No se puede abrir ningun archivo guardado en un pendrive

Hola tengo un pendrive que tiene una gran cantidad de archivos (pdf, doc etc) que al hacer doble clic me indican que están dañados. Probé copiarlos al disco rígido y pasa lo mismo. Sospecho que tiene algún tipo de virus. Adjunto una imagen del contenido de la raíz del pendrive mostrando archivos ocultos y protegidos por el sistema. Agradecería me ayuden a recuperar los documentos ya que no tengo backup. Muchas gracias!

Hola @merced25

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • NO necesitamos este reporte

USBFix:

  • Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
  • Ejecute USBFix.exe
  • Una vez conectados todos sus dispositivos presione en “Ejecutar análisis.”
  • Posteriormente seleccione “Full Análisis” y espere a que termine.
  • En caso de detectar amenazas, seleccione todo los elementos detectados y presione “Limpiar todo”
  • Si le pidiera reiniciar el sistema, Acepte .
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
  • Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado. Seleccionas “Todas las Unidades”
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de Malwarebytes y USBFix.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

Hola, te comento que sigo si poder abrir los archivos de mi pendrive. Muchas gracias!

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/10/19
Hora del análisis: 10:33
Archivo de registro: 3d4f3746-e9d0-11e9-a933-0a0027000004.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12811
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 10586.104)
CPU: x86
Sistema de archivos: NTFS
Usuario: PC_SISTEMA\Asistente

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 65884
Amenazas detectadas: 4
Amenazas en cuarentena: 0
Tiempo transcurrido: 5 min, 50 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 2
PUP.Optional.ASK, HKU\S-1-5-21-2134970365-524173003-2390428672-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Sin acciones por parte del usuario, [2], [184157],1.0.12811
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Sin acciones por parte del usuario, [2], [184157],1.0.12811

Valor del registro: 2
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Sin acciones por parte del usuario, [2], [184157],1.0.12811
PUP.Optional.ASK, HKU\S-1-5-21-2134970365-524173003-2390428672-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Sin acciones por parte del usuario, [2], [184156],1.0.12811

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos : 2019.05.21 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : USB
# Usuario : Asistente (Administrador)
# Dispositivo : PC_SISTEMA
# Comenzó : 10/09/2019 12:03:44
# ----------------------------------------------------

------------ | Discos analizados |

G:\	NTFS	(3GB/14GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

~ Ningún elemento detectado ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Asistente\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKLM\..\Run : [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
04 - HKLM\..\Run : [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
04 - HKLM\..\Run : [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
04 - HKLM\..\Run : [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
04 - HKLM\..\Run : [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
04 - HKLM\..\Run : [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-2134970365-524173003-2390428672-1001\..\Run : [OneDrive] "C:\Users\Asistente\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

------------ | Tasks |

Task - Backup mensual MV --> F:\Users\Asistente\Desktop\BackupVMS.bat
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - HPOSIAPP32 --> "%ProgramFiles%\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"
Task - OneDrive Standalone Update Task-S-1-5-21-2134970365-524173003-2390428672-1002 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - SidebarExecute --> C:\Program Files\Windows Sidebar\sidebar.exe

------------ | G:\ - Disco extraíble (NTFS) |

[10/11/2018 - 12:27:16 | A | 65399 Ko] - TL-WN723N(UN)_V3_160822_1475907139974j(1).zip
[03/01/2019 - 21:53:11 | A | 0 Ko] - Mac Office 2016.txt
[19/05/2016 - 13:01:35 | A | 841548 Ko] - Adobe.Premiere.Pro.CC.2015.v9.0.0.342.Multilingual.Incl.Keygen-XFORCE clave www.intercambiosvirtuales.org.rar
[28/06/2019 - 13:37:16 | A | 63266 Ko] - Apertura, videos y dinámicas del Encuentro 3 VF version 2.pptx
[28/06/2019 - 12:24:18 | A | 51710 Ko] - compacto 3 los tres evento.mp4
[16/12/2018 - 20:48:25 | A | 788509 Ko] - Video 2018-12-16 07-58-52.mkv
[23/12/2018 - 16:43:47 | A | 1635690 Ko] - Mac Office 2016.ISO
[23/04/2013 - 12:00:33 | A | 4773 Ko] - FurMark_1.10.6_Setup.exe
[22/06/2019 - 09:22:07 | A | 509168 Ko] - 430.86-desktop-win8-win7-64bit-international-whql.exe
[17/04/2019 - 15:25:41 | ASH | 0 Ko] - .dropbox.device
[09/11/2018 - 10:46:23 | D] - Deep Freeze 7.51.020.4170 Standard
[07/11/2018 - 17:57:00 | D] - Deep Freeze Standard 6.61.020.2822
[06/12/2018 - 10:43:17 | D] - Adobe.Premiere.Pro.v.7.[Español]
[10/11/2018 - 11:59:59 | D] - drivers
[10/11/2018 - 12:28:59 | D] - TL-WN723N(UN)_V3_160822_1475907139974j(1)
[24/11/2018 - 14:07:28 | D] - Copiar a disco externo tandem
[29/12/2018 - 15:47:39 | D] - Office 2013 completo
[05/06/2019 - 15:50:38 | D] - SUMA
[06/06/2019 - 14:38:12 | D] - PALESTINA
[18/06/2019 - 10:48:40 | D] - TANDEM
[29/06/2019 - 20:31:03 | D] - AIO_OFF_2016_32_En_Es
[02/07/2019 - 13:06:47 | D] - odt

