Hola.
Gracias JavierHF y Marcelino por vuestros comentarios. Aquí os dejo los informes pedidos:
MBAM (no encuentra malware):
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 27/6/19
Hora del análisis: 21:28
Archivo de registro: b8f87ea8-9911-11e9-9902-001cc4c7c3b7.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.0
Versión del paquete de actualización: 1.0.0
Licencia: Gratis
-Información del sistema-
SO: Windows 7
CPU: x64
Sistema de archivos: NTFS
Usuario: digito-PC\digitouser
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 924878
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 7 hr, 13 min, 4 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 0
(No hay elementos maliciosos detectados)
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
ADWCLEANER (no encuentra nada malicioso):
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2019
# Duration: 00:00:13
# OS: Windows 7 Ultimate
# Scanned: 27198
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by digito (Administrator) on 28/06/2019 at 10:01:31,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 16
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MZ12XOH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NX82DO52 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LK7X40 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\digito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0QO2WX8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MZ12XOH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NX82DO52 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LK7X40 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0QO2WX8 (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/06/2019 at 10:02:42,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by digito (administrator) on DIGITO-PC (Hewlett-Packard HP Compaq 6710b) (28-06-2019 10:03:47)
Running from C:\Users\digitouser\Desktop
Loaded Profiles: digito & digitouser (Available Profiles: digito & digitouser)
Platform: Windows 7 Ultimate (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\ISC BIND 9\bin\named.exe
(ActivIdentity -> ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(AuthenTec, Inc. -> AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(ESET, spol. s r.o. -> ESET) D:\programas\ESET Internet Security\egui.exe
(ESET, spol. s r.o. -> ESET) D:\programas\ESET Internet Security\ekrn.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.) C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trafficreg Software) [File not signed] D:\programas\TMeter\TrafSvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity -> ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity -> ActivIdentity)
HKLM\...\Run: [egui] => D:\programas\ESET Internet Security\ecmds.exe [177928 2019-03-08] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [TrafMonitor] => d:\programas\TMeter\trafmonitor.exe [550400 2018-03-04] () [File not signed]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\programas\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601936 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PTHOSTTR] => C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASTSVCC.dll [24848 2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
HKU\S-1-5-21-3873794253-4015080421-1287920044-1000\...\Run: [CCleaner Smart Cleaning] => D:\programas\CCleaner\CCleaner64.exe [22691064 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3873794253-4015080421-1287920044-1001\...\MountPoints2: {cf48a5ee-0475-11e9-a2e2-001cc4c7c3b7} - G:\autorun.exe
HKLM\Software\...\Authentication\Credential Providers: [{F13E50B9-7749-4416-B7CE-7C5BCBC8C449}] -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASCredProv64.dll [2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{FF7F8C71-EA51-48E6-9038-E0A96BE4AC43}] -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASCredProv64.dll [2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{122E7126-21DB-4F27-8D82-8E44B1C0DC56}] -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASCredProv64.dll [2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll [382224 2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASCredProv64
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C2601D6-E3BE-4D7F-9A6D-A7581FC2F38B} - System32\Tasks\CCleanerSkipUAC => D:\programas\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1E952CAD-DB58-4C15-B892-3377CA8BB981} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {248BC45A-8DE6-4F2F-A3D8-0C0492969B4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B64B071-1433-48E9-99ED-BFEDE223E51D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DCD7DD3-29F5-4D2F-BD97-BC29E1F3CDD5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26042960 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C9E9610-1569-43DF-BB40-3588CF7BF60D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6620F4C9-7AEE-47CF-BF0C-5DDA29A1EF21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [135704 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6ED3F4CC-E0B4-4EE8-9FF7-7E16B6F9E3EF} - System32\Tasks\CCleaner Update => D:\programas\CCleaner\CCUpdate.exe [619416 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {993E5726-FE82-4172-A6A2-E038B417273B} - System32\Tasks\SamsungMagician => d:\programas\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {BFA314C4-A604-42BC-AEA6-B12810108A7B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2151992 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB882426-35F2-47B6-92D7-25ADF0E745BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058104 2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE18FB0D-1040-491C-8F23-DEAD3334040B} - System32\Tasks\AdwCleaner_onReboot => C:\Users\digitouser\Desktop\adwcleaner_7.3.exe [7025360 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{FF6AF4AC-A079-4FD1-A444-755A4C3313E9}: [NameServer] 127.0.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
