Hola @MIXU.
Después de un día, vuelvo a contactar contigo para comentarte cómo va la cosa. Finalmente, tuve que ejecutar el ordenador en Modo Seguro y el primer análisis duró casi 20h.
Te mando también los informes de Malwarebytes , AdwCleaner , JRT y UsbFix. Te comento que otra vez se me ha puesto como buscador predeterminado el Yahoo! y se me ha quitado Google, no me ha salido nada para aceptar dicho cambio. Fue de un momento para otro al seguir las instrucciones que me diste.
No me enrollo más, te dejo los reportes. Muchas gracias por tu ayuda y perdona por la tardanza.
[code] MalwareBytes
-Detalles del registro-
Fecha del análisis: 28/1/21
Hora del análisis: 13:43
Archivo de registro: 5bc5642a-6166-11eb-9ec1-b4b68638a1c8.json
-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1146
Versión del paquete de actualización: 1.0.36283
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 18362.720)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-LO1JG19Q\inesj
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 450532
Amenazas detectadas: 46
Amenazas en cuarentena: 46
Tiempo transcurrido: 19 hr, 22 min, 25 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 19
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\SOFTWARE\WebDiscoverBrowser, En cuarentena, 5233, 253912, 1.0.36283, , ame, , ,
PUP.Optional.WinYahoo, HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{2f23ab71-4ac6-41f2-a955-ea576e553146}, En cuarentena, 2683, 254682, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirus, En cuarentena, 13532, 783949, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirusProduct, En cuarentena, 13532, 783951, 1.0.36283, , ame, , ,
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, En cuarentena, 5233, 253915, 1.0.36283, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\SOFTWARE\CSASTATS\ic, En cuarentena, 112, 586068, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\SAntivirus, En cuarentena, 13532, 783949, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, En cuarentena, 13532, 757809, 1.0.36283, , ame, , ,
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, En cuarentena, 5233, 253915, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASAPI32, En cuarentena, 13532, 783946, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASMANCS, En cuarentena, 13532, 783946, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASAPI32, En cuarentena, 13532, 783947, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASMANCS, En cuarentena, 13532, 783947, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\SAntivirus, En cuarentena, 13532, 783948, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAntivirusIC, En cuarentena, 13532, 783952, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SANTIVIRUSKD, En cuarentena, 13532, 783953, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\SAntivirus, En cuarentena, 13532, 783948, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAntivirusSvc, En cuarentena, 13532, 783954, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SAntivirus, En cuarentena, 13532, 783950, 1.0.36283, , ame, , ,
Valor del registro: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, En cuarentena, 2683, 254682, 1.0.36283, , ame, , ,
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 8
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\Locales, En cuarentena, 8176, 348279, , , , , ,
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2, En cuarentena, 8176, 348279, , , , , ,
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser, En cuarentena, 8176, 348279, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus, En cuarentena, 13532, 788609, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, C:\ProgramData\SAntivirus, En cuarentena, 13532, 783940, 1.0.36283, , ame, , ,
PUP.Optional.WebDiscoverBrowser, C:\Users\inesj\AppData\Local\WebDiscoverBrowser\User Data, En cuarentena, 5233, 181497, , , , , ,
PUP.Optional.WebDiscoverBrowser, C:\Users\inesj\AppData\Local\WebDiscoverBrowser, En cuarentena, 5233, 181497, 1.0.36283, , ame, , ,
PUP.Optional.Segurazo, C:\Users\inesj\AppData\Roaming\santivirusclient, En cuarentena, 13532, 788610, 1.0.36283, , ame, , ,
Archivo: 18
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\DIGITAL COMMUNICATIONS\SANTIVIRUS\SANTIVIRUSIC.EXE, En cuarentena, 13532, 783952, , , , , B8447CDA50CAF9F372B4EBB97F2675BE, 0B4B992267CD13AFA6D50D602A613C5BD4FC49DD5460CB255C9ED3828156C664
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\DIGITAL COMMUNICATIONS\SANTIVIRUS\SANTIVIRUSKD.SYS, En cuarentena, 13532, 783953, , , , , AD4E18D1CCB62ECD881AA8A3E96108A2, 9C84C22000DE947C0551C46F04A1EE6F1E8D412AA3EEFEB4533D13D144DBF583
