes) C:\Users\Jose Manuel\Downloads\MBSetup.exe
2021-04-30 22:45 - 2021-04-30 22:47 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-30 22:45 - 2021-04-30 22:47 - 000000000 ____D C:\Program Files\AVAST Software
2021-04-30 22:43 - 2021-04-30 22:43 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577 (1).exe
2021-04-30 22:25 - 2021-04-30 22:25 - 000289179 _____ C:\Users\Jose Manuel\Downloads\prueba sara 1.pdf
2021-04-30 22:24 - 2021-04-30 22:24 - 000186897 _____ C:\Users\Jose Manuel\Downloads\11010436_89030_pcr_b_20201218174920.91255065.pdf
2021-04-30 21:55 - 2021-05-06 22:54 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\ZHP
2021-04-30 21:55 - 2021-04-30 21:55 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ZHP
2021-04-30 21:51 - 2021-04-30 21:52 - 003326616 _____ (Nicolas Coolman) C:\Users\Jose Manuel\Downloads\ZHPCleaner.exe
2021-04-30 21:46 - 2021-04-30 21:46 - 030972600 _____ (Piriform Software Ltd) C:\Users\Jose Manuel\Downloads\ccsetup577.exe
2021-04-30 21:45 - 2021-04-30 21:45 - 000909824 _____ (Farbar) C:\Users\Jose Manuel\Downloads\FSS.exe
2021-04-30 20:26 - 2021-05-04 23:13 - 000000804 _____ C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-30 20:26 - 2021-04-30 20:26 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Jose Manuel\Downloads\esetonlinescanner.exe
2021-04-30 19:42 - 2021-04-30 22:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-30 10:14 - 2021-04-30 10:14 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Mosan
2021-04-30 10:06 - 2021-04-30 21:12 - 000000000 ____D C:\WINDOWS\PublicGaming
2021-04-29 12:36 - 2021-04-29 12:36 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\EaseUS
2021-04-29 12:36 - 2021-04-29 12:36 - 000000000 ____D C:\Program Files\EaseUS
2021-04-29 11:55 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2021-04-29 09:00 - 2021-04-29 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-04-24 12:55 - 2021-04-24 12:55 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-04-20 16:30 - 2021-04-20 16:30 - 000192624 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-04-20 16:30 - 2021-04-20 16:30 - 000169400 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-04-20 16:30 - 2021-04-20 16:30 - 000107400 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-04-20 13:02 - 2021-04-20 13:02 - 000015824 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2021-04-15 21:18 - 2021-04-15 21:18 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 21:18 - 2021-04-15 21:18 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 21:18 - 2021-04-15 21:18 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-05-10 23:19 - 2019-06-15 11:44 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-10 23:17 - 2019-06-15 11:44 - 000000000 __SHD C:\Users\Jose Manuel\IntelGraphicsProfiles
2021-05-10 23:17 - 2019-06-15 11:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-05-10 21:31 - 2020-08-16 18:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-10 18:58 - 2019-11-09 13:57 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\MuseScore
2021-05-10 18:13 - 2020-09-16 18:32 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-10 18:13 - 2020-09-16 18:32 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-05-10 18:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-09 09:23 - 2020-08-16 19:00 - 001772930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-09 09:23 - 2019-12-07 16:55 - 000789640 _____ C:\WINDOWS\system32\perfh00A.dat
2021-05-09 09:23 - 2019-12-07 16:55 - 000155992 _____ C:\WINDOWS\system32\perfc00A.dat
2021-05-09 09:23 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-09 09:18 - 2020-08-16 19:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-09 09:18 - 2020-08-16 18:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-09 09:18 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-09 09:10 - 2020-10-10 12:10 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Blitz
2021-05-09 09:02 - 2019-06-16 13:41 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-08 22:39 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-08 22:04 - 2019-06-16 14:58 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\Discord
2021-05-08 22:04 - 2019-06-16 14:58 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Discord
2021-05-08 22:01 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-08 11:25 - 2020-08-16 18:05 - 000000000 ____D C:\Users\Jose Manuel