Internet Explorer:
==================
HKU\S-1-5-21-3873794253-4015080421-1287920044-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
BHO: Credential Manager for HP ProtectTools -> {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll [2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\programas\jre1.8.0_202\bin\ssv.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\programas\jre1.8.0_202\bin\jp2ssv.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: palsgz2f.default
FF ProfilePath: C:\Users\digito\AppData\Roaming\Mozilla\Firefox\Profiles\palsgz2f.default [2019-06-28]
FF Plugin: @java.com/DTPlugin,version=11.202.2 -> D:\programas\jre1.8.0_202\bin\dtplugin\npDeployJava1.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.202.2 -> D:\programas\jre1.8.0_202\bin\plugin2\npjp2.dll [2019-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> D:\programas\VLC\npvlc.dll [2018-02-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\programas\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\programas\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\programas\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\programas\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-09] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity -> ActivIdentity)
R2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
R2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt, Inc. -> Bioscrypt Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; D:\programas\ESET Internet Security\ekrn.exe [2302160 2019-03-08] (ESET, spol. s r.o. -> ESET)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (MCAFEE INTERNATIONAL LTD. -> McAfee, Inc.)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
S2 MBAMService; D:\programas\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 named; C:\Program Files\ISC BIND 9\bin\named.exe [429568 2018-05-16] () [File not signed]
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [214304 2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
R2 TrafSvc; d:\programas\TMeter\TrafSvc.exe [883200 2018-03-04] (Trafficreg Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
S3 cpuz143; C:\Users\digito\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2019-06-27] (CPUID -> CPUID) <==== ATTENTION
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2019-03-08] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2019-03-08] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188832 2019-03-08] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2019-03-08] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2019-03-08] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61528 2019-03-08] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2019-03-08] (ESET, spol. s r.o. -> ESET)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2019-04-01] (北京铠信神州科技有限责任公司 -> )
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14880 2009-07-29] (MCAFEE INTERNATIONAL LTD. -> SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55840 2009-07-29] () [File not signed]
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V. -> SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15392 2009-07-29] (MCAFEE INTERNATIONAL LTD. -> SafeBoot International)
R1 tmeter; C:\Windows\System32\DRIVERS\tmeter.sys [44792 2018-03-04] (Mainline Net Holdings Limited -> Trafficreg Software)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-28 10:03 - 2019-06-28 10:04 - 000019640 _____ C:\Users\digitouser\Desktop\FRST.txt
2019-06-28 10:03 - 2019-06-28 10:03 - 000000000 ____D C:\FRST
2019-06-28 10:02 - 2019-06-28 10:02 - 000003184 _____ C:\Users\digito\Desktop\JRT.txt
2019-06-28 09:55 - 2019-06-28 09:55 - 000003104 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot
2019-06-27 21:26 - 2019-06-27 21:26 - 000000904 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-27 21:26 - 2019-06-27 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-27 21:26 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-27 21:25 - 2019-06-27 21:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-27 21:18 - 2019-06-28 09:47 - 000004120 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-27 21:18 - 2019-06-27 21:18 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-27 21:18 - 2019-06-27 21:18 - 000000677 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-06-27 21:18 - 2019-06-27 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-06-27 21:15 - 2019-06-27 21:15 - 002418688 _____ (Farbar) C:\Users\digitouser\Desktop\FRST64.exe
2019-06-27 21:13 - 2019-06-27 21:13 - 001790024 _____ (Malwarebytes) C:\Users\digitouser\Desktop\JRT.exe
2019-06-27 21:12 - 2019-06-27 21:12 - 007025360 _____ (Malwarebytes) C:\Users\digitouser\Desktop\adwcleaner_7.3.exe