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\Locales\es.pak, En cuarentena, 8176, 348279, , , , , 97E7B59B6BDCB9195B669C0991E5B912, E5292FB9DBC48CB29D549B077CBF63685B8C9EF64F9B71E990274DC0C7479A8E
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\icudtl.dat, En cuarentena, 8176, 348279, , , , , BE464D15F6FB048F06C686CF84A5E8A5, 2399E3149C121DDA8C30C622574F1EF9D0B26E4BB665E80E4643E6CF6597602F
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe, En cuarentena, 8176, 348279, , , , , 5DE848CE52C4B42FB459FB8D74291C4B, 7A0D25C4848C07805A4F575E035E1FC1109C725FE6646FC729C9100E5D538F4C
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_100_percent.pak, En cuarentena, 8176, 348279, , , , , A8723BCB801F302F3CFF0B26AE557AA1, 52CF9D8DABAF63E478714157E25C04CDCCA83B5329797F953379F4FB21891F25
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_200_percent.pak, En cuarentena, 8176, 348279, , , , , 98E53B2A41D27F43FD69FC91392BA0C2, 6D04D956FF69EFB1BB329E2F46D4B933ACB771FA6CA409DEE9A2108AAE746163
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_child.dll, En cuarentena, 8176, 348279, , , , , ,
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\chrome_elf.dll, En cuarentena, 8176, 348279, , , , , 9F82BA43FEB1C7D252C98FEA7F4EB321, 30B87BB6468AD09F108EE185E185A38EA4033E8FCC041062466086930E9C94BC
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\natives_blob.bin, En cuarentena, 8176, 348279, , , , , C8D229460AFC78046CD58EF295A7D477, F5F6EAEF2EC4A52A2DA19D3190F9E71A50F4805B8C6530DD232029B5154397DC
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\resources.pak, En cuarentena, 8176, 348279, , , , , D05CE56894014DDF2FE3061FF7BD3A73, B069164219C6C6BEA571380D9B358951EC05F3F1CB6BF26AC4ED3FDA77A19DB9
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\snapshot_blob.bin, En cuarentena, 8176, 348279, , , , , AEE9B98BA0261A6C0A67FB72DCA761E6, 2F999D70962B23C3EC02BE430209487FE9CE4232466A8A602AC0679C9F4CB0AF
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.28.2\v8_context_snapshot.bin, En cuarentena, 8176, 348279, , , , , 560787A0A172FA4BCA7FCB711E3A4AB1, 7E3AFC260F6E31366F91DA874B0FA9B2013E1F3B7401C246AF0572C75FC4A450
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\DIGITAL COMMUNICATIONS\SANTIVIRUS\SANTIVIRUSTOOLS.DLL, En cuarentena, 13532, 828215, 1.0.36283, , ame, , 908C6F9DB78D470FCFC28C906523C21D, 114071B9F58C67E73EBDFEC5F72E751B2A34C1C649B3FB5F1AC6161630FACCFD
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\DIGITAL COMMUNICATIONS\SANTIVIRUS\SANTIVIRUSUNINSTALLER.EXE, En cuarentena, 13532, 887563, 1.0.36283, , ame, , C1232F0F644B562BDFB6F7CA56207785, 7A88A81031376AC0F73B32F4B0240230BE6D3A3231AAF7A063E2EC67D89CABD7
PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\DIGITAL COMMUNICATIONS\SANTIVIRUS\SANTIVIRUSCLIENT.EXE, En cuarentena, 13532, 887563, 1.0.36283, , ame, , FEBBCF7945E4493C28D8948FC40C9D60, 77924BA6FBC4275D07A5291ED896AC6CFD4F11639B53710AF2FE682096CF0D2B
PUP.Optional.Segurazo, C:\USERS\INESJ\APPDATA\LOCAL\TEMP\TMPSEC7765101\SEGURAZO.EXE, En cuarentena, 13532, 886152, 1.0.36283, , ame, , 3B4476F159E94B7E8B4FEF25C1ACD039, 64D3E816BB764BA31A197D39F7789F2D46B9C2CF3131D3FE459A8900C9DA7B79
PUP.Optional.WebDiscoverBrowser, C:\Users\inesj\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma, En cuarentena, 5233, 181497, , , , , 35D38D805C9BD2A6AF9D3416CD08F7C5, 7132D732BED0D5C2A506BD8BD36A5AC4B8CBF8314046A10A441DC7F8B538835D
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
[/code]
**AdwCleaner**
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-29-2021
# Duration: 00:03:25
# OS: Windows 10 Home
# Cleaned: 45
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Digital Communications
***** [ Files ] *****
Deleted C:\Users\inesj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackjack +.lnk
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WallpaperSuite
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5AF7724-1543-430C-BB63-41198B7DB2DC}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPJumpStartApps Folder C:\Program Files (x86)\HP\HP JUMPSTART APPS
Deleted Preinstalled.HPJumpStartApps Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps
Deleted Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6675177C-2B55-4888-81DA-CF02045D7EE4}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\inesj\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\inesj\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B7053964-E2C7-4BA9-84DE-D3A98B5FBA24}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}
Needs Reboot Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
*************************
AdwCleaner[S00].txt - [6612 octets] - [29/01/2021 12:10:02]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