Elemento(s) infectado(s) : 0
Elementos analizados : 36104 en 00h 00m 05s

# UsbFix-Report-01.txt [4189B]

------------ | E.O.F  |

Hola:

Con USBfix analizaste todo? por que solo se ve una Unidad analizada y tienes que analizar todo, o sino no detectara la infección en tu SO si la hubiera.

G:\ NTFS (3GB/14GB) [Removable]

Salu2

Pego nuevamente los reportes, muchas gracias

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/10/19
Hora del análisis: 22:13
Archivo de registro: 34b6bb96-eafb-11e9-b02c-000000000000.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.629
Versión del paquete de actualización: 1.0.12833
Licencia: Prueba

-Información del sistema-
SO: Windows 7
CPU: x86
Sistema de archivos: NTFS
Usuario: BANGHO\user

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 137207
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 28 min, 44 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos : 2019.05.21 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : user (Administrador)
# Dispositivo : BANGHO
# Comenzó : 09/10/2019 22:11:53
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(263GB/298GB)	[Fixed] 
E:\	FAT32	(27GB/29GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

~ Ningún elemento detectado ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Hotkey.lnk : C:\Program Files\Hotkey\Hotkey.exe

------------ | Tasks |

Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys
[20/11/2011 - 18:48:35 | RASH | 0 Ko] - MSDOS.SYS
[20/11/2011 - 18:48:35 | RASH | 0 Ko] - IO.SYS
[02/10/2019 - 12:30:08 | ASH | 2683968 Ko] - hiberfil.sys
[02/10/2019 - 12:30:14 | ASH | 3578628 Ko] - pagefile.sys
[02/11/2011 - 09:59:34 | SHD] - $Recycle.Bin
[10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat
[13/07/2009 - 23:37:05 | D] - PerfLogs
[14/07/2009 - 01:53:55 | SHD] - Documents and Settings
[02/11/2011 - 09:58:57 | SHD] - Archivos de programa
[02/11/2011 - 09:58:57 | SHD] - Recovery
[02/11/2011 - 09:59:10 | RD] - Users
[02/11/2011 - 10:03:23 | D] - Intel
[02/11/2011 - 10:20:20 | RHD] - MSOCache
[02/11/2011 - 10:22:12 | D] - IDE
[09/10/2019 - 22:06:15 | HD] - ProgramData
[09/10/2019 - 22:10:57 | D] - Windows
[09/10/2019 - 22:11:42 | RD] - Program Files