2019-06-27 21:06 - 2019-06-27 21:11 - 064129760 _____ (Malwarebytes ) C:\Users\digitouser\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.11260.exe
2019-06-27 21:03 - 2019-06-27 21:06 - 020638704 _____ (Piriform Software Ltd) C:\Users\digitouser\Desktop\ccsetup558.exe
2019-06-23 14:15 - 2019-06-23 14:22 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-23 14:15 - 2019-06-23 14:22 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-06-23 14:15 - 2019-06-23 14:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-23 14:15 - 2019-06-23 14:15 - 000000000 ____D C:\Users\digitouser\AppData\Roaming\Mozilla
2019-06-23 09:16 - 2019-06-23 09:17 - 000000000 ____D C:\AdwCleaner
2019-06-22 14:42 - 2019-06-22 14:42 - 000000000 ____D C:\Users\digitouser\AppData\Local\mbam
2019-06-22 14:38 - 2019-06-22 14:38 - 000000000 ____D C:\Users\digito\AppData\Local\mbam
2019-06-22 14:37 - 2019-06-22 14:37 - 000000000 ____D C:\Users\digitouser\AppData\Local\mbamtray
2019-06-18 13:57 - 2019-06-21 18:28 - 000001139 _____ C:\Users\digito\Desktop\ESET Online Scanner.lnk
2019-06-16 21:11 - 2019-06-16 21:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2019-06-16 21:11 - 2019-06-16 21:11 - 000000000 ____D C:\Program Files\Synaptics
2019-06-14 22:44 - 2019-06-14 22:41 - 000000187 _____ C:\Users\digitouser\Desktop\DownloadedLicenses.txt
2019-06-07 11:49 - 2019-06-07 11:49 - 000000000 ____D C:\Users\digitouser\AppData\Roaming\dvdcss
2019-06-03 10:18 - 2019-06-03 10:20 - 000000000 ____D C:\Users\digitouser\AppData\Local\CPUID
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-28 10:03 - 2009-07-14 06:45 - 000014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-28 10:03 - 2009-07-14 06:45 - 000014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-28 10:00 - 2009-07-14 11:31 - 000694386 _____ C:\Windows\system32\perfh00A.dat
2019-06-28 10:00 - 2009-07-14 11:31 - 000134448 _____ C:\Windows\system32\perfc00A.dat
2019-06-28 10:00 - 2009-07-14 07:13 - 001530242 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-28 10:00 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-06-28 09:55 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-27 21:15 - 2018-12-20 19:45 - 000000000 ____D C:\Users\digitouser\AppData\LocalLow\Mozilla
2019-06-27 10:10 - 2018-12-20 20:53 - 000000000 ____D C:\Users\digitouser\AppData\Roaming\vlc
2019-06-24 20:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2019-06-23 09:40 - 2019-02-05 14:18 - 000000000 ____D C:\Windows\Minidump
2019-06-23 09:40 - 2018-12-20 20:40 - 000000000 ____D C:\Users\digito\AppData\Roaming\Notepad++
2019-06-23 09:40 - 2018-12-20 18:36 - 000000000 ____D C:\Windows\Panther
2019-06-22 10:48 - 2019-03-23 11:26 - 000000000 ____D C:\Users\digito\AppData\Roaming\ZHP
2019-06-22 10:14 - 2019-03-23 11:26 - 000000832 _____ C:\Users\digito\Desktop\ZHPCleaner.lnk
2019-06-21 18:11 - 2019-02-15 18:29 - 000000000 ____D C:\Users\digito\AppData\Local\ESET
2019-06-20 22:55 - 2018-12-27 20:05 - 000000000 ____D C:\Users\digitouser\.afirma
2019-06-20 22:24 - 2018-12-27 19:05 - 000534528 _____ (Dirección General de la Policía) C:\Users\digitouser\AppData\Local\DNIeService.exe
2019-06-18 13:57 - 2018-12-20 19:09 - 000000000 ____D C:\Users\digitouser\AppData\Local\ESET
2019-06-15 19:05 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\LiveKernelReports
2019-06-13 10:58 - 2009-07-14 07:08 - 000032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-06 13:45 - 2019-04-25 15:05 - 000000000 ____D C:\Users\digito\Documents\Mobo
2019-06-06 13:45 - 2019-04-25 15:05 - 000000000 ____D C:\Program Files (x86)\Mobo
2019-06-05 22:14 - 2019-04-25 18:20 - 000000000 ____D C:\Users\digitouser\Documents\Mobo
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-06-22 02:52
==================== End of FRST.txt ============================
ADDICTION.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by digito (28-06-2019 10:04:59)
Running from C:\Users\digitouser\Desktop
Windows 7 Ultimate (X64) (2018-12-20 16:41:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3873794253-4015080421-1287920044-500 - Administrator - Disabled)
digito (S-1-5-21-3873794253-4015080421-1287920044-1000 - Administrator - Enabled) => C:\Users\digito
digitouser (S-1-5-21-3873794253-4015080421-1287920044-1001 - Limited - Enabled) => C:\Users\digitouser
HomeGroupUser$ (S-1-5-21-3873794253-4015080421-1287920044-1003 - Limited - Enabled)
Invitado (S-1-5-21-3873794253-4015080421-1287920044-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Disabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Cortafuegos (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AuthenTec Fingerprint System (HKLM\...\{BD7A7136-1E88-4EB8-985C-1326DCE5612A}) (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.3 - Gobierno de España)
BIOS Configuration for HP ProtectTools (HKLM-x32\...\{9DD5F818-DB67-40E3-9F88-B6C597656D11}) (Version: 4.00 E1 - Hewlett-Packard)
CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
Credential Manager for HP ProtectTools (HKLM-x32\...\{634DB771-B797-4528-82E5-7C42B4123329}) (Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden
Drive Encryption for HP ProtectTools (HKLM\...\{C0F8FC99-54C8-4532-A5F0-827589F59D10}) (Version: 4.0.24 - Hewlett-Packard) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{4599ECEA-44C6-418C-9F66-9AAF5561CBDC}) (Version: 5.6.000 - Hewlett-Packard)
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
