Mantenimiento de equipo

Hola @selohu:

Ya he revisado tu segundo informe. Tenías muchas muchas soluciones de seguridad instaladas o restos de ellas. En mi opinión no es una buena forma de proceder. Por varias razones:

• el equipo además de penalizar el rendimiento, podría tener inestabilidades producto de tanto software de seguridad conviviendo juntos

• por otro lado ten en cuenta que el factor determinante en la seguridad de un equipo es el propio usuario. En la mayoría de las ocasiones es su acción consentida la que proporciona las infecciones en un equipo.

Debería tenerlo en cuenta para evitar más problemas de los que quieres tener.

Elimina las extensiones de tu navegador Google Chrome que mas abajo te detallo de la siguiente manera:

• Teclee o copie y pegue chrome://extensions en la barra de direcciones del navegador y presione Enter.
• Haga clic en Quitar disponible bajo la extensión que desea eliminar por completo.
• Un cuadro de diálogo de confirmación aparece en pantalla. Haga clic en Quitar.

11050×840 79.5 KB

CHR Extension: (Trend Micro Toolbar) - C:\Users\selohu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2020-11-21]

Por cierto tu partición C:, de poco más de 100 Gb de capacidad, tiene poco espacio libre. El equipo podría penalidad el rendimiento. Deberías intentar liberar espacio.