[code] JRT
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by inesj (Administrator) on 29/01/2021 at 12:31:21,95
File System: 0
Registry: 0
Scan was completed on 29/01/2021 at 12:41:13,69
End of JRT log
[/code]
**USBFix**
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Versión : 11.032
# Base de datos :
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : inesj (Administrador)
# Dispositivo : LAPTOP-LO1JG19Q
# Comenzó : 29/01/2021 13:32:21
# ----------------------------------------------------
------------ | Discos analizados |
C:\ NTFS (821GB/915GB) [Fixed]
D:\ NTFS (2GB/15GB) [Fixed]
F:\ FAT32 (6GB/6GB) [Removable]
------------ | Elemento(s) infectado(s) |
~ Ningún elemento detectado ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\inesj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [utweb] "C:\Users\inesj\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
04 - HKCU\..\Run : [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
04 - HKLM\..\Run : [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
04 - HKLM\..\Run : [RtlS5Wake] C:\PROGRA~2\Realtek\PCIEWI~1\RTLS5W~1\RTLS5W~1.EXE
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\..\Run : [OneDrive] "C:\Users\inesj\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\..\Run : [utweb] "C:\Users\inesj\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
04 - HKU\S-1-5-21-1725703154-2497585853-1473731809-1001\..\Run : [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
04GS - Facebook Gameroom.lnk : C:\Users\inesj\AppData\Local\Facebook\Games\FacebookGameroom.exe
------------ | Tasks |
Task - Avast Emergency Update --> C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - HPEA3JOBS --> C:\Program Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task - OneDrive Standalone Update Task v2 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1725703154-2497585853-1473731809-1001 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - Opera scheduled assistant Autoupdate 1584366579 --> C:\Users\inesj\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\inesj\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task - Opera scheduled Autoupdate 1584366567 --> C:\Users\inesj\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Task - StartCN --> "c:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |
[29/01/2021 - 12:19:21 | ASH | 3131668 Ko] - hiberfil.sys
[29/01/2021 - 12:19:24 | ASH | 24117248 Ko] - pagefile.sys
[29/01/2021 - 12:19:24 | ASH | 262144 Ko] - swapfile.sys
[21/09/2018 - 23:14:47 | AHD] - SYSTEM.SAV
[26/11/2019 - 00:51:00 | SHD] - $Recycle.Bin
[31/03/2018 - 02:24:31 | D] - SWSetup
[21/09/2018 - 22:09:46 | SHD] - Documents and Settings
[21/09/2018 - 22:09:46 | SHD] - Archivos de programa
[19/03/2019 - 05:52:43 | D] - PerfLogs
[16/11/2019 - 15:21:02 | D] - Windows10Upgrade
[16/11/2019 - 15:30:45 | HD] - $GetCurrent
[19/11/2019 - 11:24:12 | D] - inetpub
[19/11/2019 - 12:32:57 | SHD] - Recovery
[19/11/2019 - 12:36:40 | D] - AMD
[26/11/2019 - 12:50:57 | RD] - Users
[19/04/2020 - 19:40:28 | D] - Games
[28/01/2021 - 13:02:14 | D] - 0cd12664e046b71e2c391d41bb
[29/01/2021 - 12:07:40 | HD] - ProgramData
[29/01/2021 - 12:13:29 | D] - AdwCleaner
[29/01/2021 - 12:14:09 | HD] - hp
[29/01/2021 - 12:16:43 | D] - ba3cb79344b17ed7e94784
[29/01/2021 - 12:19:46 | RD] - Program Files
[29/01/2021 - 12:35:17 | D] - Windows
[29/01/2021 - 13:30:50 | RD] - Program Files (x86)
------------ | D:\ - Disco fijo (NTFS) |
[31/03/2018 - 02:49:20 | RASH | 0 Ko] - RP.ini
[30/09/2017 - 05:42:22 | RASH | 1207 Ko] - bootmgr.efi
[26/11/2019 - 00:51:00 | SHD] - $RECYCLE.BIN
[30/09/2017 - 05:20:30 | RASH | 388 Ko] - bootmgr
[31/03/2018 - 02:56:41 | RASHD] - Boot
[31/03/2018 - 02:56:41 | RASHD] - EFI
[31/03/2018 - 02:56:41 | RSHD] - preload
[31/03/2018 - 02:56:41 | RSD] - Recovery
[31/03/2018 - 02:56:41 | RASHD] - sources
------------ | F:\ - Disco extraíble (FAT32) |
[29/01/2021 - 13:32:12 | RASHD] - autorun.inf
[25/01/2021 - 23:19:06 | A | 0 Ko] - driveinfo.calibre
[26/01/2021 - 00:45:12 | A | 675 Ko] - metadata.calibre
[14/06/2020 - 00:30:50 | D] - .active_content_sandbox
[16/09/2019 - 13:14:42 | D] - voice
[11/10/2019 - 09:41:04 | D] - fonts
[30/10/2020 - 00:35:20 | D] - documents
[03/01/2021 - 23:59:06 | D] - audible
[29/01/2021 - 00:02:52 | SHD] - system
Elemento(s) infectado(s) : 0
Elementos analizados : 71608 en 00h 00m 23s
# UsbFix-Report-01.txt [5837B]
------------ | E.O.F |
De CCleaner no necesitabas ningún tipo de archivo adjunto, ¿no? De ser así, comunícamelo y lo miramos. Gracias una vez por tu ayuda.
EN BUSCA / ELIMINACIÓN DE MALWARE 
Muy Importante 
EN BUSCA / ELIMINACIÓN DE MALWARE 
RESTABLECER NAVEGADORES
PRÓXIMA RESPUESTA