HP ProtectTools Security Manager Suite (HKLM-x32\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard)
Instalable DNIe (HKLM\...\{D2CE0562-13E0-4FC9-85F2-CA3D0392310E}) (Version: 14.0.0 - Cuerpo Nacional de Policía)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{73250D12-B600-4ED6-AFC0-10D9D8EDA745}) (Version: 7.3.2 - Intel Corporation)
ISC BIND (HKLM\...\ISC BIND) (Version: - )
Java 8 Update 202 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180202F0}) (Version: 8.0.2020.8 - Oracle Corporation)
Java SE Development Kit 8 Update 202 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180202}) (Version: 8.0.2020.8 - Oracle Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3873794253-4015080421-1287920044-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 es-ES) (HKLM\...\Mozilla Firefox 67.0.4 (x64 es-ES)) (Version: 67.0.4 - Mozilla)
NIUBI Partition Editor Free Edition V7.2.6 (HKLM-x32\...\NIUBISoft-NPE) (Version: V7.2.6 - NIUBI Technology Co., Ltd.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Python 2.7.15 (64-bit) (HKLM\...\{16CD92A4-0152-4CB7-8FD6-9788D3363617}) (Version: 2.7.15150 - Python Software Foundation)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)
TMeter 18.0.875 (HKLM\...\TMeter_is1) (Version: - Trafficreg Software)
Udeler 1.6.2 (only current user) (HKU\S-1-5-21-3873794253-4015080421-1287920044-1001\...\673f2c58-06b2-567b-837c-438fe37de4ce) (Version: 1.6.2 - Faisal Umair)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard (11/23/2017 1.0.2.6) (HKLM\...\4156F59B733E1BC3DE3D5DA2299224A42B2FF794) (Version: 11/23/2017 1.0.2.6 - Dirección General de la Policía)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\programas\Notepad++\NppShell_06.dll [2016-09-21] (Notepad++ -> )
ContextMenuHandlers1: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\x64\PSDShExt.dll [2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\programas\ESET Internet Security\shellExt.dll [2019-03-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\programas\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\programas\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programas\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programas\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\programas\ESET Internet Security\shellExt.dll [2019-03-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\programas\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\programas\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\x64\PSDShExt.dll [2009-07-19] (Infineon Technologies AG -> Infineon Technologies AG)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\programas\ESET Internet Security\shellExt.dll [2019-03-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\programas\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\programas\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programas\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programas\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1_S-1-5-21-3873794253-4015080421-1287920044-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-3873794253-4015080421-1287920044-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-3873794253-4015080421-1287920044-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-12-21 10:45 - 2018-05-16 18:21 - 000056832 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libbind9.dll
2018-12-21 10:45 - 2018-05-16 18:18 - 001911808 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libdns.dll
2018-12-21 10:45 - 2018-05-16 18:16 - 000351744 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libisc.dll
2018-12-21 10:45 - 2018-05-16 18:20 - 000032768 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libisccc.dll
2018-12-21 10:45 - 2018-05-16 18:20 - 000112128 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libisccfg.dll
2018-12-21 10:45 - 2018-05-16 18:20 - 000244224 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libns.dll
2018-12-21 10:45 - 2017-10-13 04:56 - 001345024 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\libxml2.dll
2018-12-21 10:45 - 2018-05-16 18:22 - 000429568 _____ () [File not signed] C:\Program Files\ISC BIND 9\bin\named.exe
2019-03-05 17:03 - 2018-03-04 12:24 - 005365248 _____ () [File not signed] d:\programas\TMeter\mysqlcppconn.dll
2009-06-03 17:39 - 2009-06-03 17:39 - 001359360 _____ (ActivIdentity) [File not signed] C:\Program Files\Common Files\ActivIdentity\ACLIBEAY.dll
2009-06-03 17:38 - 2009-06-03 17:38 - 000048128 _____ (ActivIdentity) [File not signed] C:\Program Files\Common Files\ActivIdentity\resources\ac.sharedstorerc.dll
2019-02-21 19:40 - 2019-02-21 19:40 - 000113152 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_ca3f79d486b08636\ATL80.DLL
2019-02-21 19:40 - 2019-02-21 19:40 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
2019-02-21 19:40 - 2019-02-21 19:40 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
2019-02-21 19:40 - 2019-02-21 19:40 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL
2019-02-21 19:40 - 2019-02-21 19:40 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL
2019-03-05 17:03 - 2018-03-04 12:24 - 000061440 _____ (NT Kernel Resources) [File not signed] d:\programas\TMeter\ndisapi.dll
2018-12-21 10:45 - 2018-01-25 04:28 - 002248192 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\ISC BIND 9\bin\LIBEAY32.dll