------------ | E:\ - Disco extraíble (FAT32) |

[05/08/2019 - 16:30:14 | A | 52 Ko] - Encuesta Fintech_August 5, 2019_13.00.xlsx
[26/07/2019 - 12:34:28 | A | 900 Ko] - Fintech 2017.pptx
[30/07/2019 - 15:03:20 | A | 16708 Ko] - Benchmark de Eficiencia Integral - ICBC DIC18.pptx
[10/08/2019 - 21:41:06 | A | 308 Ko] - Carátula y capítulos.pdf
[08/10/2019 - 10:24:44 | RASHD] - autorun.inf
[31/01/2019 - 10:25:00 | A | 701 Ko] - DGCipher.exe
[01/08/2019 - 10:39:16 | A | 2 Ko] - DGCipher.exe.dat
[13/08/2018 - 17:19:42 | AD] - Manuales de Bienvenida
[23/11/2018 - 16:20:08 | AD] - Excel Intermedio
[26/11/2018 - 15:51:40 | D] - Relevamientos
[03/01/2019 - 10:42:46 | AD] - Dpto Pinamar
[08/01/2019 - 11:18:46 | D] - Casa Pinamar
[21/01/2019 - 14:09:46 | AD] - BGBA
[22/03/2019 - 10:14:46 | AD] - Apertura y cierre de proyectos
[25/04/2019 - 12:07:38 | AD] - Amex
[29/04/2019 - 14:05:02 | D] - Máster
[03/05/2019 - 15:11:58 | D] - BGBA Bench Contable
[03/05/2019 - 15:32:32 | D] - Meli
[20/05/2019 - 17:16:24 | D] - Reuniones equipo FS
[20/05/2019 - 17:16:28 | AD] - Salta
[21/05/2019 - 14:03:16 | AD] - PIUMA
[24/05/2019 - 14:19:54 | AD] - Manuales BOC
[02/07/2019 - 12:58:22 | AD] - Templates
[11/07/2019 - 11:05:34 | AD] - Cami personal
[26/07/2019 - 17:25:58 | AD] - Estudio de caso
[30/07/2019 - 14:34:50 | N | 3 Ko] - DG1__DS_DIR_HDR
[30/07/2019 - 14:37:16 | D] - Varios
[30/07/2019 - 14:39:02 | D] - Manuales BOC español
[30/07/2019 - 14:47:50 | D] - BGBA 2
[30/07/2019 - 14:49:36 | D] - BOC 1
[30/07/2019 - 14:55:16 | N | 3 Ko] - DG1__DS_VOL_HDR
[01/08/2019 - 10:38:36 | D] - Workshop
[13/08/2019 - 15:24:06 | D] - BOC
[20/08/2019 - 15:01:54 | D] - Instructivos
[20/08/2019 - 15:02:00 | D] - Archivos Varios
[20/08/2019 - 15:03:14 | D] - Deliverys
[20/08/2019 - 15:03:52 | D] - Presentaciones

Elemento(s) infectado(s) : 0
Elementos analizados : 40369 en 00h 00m 13s

# UsbFix-Report-01.txt [4547B]

------------ | E.O.F  |

Hola @merced25

Las herramientas no detectaron nada, pero te hago una consulta en la imagen que subiste en el primer post entre tus archivos puede verse uno que se llama:

  • autoruns.inf.vir

Con que herramientas analizaste anteriormente ese USB?


Intenta lo siguiente con tu USB conectado:

Desactive temporalmente su Antivirus:

Descargue la herramienta: ComboFix

  • Guárdela en el escritorio. >>> Esto es Muy Importante

Nota Antes de ejecutar ComboFix asegurarse de :

  • Cerrar TODOS los programas y/o ventanas abiertas. :negative_squared_cross_mark:

  • Si está utilizando Windows Vista o Windows 7/8. Haga click derecho sobre el archivo ComboFix.exe y seleccionar Ejecutar como Administrador.:

PASO 1:

  • Ejecute el archivo ComboFix.exe
  • Acepte los términos de licencia.
  • Si ComboFix le avisa que hay una versión nueva del programa deberá descargarla.
  • Si ComboFix le pide instalar la Consola de Recuperación (Recovery Console) hay que instalarla.

PASO 2:

  • Copiar y pegar el reporte que ComboFix generó. Si no aparece lo encontrará en C:\ComboFix.txt
  • Comentar cómo sigue su sistema, en relación al problema planteado.

Importante :

  • Mientras esté trabajando ComboFix no ejecutar ningún software hasta que termine.
  • No reiniciar su PC, ComboFix lo hará de ser necesario.
  • Mientras ComboFix esté trabajando, no mover el mouse ya que pararía su proceso.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos ese reporte.

Salu2.

Ese archivo .vir me lo genero una herramienta que uso para analizar virus en el pendrive. No recuerdo su nombre.