2021-05-07 11:27 - 2020-07-04 22:17 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-07 11:27 - 2020-07-04 22:17 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-07 11:27 - 2020-07-04 22:17 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-06 22:56 - 2020-03-25 10:30 - 000001034 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-06 22:56 - 2020-03-25 10:30 - 000001030 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-05-06 13:15 - 2020-03-24 16:59 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\WebEx
2021-05-06 12:38 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-06 11:23 - 2020-03-24 16:59 - 000000000 ____D C:\Users\Jose Manuel\AppData\LocalLow\WebEx
2021-05-05 18:01 - 2019-06-18 17:02 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\CrashDumps
2021-05-05 16:47 - 2020-03-15 14:45 - 000000000 ____D C:\ProgramData\Riot Games
2021-05-05 08:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-05 01:30 - 2020-08-16 19:01 - 000004094 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-05 01:30 - 2020-08-16 19:01 - 000003862 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-05-02 14:46 - 2019-06-15 12:47 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ElevatedDiagnostics
2021-05-01 17:22 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-01 17:15 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-05-01 15:03 - 2019-03-19 06:49 - 000000124 _____ C:\WINDOWS\win.ini
2021-05-01 12:24 - 2019-06-15 11:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-01 12:14 - 2019-06-15 11:50 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-04-30 23:07 - 2020-08-16 18:53 - 000458680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-30 22:47 - 2019-06-15 11:44 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Packages
2021-04-30 21:50 - 2019-06-16 13:16 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\Google
2021-04-30 21:48 - 2020-08-16 13:07 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-30 21:48 - 2019-08-07 21:14 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\BitTorrent
2021-04-30 21:31 - 2019-06-25 19:13 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\D3DSCache
2021-04-30 20:26 - 2019-06-27 15:51 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\ESET
2021-04-30 20:08 - 2019-08-23 13:17 - 000000000 ____D C:\ProgramData\DAEMON Tools Ultra
2021-04-30 20:08 - 2018-07-26 14:46 - 000000000 ____D C:\Users\Jose Manuel\AppData\Local\PlatformCons
2021-04-30 20:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2021-04-30 19:43 - 2019-06-15 12:15 - 000000000 ____D C:\Users\Jose Manuel\AppData\LocalLow\Mozilla
2021-04-30 10:09 - 2019-08-23 13:17 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra
2021-04-29 21:34 - 2020-08-16 19:01 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1982497377-3505030188-412331071-1001
2021-04-29 21:34 - 2020-08-16 18:05 - 000002415 _____ C:\Users\Jose Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 21:34 - 2019-06-15 11:46 - 000000000 ___RD C:\Users\Jose Manuel\OneDrive
2021-04-29 12:36 - 2021-02-15 12:52 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-04-29 09:00 - 2020-03-25 10:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-04-27 19:23 - 2020-05-26 12:15 - 000000000 ____D C:\Users\Jose Manuel\AppData\Roaming\vlc
2021-04-26 23:24 - 2019-06-16 13:17 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 23:24 - 2019-06-16 13:17 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-26 23:24 - 2019-06-16 13:17 - 000002258 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-26 08:49 - 2020-08-16 19:01 - 000003652 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 08:49 - 2020-08-16 19:01 - 000003528 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-23 21:30 - 2021-01-24 16:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 20:06 - 2019-06-15 12:11 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 14:46 - 2020-08-16 19:01 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 14:46 - 2020-08-16 19:01 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 21:17 - 2020-08-16 18:57 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-15 21:10 - 2019-06-15 11:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-15 21:04 - 2019-06-15 11:51 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Archivos en la raíz de algunos directorios ========

2021-05-01 14:57 - 2021-05-01 15:04 - 000000048 _____ () C:\Users\Jose Manuel\AppData\Roaming\MCVi2UserDetail.ini
2021-05-10 09:09 - 2021-05-10 09:09 - 000000000 _____ () C:\Users\Jose Manuel\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================
1 me gusta