A continuación:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

• Descarga y ejecuta DelFix en el escritorio de Windows.
• Clic Derecho, “Ejecutar como Administrador”.
• En la ventana principal, marca solamente la casilla “Create Registry Backup”.
• Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0 
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 
HKLM\...\Policies\Explorer: [NoDFSTab] 0 
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0 
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-gpu-rasterization --enable-oop-rasterization --enable-features=GlobalMediaControls,GlobalMediaControlsForCas (la entrada de datos tiene 234 más caracteres).
HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2151080 2020-11-20] (Brave Software, Inc. -> Brave Software, Inc.)
Task: {1B67B934-BF56-4500-8B7A-84D56E3EDB49} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\selohu\Desktop\esetonlinescanner_enu.exe [15012440 2020-11-18] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {2C3535E1-136E-4769-B5AE-DEA8EA7B47E6} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\selohu\Desktop\esetonlinescanner_enu.exe [15012440 2020-11-18] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Tcpip…\Interfaces{8ae7e996-d9e6-4ca8-a372-ac5cf1c5e946}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Ningún archivo]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
S3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [199304 2020-10-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2020-10-21] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2020-04-21] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [345896 2020-10-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2020-10-21] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S0 360elam64; C:\WINDOWS\System32\DRIVERS\360elam64.sys [17192 2020-10-21] (Microsoft Windows Early Launch Anti-malware Publisher -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [470152 2020-10-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360Hvm; C:\WINDOWS\System32\Drivers\360Hvm64.sys [331560 2020-10-21] (Beijing Qihu Technology Co., Ltd. -> 360安全中心)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2020-10-21] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 esihdrv; C:\Users\selohu\AppData\Local\Temp\esihdrv.sys [205464 2020-11-25] (ESET, spol. s r.o. -> ESET) <==== ATENCIÓN
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-09-25] (Sophos Ltd -> Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-09-25] (Sophos Limited -> Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-09-25] (Sophos Limited -> Sophos Limited)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [74760 2019-06-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [37552 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)
R1 tmeyes; C:\WINDOWS\system32\DRIVERS\tmeyes.sys [684856 2020-03-24] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-03-07] (Trend Micro, Inc. -> Trend Micro Inc.)
S1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [160544 2020-03-27] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137776 2019-05-04] (Trend Micro, Inc. -> Trend Micro Inc.)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
2020-11-21 13:23 - 2020-11-21 13:23 - 000000000 ____D C:\Users\selohu\AppData\Local\AviraSpeedup
2020-11-21 13:02 - 2020-11-21 17:05 - 000000000 ____D C:\Program Files (x86)\Avira
2020-11-21 13:02 - 2020-11-21 13:06 - 000000000 ____D C:\Users\selohu\AppData\Local\Avira
2020-11-21 13:01 - 2020-11-21 13:28 - 000000000 ____D C:\ProgramData\Avira
2020-11-18 11:59 - 2020-11-18 13:49 - 000000841 _____ C:\Users\selohu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-11-18 11:59 - 2020-11-18 13:49 - 000000695 _____ C:\Users\selohu\Desktop\ESET Online Scanner.lnk
2020-11-18 11:59 - 2020-11-18 11:59 - 015012440 _____ (ESET spol. s r.o.) C:\Users\selohu\Desktop\esetonlinescanner_enu.exe
2020-11-18 04:52 - 2020-11-18 11:18 - 000000000 ____D C:\Users\selohu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Software
2020-11-11 22:59 - 2020-11-11 22:59 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2020-11-11 21:53 - 2020-11-11 21:53 - 000000000 ____D C:\WINDOWS\SysWOW64\SophosAV
2020-11-11 21:53 - 2020-11-11 21:53 - 000000000 ____D C:\WINDOWS\system32\SophosAV
2020-11-11 21:53 - 2020-09-25 12:14 - 000047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2020-11-11 21:53 - 2020-09-25 12:14 - 000037376 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe
2020-11-11 21:50 - 2020-09-25 12:14 - 000216280 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\savonaccess.sys
2020-11-11 21:50 - 2020-09-25 12:14 - 000176120 _____ (Sophos Limited) C:\WINDOWS\system32\sdccoinstaller.dll
2020-11-11 21:50 - 2020-09-25 12:14 - 000045840 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\SophosBootDriver.sys
2020-11-11 21:50 - 2020-09-25 12:14 - 000038144 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\sdcfilter.sys
2020-11-11 21:46 - 2020-11-21 01:52 - 000000000 ____D C:\ProgramData\Sophos
2020-11-11 21:46 - 2020-11-21 01:47 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-11-04 20:24 - 2020-11-04 20:24 - 000000000 ____D C:\ProgramData\360sd
2020-11-04 20:14 - 2020-11-25 14:31 - 000000001 _____ C:\WINDOWS\system32\Drivers\360Hvm64.dat
2020-11-04 20:14 - 2020-11-06 04:32 - 000000000 ____D C:\Users\selohu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center
2020-11-04 20:14 - 2020-11-05 23:51 - 000000000 ____D C:\Users\selohu\AppData\LocalLow\360WD
2020-11-04 20:14 - 2020-11-04 20:14 - 000000000 _RSHD C:\360SANDBOX
2020-11-04 20:14 - 2020-10-21 07:47 - 000470152 _____ (360.cn) C:\WINDOWS\system32\Drivers\360FsFlt.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000345896 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000331560 _____ (360安全中心) C:\WINDOWS\system32\Drivers\360Hvm64.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000199304 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000096424 _____ (360.cn) C:\WINDOWS\system32\Drivers\360netmon.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000095232 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000057848 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys
2020-11-04 20:14 - 2020-10-21 07:47 - 000017192 _____ (360.cn) C:\WINDOWS\system32\Drivers\360elam64.sys
2020-10-28 11:18 - 2020-11-06 00:32 - 000000000 ____D C:\KVRT_Data
2020-11-05 17:58 - 2020-04-18 03:54 - 000000000 __SHD C:\$360Section
2020-10-26 20:16 - 2020-08-20 12:59 - 000000000 ____D C:\Users\selohu\AppData\Roaming\IObit
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Ningún archivo
AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10589338.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16990891.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19648080.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24697462.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37238653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39326786.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41645524.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56281002.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56866735.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92292752.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96003709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMInstallerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10589338.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16990891.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19648080.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24697462.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37238653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39326786.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41645524.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56281002.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56866735.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92292752.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96003709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IMFservice => "@"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMInstallerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523.SYS => ""="Driver
IE trusted site: HKU\S-1-5-21-991384485-3360299836-4042273512-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
020-11-19 03:27 - 2020-11-19 03:27 - 000000000 ____D C:\Users\selohu\AppData\Local\AdAwareUpdater
2020-11-19 03:27 - 2020-11-19 03:27 - 000000000 ____D C:\ProgramData\adaware
2020-11-19 03:27 - 2020-11-19 03:27 - 000000000 ____D C:\Program Files\Common Files\adaware
2020-11-18 13:48 - 2020-11-18 13:48 - 000003794 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-11-18 13:48 - 2020-11-18 13:48 - 000003352 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-11-16 01:11 - 2020-11-16 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKillerPE
2020-11-16 01:11 - 2020-11-16 01:12 - 000000000 ____D C:\Program Files\RogueKillerPE
2020-11-11 23:57 - 2020-11-11 23:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32D5B694.sys
2020-10-30 13:29 - 2020-10-30 13:29 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\455527CD.sys
2020-10-28 10:57 - 2020-10-28 11:07 - 000000000 ____D C:\ProgramData\RogueKiller
2020-11-25 14:54 - 2020-04-06 19:37 - 000000000 ____D C:\FSTool
2020-11-08 01:31 - 2020-08-20 11:49 - 000000000 ____D C:\Users\selohu\AppData\Local\Safer-Networking Ltd
2020-11-05 03:11 - 2017-11-16 17:14 - 012114704 _____ (Trend Micro Inc.) C:\Users\selohu\Desktop\RansomwareFileDecryptor 1.0.1668 MUI.exe

EmptyTemp:
END:

• Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

• Ejecutas Frst.exe.
• Presionas el botón Corregir y aguardas a que termine.
• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
• Lo pegas en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.