ComboFix 19-09-28.01 - user 10/10/2019  10:06:21.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.54.3082.18.3495.2602 [GMT -3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((((   Files Created from 2019-09-10 to 2019-10-10  )))))))))))))))))))))))))))))))
.
.
2019-10-10 13:10 . 2019-10-10 13:10	--------	d-----w-	c:\users\user\AppData\Local\temp
2019-10-10 13:10 . 2019-10-10 13:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2019-10-10 01:11 . 2019-10-10 01:11	--------	d-----w-	c:\program files\UsbFix
2019-10-10 01:07 . 2019-10-10 01:07	--------	d-----w-	c:\users\user\AppData\Local\mbam
2019-10-10 01:06 . 2019-10-10 01:06	241760	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2019-10-10 01:06 . 2019-09-30 09:25	129056	----a-w-	c:\windows\system32\drivers\mbae.sys
2019-10-10 01:06 . 2019-10-10 01:06	--------	d-----w-	c:\programdata\Malwarebytes
2019-10-10 01:06 . 2019-10-10 01:06	--------	d-----w-	c:\program files\Malwarebytes
2019-10-10 01:04 . 2019-10-10 01:04	--------	d-----w-	c:\program files\CCleaner
2019-09-21 15:58 . 2019-09-21 15:58	--------	d-----w-	c:\program files\CrystalDiskInfo
2019-09-21 15:58 . 2019-09-21 15:58	--------	d-----w-	c:\users\user\AppData\Local\Programs
2019-09-21 15:33 . 2019-09-21 15:33	11470784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C213648C-C0FA-40B5-B967-5D33B963124E}\mpengine.dll
2019-09-21 01:44 . 2019-09-21 01:44	--------	d-----w-	c:\users\user\AppData\Local\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-04-28 16:50 . 2019-04-28 16:50	7505920	----a-w-	c:\program files\GUT8D9F.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-10 1697064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-04 10025576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files\Hotkey\Hotkey.exe [2011-4-13 3078144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 04:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 02:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-09 14:36	176664	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-09 14:36	143384	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-09 14:36	178200	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 13:45	19550344	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2019-06-26 5394136]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\77.0.3865.90\elevation_service.exe [2019-09-17 959984]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-05 144472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2011-01-14 115216]
S2 e$ntkdd;e$ntkdd; [x]
S2 hkey-kdd;hkey-kdd; [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2011-02-15 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-31 2656280]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2019-10-10 241760]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-18 41088]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-01-27 1115752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - QWAVEDRV
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2019-09-21 15:55	1932784	----a-w-	c:\program files\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = oldwebct.udesa.edu.ar:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0D18A4BD-AA7F-4394-AD4E-EE5B3BB60F9E}: NameServer = 192.168.0.200,192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\llfwvjp0.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Google Update - c:\users\user\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2019-10-10  10:11:41
ComboFix-quarantined-files.txt  2019-10-10 13:11
.
Pre-Run: 284.084.588.544 bytes libres
Post-Run: 283.766.079.488 bytes libres
.
- - End Of File - - BC92C1CD942A5DD5892EBAA258996C0A
A36C5E4F47E84449FF07ED3517B43A31

Hola @merced25

Mientras analizo el reporte comenta si pudiste acceder a tus archivos.

Salu2

Lamentablemente sigo sin poder abrir ningún archivo.

Seria interesante que la busques en tu equipo y recordaras su nombre.

Intenta abrir un documento del tipo Word o pdf, y tomas una captura y la subes.

Cuando abres alguna carpeta del pendrive, estas si las puedes abrir?

Nos comentas.

Salu2

1

Hola:

No has respondido todas las consultas que te deje.


Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Las carpetas puedo abrirlas sin ningun problema.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2019 02
Ran by user (administrator) on BANGHO (Bangho W240HU/W250HUQ) (12-10-2019 12:43:19)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: Español (España, internacional)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hotkey\Hotkey.exe
() [File not signed] C:\Program Files\Hotkey\PowerBiosServer.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) [File not signed] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-02-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\RunOnce: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-21] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2011-11-02]
ShortcutTarget: Hotkey.lnk -> C:\Program Files\Hotkey\Hotkey.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {036A9633-E167-449B-87A2-2FE2429E1884} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-09-21] (Google Inc -> Google LLC)
Task: {0C563F9A-22A9-4303-B330-D39A2090C0DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {4E23F306-416D-4742-8DB4-36CD46020D79} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {799D77BE-9241-4BFA-8B86-8C47343A30D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154920 2019-09-21] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1818047438-4088691853-1177803713-1000] => oldwebct.udesa.edu.ar:8080
AutoConfigURL: [S-1-5-21-1818047438-4088691853-1177803713-1000] => oldwebct.udesa.edu.ar:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0C846E17-6F15-4FFE-9BD7-5B40D977C480}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D18A4BD-AA7F-4394-AD4E-EE5B3BB60F9E}: [NameServer] 192.168.0.200,192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: llfwvjp0.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\llfwvjp0.default [2019-10-10]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR Extension: (Escritorio remoto de Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-10-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-09]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-21]
StartMenuInternet: Google Chrome.FICSQ75V5RWI5LUZQDXRJ63ZEY - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PowerBiosServer; C:\Program Files\Hotkey\PowerBiosServer.exe [33792 2011-02-15] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [12135768 2019-09-24] (TeamViewer GmbH -> TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 e$ntkdd; C:\Windows\System32\Drivers\e$ntkdd.sys [7668 2016-01-22] (Microsoft Corporation) [File not signed]
R2 hkey-kdd; C:\Windows\System32\Drivers\hkey-kdd.sys [43776 2016-01-22] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-10-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73216 2016-01-22] () [File not signed]
U3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-12 12:43 - 2019-10-12 12:44 - 000009479 _____ C:\Users\user\Desktop\FRST.txt
2019-10-12 12:43 - 2019-10-12 12:43 - 000000000 ____D C:\FRST
2019-10-12 12:42 - 2019-10-12 12:42 - 001452032 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2019-10-10 10:11 - 2019-10-10 10:11 - 000006986 _____ C:\ComboFix.txt
2019-10-10 10:05 - 2019-10-10 10:11 - 000000000 ____D C:\Qoobox
2019-10-10 10:05 - 2019-10-10 10:10 - 000000000 ____D C:\Windows\erdnt
2019-10-10 10:05 - 2011-06-26 03:45 - 000256000 _____ C:\Windows\PEV.exe
2019-10-10 10:05 - 2010-11-07 14:20 - 000208896 _____ C:\Windows\MBR.exe
2019-10-10 10:05 - 2009-04-20 01:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2019-10-10 10:05 - 2000-08-30 21:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2019-10-10 10:05 - 2000-08-30 21:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2019-10-10 10:05 - 2000-08-30 21:00 - 000098816 _____ C:\Windows\sed.exe
2019-10-10 10:05 - 2000-08-30 21:00 - 000080412 _____ C:\Windows\grep.exe
2019-10-10 10:05 - 2000-08-30 21:00 - 000068096 _____ C:\Windows\zip.exe
2019-10-10 10:03 - 2019-10-10 10:03 - 005659678 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2019-10-09 23:20 - 2019-10-09 23:20 - 000001523 _____ C:\Users\user\Desktop\malw.txt
2019-10-09 22:12 - 2019-10-09 22:12 - 000004609 _____ C:\Users\user\Desktop\UsbFix-Report-01.txt
2019-10-09 22:11 - 2019-10-09 22:12 - 000001837 _____ C:\Users\user\Desktop\UsbFix Anti-Malware.lnk
2019-10-09 22:11 - 2019-10-09 22:11 - 000000000 ____D C:\Program Files\UsbFix
2019-10-09 22:07 - 2019-10-09 22:07 - 004763232 _____ (SOSVirus) C:\Users\user\Desktop\UsbFix_2019_11.016.exe
2019-10-09 22:07 - 2019-10-09 22:07 - 000000000 ____D C:\Users\user\AppData\Local\mbamtray
2019-10-09 22:07 - 2019-10-09 22:07 - 000000000 ____D C:\Users\user\AppData\Local\mbam
2019-10-09 22:06 - 2019-10-09 22:06 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-09 22:06 - 2019-10-09 22:06 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-09 22:06 - 2019-10-09 22:06 - 000002024 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-09 22:06 - 2019-10-09 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-09 22:06 - 2019-10-09 22:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-09 22:06 - 2019-10-09 22:06 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-09 22:06 - 2019-09-30 06:25 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-10-09 22:04 - 2019-10-09 22:04 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-10-09 22:04 - 2019-10-09 22:04 - 000002802 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-10-09 22:04 - 2019-10-09 22:04 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-10-09 22:04 - 2019-10-09 22:04 - 000000969 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-10-09 22:04 - 2019-10-09 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-10-09 22:04 - 2019-10-09 22:04 - 000000000 ____D C:\Program Files\CCleaner
2019-10-09 22:02 - 2019-10-09 22:03 - 066518768 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.629-1.0.12825.exe
2019-10-09 22:02 - 2019-10-09 22:03 - 020889016 _____ (Piriform Software Ltd) C:\Users\user\Downloads\ccsetup561.exe
2019-10-02 12:42 - 2019-10-02 12:42 - 000000000 ____D C:\Users\user\AppData\Roaming\Google
2019-10-02 12:39 - 2019-10-02 12:39 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2019-09-21 13:01 - 2019-09-21 13:01 - 000000000 ____D C:\Users\user\Desktop\AIDA64 Extreme Edition v6.00.5100
2019-09-21 12:58 - 2019-09-21 12:58 - 000001944 _____ C:\Users\user\Desktop\CrystalDiskInfo.lnk
2019-09-21 12:58 - 2019-09-21 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2019-09-21 12:58 - 2019-09-21 12:58 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2019-09-21 12:56 - 2019-09-21 12:58 - 004276472 _____ (Crystal Dew World ) C:\Users\user\Downloads\CrystalDiskInfo8_3_0.exe
2019-09-21 12:55 - 2019-09-21 12:55 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-21 12:55 - 2019-09-21 12:55 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-21 12:55 - 2019-09-21 12:55 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-21 12:54 - 2019-10-02 12:41 - 000003460 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-09-21 12:54 - 2019-10-02 12:41 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-09-21 12:53 - 2019-09-21 12:53 - 001151544 _____ (Google LLC) C:\Users\user\Downloads\ChromeSetup.exe
2019-09-20 22:44 - 2019-09-20 22:44 - 000000000 ____D C:\Users\user\AppData\Local\TeamViewer