2019-03-05 17:03 - 2018-03-04 12:22 - 000883200 _____ (Trafficreg Software) [File not signed] d:\programas\TMeter\TrafSvc.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\programas\python 2.7.15\;D:\programas\python 2.7.15\Scripts;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ISC BIND 9\bin;C:\Program Files\AutoFirma\AutoFirma;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files (x86)\Hewlett-Packard\IAM\bin
HKU\S-1-5-21-3873794253-4015080421-1287920044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\digito\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3873794253-4015080421-1287920044-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\digitouser\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{ABEC8B76-49B8-4EE2-A45F-AFE8CC69AA01}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{748FF1D5-4912-45DE-B12C-6ED17DFDE7A7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A20F0A8-A28E-4B89-A644-5BEEA93B3BDE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE74817A-9E50-4FA8-A0D1-85D75FCE0346}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02EA132D-ED2C-4325-89AD-1E742152900D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8B728E0-9927-416E-9F28-922ADD827F10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF4D936B-9654-45C2-93CB-C104FAF27C52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Restore Points =========================
22-06-2019 02:59:06 Punto de control programado
28-06-2019 10:01:31 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2019 10:00:16 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: No se puede cargar el controlador de protocolo Mapi16. Descripción del error: No se encontró el proceso especificado. (HRESULT : 0x8007007f).
Error: (06/28/2019 09:56:29 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.
Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/28/2019 09:56:29 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.
Contexto: aplicación Windows
Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/28/2019 09:56:29 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/28/2019 09:56:29 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
No se ha encontrado el elemento. (HRESULT : 0x80070490) (0x80070490)
Error: (06/28/2019 09:56:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)
Error: (06/28/2019 09:56:28 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.
Contexto: aplicación Windows, catálogo SystemIndex
Detalles:
La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800) (0xc0041800)
Error: (06/28/2019 09:56:28 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.
Detalles:
El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (06/28/2019 09:56:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
Error: (06/28/2019 09:56:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.
Error: (06/28/2019 09:55:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: El servidor {7429F543-2A60-4CB7-8BC5-F27EA898FB44} no se registró con DCOM dentro del tiempo de espera requerido.
Error: (06/28/2019 09:55:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio TMeter 18.0.875 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Reiniciar el servicio.
Error: (06/28/2019 09:55:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
Error: (06/28/2019 09:55:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Personal Secure Drive Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (06/28/2019 09:55:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio ISC BIND se terminó de manera inesperada. Esto ha sucedido 1 veces.
Error: (06/28/2019 09:55:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Trusted Platform Core Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68DDU Ver. F.11 04/10/2008
Motherboard: Hewlett-Packard 30C0
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 89%
Total physical RAM: 4087.3 MB
Available physical RAM: 422.84 MB
Total Virtual: 8172.76 MB
Available Virtual: 4424.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:65.27 GB) (Free:39.37 GB) NTFS
Drive d: (SSD_DATOS) (Fixed) (Total:400.39 GB) (Free:379.45 GB) NTFS
Drive h: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:33.7 GB) NTFS
Drive i: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32
\\?\Volume{8b52c1ad-0475-11e9-ae2d-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 992987A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=65.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 69F40F9D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End of Addition.txt ============================
Os comento. Ahora el navegador me pone el procesador a 67º con picos de 75º momentánaemente, el ventilador sube y baja de revoluciones. Así la temperatura es inestable, ligeramente inferior a los 80º de antes, con lo que no sé si hay mejoría o es casualidad. Siguen siendo temperaturas altas. Si además arranco en Android Studio, en un rato se me pone a 80º, que creo que es excesivo, aunque si lo tengo parado, vuelve a bajaar a 70º-75º. Así pues, creo que el problema persiste, creo que no hay malware pero no revisé todos los informes, ya me diréis vuestra interpretación de los mismos.
Estoy pensado que tenga polvo el ventilador, es lo único que se me ocurre. Le hice una limpieza en un servicio técnico hace cosa de 1-2 años, por eso me parece raro. ¿Qué se os ocurre a vosotros?.
Gracias!.