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-10 10:10 - 2009-07-13 23:04 - 000000215 _____ C:\Windows\system.ini
2019-10-10 10:03 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2019-10-09 22:12 - 2011-11-02 10:02 - 001564492 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-09 22:12 - 2009-07-14 05:48 - 000707438 _____ C:\Windows\system32\perfh00A.dat
2019-10-09 22:12 - 2009-07-14 05:48 - 000138974 _____ C:\Windows\system32\perfc00A.dat
2019-10-09 22:09 - 2019-04-28 13:47 - 000000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2019-10-09 22:09 - 2011-12-27 14:43 - 000000000 ____D C:\Users\user\AppData\Roaming\Skype
2019-10-09 22:09 - 2011-11-02 06:52 - 000000000 ____D C:\Windows\Panther
2019-10-02 13:52 - 2019-04-28 13:46 - 000000000 ____D C:\Program Files\TeamViewer
2019-10-02 13:51 - 2019-04-28 13:47 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-10-02 13:51 - 2019-04-28 13:47 - 000000917 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-10-02 13:51 - 2019-04-28 13:47 - 000000917 _____ C:\ProgramData\Desktop\TeamViewer 14.lnk
2019-10-02 12:47 - 2011-11-25 09:46 - 000000000 ____D C:\Users\user\AppData\Local\Google
2019-10-02 12:41 - 2016-01-22 15:46 - 000000000 ____D C:\Program Files\Google
2019-10-02 12:38 - 2009-07-14 01:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-02 12:38 - 2009-07-14 01:34 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-02 12:30 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-21 13:00 - 2011-11-25 09:49 - 000002262 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-20 22:28 - 2011-11-02 10:14 - 000108824 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2019-09-20 22:27 - 2009-07-14 01:33 - 000413392 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories ================

2019-04-28 13:50 - 2019-04-28 13:50 - 007505920 _____ () C:\Program Files\GUT8D9F.tmp

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\system32\SBACTINF.DLL [2016-01-22] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-10 10:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2019 02
Ran by user (12-10-2019 12:45:05)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate  (X86) (2011-11-02 12:59:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1818047438-4088691853-1177803713-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1818047438-4088691853-1177803713-1003 - Limited - Enabled)
Invitado (S-1-5-21-1818047438-4088691853-1177803713-501 - Limited - Disabled)
user (S-1-5-21-1818047438-4088691853-1177803713-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader 9 - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrystalDiskInfo 8.3.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.0 - Crystal Dew World)
Google Chrome (HKLM\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Hotkey 3.3031 (HKLM\...\{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3031 - NoteBook) Hidden
Hotkey 3.3031 (HKLM\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3031 - NoteBook)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.54.1 - JMicron Technology Corp.)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 es-AR) (HKLM\...\Mozilla Firefox 43.0.4 (x86 es-AR)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Nero 8.3.2.1 (HKLM\...\Nero8WinuE_is1) (Version: 8.3.2.1 - Bj @ WinuE)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6324 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.0 - Synaptics Incorporated)
TeamViewer 14 (HKLM\...\TeamViewer) (Version: 14.6.4835 - TeamViewer)
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.1.6 - SOSVirus (SOSVirus.Net))
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-09-13] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-09-13] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2006-09-13] () [File not signed]

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [SENTINEL] => C:\Windows\system32\snti386.dll [50176 2016-01-22] (Rainbow Technologies, Inc.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio remoto de Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2007-12-12 22:46 - 2007-12-12 22:46 - 000077824 _____ ( ) [File not signed] C:\Program Files\Hotkey\Interop.WbemScripting.dll
2009-06-06 13:50 - 2009-06-06 13:50 - 000019968 _____ () [File not signed] C:\Program Files\Hotkey\Audiodll.dll
2011-11-02 10:02 - 2006-09-13 23:20 - 000126464 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2011-11-02 10:15 - 2011-01-31 10:57 - 001892352 ____R (Apache Software Foundation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2011-11-02 10:15 - 2011-01-31 10:53 - 000069632 ____R (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2006-10-26 12:44 - 2006-10-26 12:44 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
2006-10-26 12:45 - 2006-10-26 12:45 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2011-11-02 10:34 - 2011-11-02 10:34 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL
2011-03-23 08:52 - 2011-03-23 08:52 - 000218112 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\Hotkey\GetProductdll.dll
2010-08-20 09:15 - 2010-08-20 09:15 - 000220160 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\Hotkey\powerlife.dll
2010-06-21 09:10 - 2010-06-21 09:10 - 000204288 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\Hotkey\wlandll.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000098304 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZGDI.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000061440 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZIMF.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000110592 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZIMFDRV.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000135168 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZSDDM.DLL
2010-02-23 15:51 - 2008-08-08 11:09 - 000172032 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZSDDMUI.DLL
2010-02-23 15:51 - 2008-08-08 11:09 - 000061440 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\zSDNT5UI.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000106496 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZSPOOL.dll
2010-02-23 15:51 - 2008-08-08 11:09 - 000053248 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\ZTAG.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2019-10-10 10:10 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{FB345AA2-71E6-4517-93E2-78AA8A47894B}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{C04D3DD1-C30A-4BDA-B44A-B0173A2BAFA5}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [TCP Query User{29692007-E2EF-4976-9EAE-A5710387C536}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{3FC50E58-BCD8-4EEB-A6E5-79A86A836FF0}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [{7571BBE0-01B4-4F1A-9AD6-E0E10CE00D6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies SA -> Skype Technologies S.A.)
FirewallRules: [{B70A9F74-72CE-4A19-95A1-9C9C2FFCC9D2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{01AD8931-A455-44AC-9D83-3FF67752BD3B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{396D3069-5DF9-4CD0-AB66-50D293B408BD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B8306DD3-6879-49E3-A1B2-B75743E36E09}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3B8393D8-7BF0-4121-9580-C7412C6D7EE6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0D985FF9-4C52-42F1-8ACA-6C384C310D7C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{960B5F68-B9BD-4DCF-BCDD-29E088038179}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

==================== Restore Points =========================

20-01-2016 13:21:32 Punto de control programado
21-09-2019 12:30:44 avast! Pro Antivirus Setup
09-10-2019 23:14:24 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2019 10:42:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: El servidor especificado no puede ejecutar la operación solicitada.
.

Error: (10/09/2019 10:42:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: El servidor especificado no puede ejecutar la operación solicitada.
.

Error: (10/09/2019 10:42:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: El servidor especificado no puede ejecutar la operación solicitada.
.

Error: (10/09/2019 10:42:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: El servidor especificado no puede ejecutar la operación solicitada.
.

Error: (10/09/2019 10:42:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: El servidor especificado no puede ejecutar la operación solicitada.
.

Error: (10/09/2019 10:42:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Error en la recuperación de actualización automática del certificado raíz de terceros de: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> con el error: Se devolvió esta operación porque se agotó el tiempo de espera.
.

Error: (09/18/2012 04:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: POWERPNT.EXE, versión: 12.0.4518.1014, marca de tiempo: 0x45428035
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7600.16850, marca de tiempo: 0x4e21132b
Código de excepción: 0xe0000002
Desplazamiento de errores: 0x00009673
Id. del proceso con errores: 0xa48
Hora de inicio de la aplicación con errores: 0x01cd95c9384d815a
Ruta de acceso de la aplicación con errores: C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
Ruta de acceso del módulo con errores: C:\Windows\system32\KERNELBASE.dll
Id. del informe: 8d092259-01c3-11e2-b454-0090f5be5295

Error: (09/13/2012 11:14:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa iexplore.exe, versión 9.0.8112.16446, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 125c

Hora de inicio: 01cd921e9c5c0048

Hora de finalización: 5

Ruta de acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe

Identificador de informe:


System errors:
=============
Error: (10/10/2019 10:10:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (10/10/2019 10:08:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (10/10/2019 10:06:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (10/09/2019 11:14:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR1.

Error: (10/09/2019 11:14:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR1.

Error: (10/09/2019 11:14:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR1.

Error: (09/21/2019 01:02:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio FinalWire AIDA64 Kernel Driver no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar la ruta especificada.

Error: (09/21/2019 12:57:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {A2C6CB58-C076-425C-ACB7-6D19D64428CD} no se registró con DCOM dentro del tiempo de espera requerido.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 4.6.4 08/25/2011
Motherboard: Bangho W240HU/W250HUQ
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3494.75 MB
Available physical RAM: 1601.1 MB
Total Virtual: 6987.79 MB
Available Virtual: 4807.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:262.59 GB) NTFS
Drive e: (CHAMPI'S) (Removable) (Total:28.85 GB) (Free:27.43 GB) FAT32

\\?\Volume{9914db3f-0551-11e1-ac48-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 2527A2C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: F85BC93A)
Partition 1: (Active) - (Size=28.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

Hola @merced25

Hay alguna razón para que a estas alturas no tengas el SP1 de Windows 7 instalado?

Tienes Windows 7 Ultimate en un equipo con pocos recursos, es una versión pirata?

El tener tan desactualizado el Sistema puede ser parte del problema lamentablemente.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\RunOnce: [] => [X]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
2019-04-28 13:50 - 2019-04-28 13:50 - 007505920 _____ () C:\Program Files\GUT8D9F.tmp
FCheck: C:\Windows\system32\SBACTINF.DLL [2016-01-22] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
FirewallRules: [TCP Query User{FB345AA2-71E6-4517-93E2-78AA8A47894B}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{C04D3DD1-C30A-4BDA-B44A-B0173A2BAFA5}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [TCP Query User{29692007-E2EF-4976-9EAE-A5710387C536}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{3FC50E58-BCD8-4EEB-A6E5-79A86A836FF0}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Este equipo desde donde estoy realizando la reparación no es el mismo en donde se produjo el problema con el pendrive. Los documentos no pueden abrirse. Muchas gracias

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-10-2019 02
Ran by user (14-10-2019 13:59:33) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\RunOnce: [] => [X]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
2019-04-28 13:50 - 2019-04-28 13:50 - 007505920 _____ () C:\Program Files\GUT8D9F.tmp
FCheck: C:\Windows\system32\SBACTINF.DLL [2016-01-22] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\user\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
FirewallRules: [TCP Query User{FB345AA2-71E6-4517-93E2-78AA8A47894B}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{C04D3DD1-C30A-4BDA-B44A-B0173A2BAFA5}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [TCP Query User{29692007-E2EF-4976-9EAE-A5710387C536}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File
FirewallRules: [UDP Query User{3FC50E58-BCD8-4EEB-A6E5-79A86A836FF0}C:\users\user\desktop\ares\ares.exe] => (Block) C:\users\user\desktop\ares\ares.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
C:\Program Files\GUT8D9F.tmp => moved successfully
C:\Windows\system32\SBACTINF.DLL => moved successfully
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FB345AA2-71E6-4517-93E2-78AA8A47894B}C:\users\user\desktop\ares\ares.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C04D3DD1-C30A-4BDA-B44A-B0173A2BAFA5}C:\users\user\desktop\ares\ares.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{29692007-E2EF-4976-9EAE-A5710387C536}C:\users\user\desktop\ares\ares.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3FC50E58-BCD8-4EEB-A6E5-79A86A836FF0}C:\users\user\desktop\ares\ares.exe" => removed successfully.

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::94d4:7b6c:cf37:aa0b%12
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.22
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{0C846E17-6F15-4FFE-9BD7-5B40D977C480}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{0D18A4BD-AA7F-4394-AD4E-EE5B3BB60F9E}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully.
"HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1818047438-4088691853-1177803713-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4206830 B
Java, Flash, Steam htmlcache => 545 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 42179983 B
Firefox => 4071092 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 17930468 B
LocalService => 18062712 B
NetworkService => 18133784 B
user => 18434277 B

RecycleBin => 380570 B
EmptyTemp: => 125.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:00:06 ====

Hola @merced25

Y entonces? Como quieres que pueda comprender lo que sucedió con el equipo y el pendrive?

Deberías haberlo aclarado antes.

Debemos hacerlos pasos en el equipo y con el pendrive del problema.

Salu2

Disculpas por no avisar. Creo que resulta imposible rastrear el equipo el cual origino el problema en el pendrive. Me parecio que el problema solo estaba en el pendrive, alguna clase de ransomware que encripto todos los archivos a pesar de que lo extraño es que no los borro y genero archivos con otro nombre. Me resulta sospechoso ese documento de nombre DGCipher.exe en la raiz del pendrive. Muchas gracias!

Hola @merced25

Los Ransomware efectivamente cambian la extensión de los archivos y no los borran para que pagues por el rescate de los mismos.

Pero eso tampoco lo comentaste antes, y la imagen que subiste no muestra carpetas con archivos encriptados.

Abre una carpeta que contenga documentos tuyos encriptados como mencionas y nos subes la imagen.

Si no lo reconoces puedes eliminarlo.

Parece ser una herramienta de protección de datos, puede que al meter el USB en el equipo lo tuvieran instalado?

https://digitalguardian.com/es