Bueno, al final todos los análisis fueron mucho más rápido de lo que esperaba, ya logré hacer todo!.
Dejo los reportes:
Malwarebytes anti-malware
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 28/4/20
Hora del análisis: 7:38
Archivo de registro: 54c98c44-893c-11ea-a7bf-74c63bb1269a.json
-Información del software-
Versión: 4.1.0.56
Versión de los componentes: 1.0.875
Versión del paquete de actualización: 1.0.23076
Licencia: Prueba
-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: CI000000000000\alumno
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 539607
Amenazas detectadas: 31
Amenazas en cuarentena: 31
Tiempo transcurrido: 1 hr, 24 min, 30 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 2
PUP.Optional.VideoAdBlockerPlus, HKU\S-1-5-21-2421925336-3874775306-2730502514-1005\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hegneaniplmfjcmohoclabblbahcbjoe, En cuarentena, 2256, 479533, 1.0.23076, , ame,
PUP.Optional.VideoAdBlockerPlus, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hegneaniplmfjcmohoclabblbahcbjoe, En cuarentena, 2256, 479532, 1.0.23076, , ame,
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 9
PUP.Optional.VideoAdBlockerPlus, C:\USERS\ALUMNO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\HEGNEANIPLMFJCMOHOCLABBLBAHCBJOE, En cuarentena, 2256, 479532, , , ,
PUP.Optional.ASK.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\searchextensionbyask_j5, En cuarentena, 2066, 392698, 1.0.23076, , ame,
PUP.Optional.MindSpark, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EASYPDFCOMBINE_CE, En cuarentena, 708, 240302, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EXTENSIONS\[email protected], En cuarentena, 1812, 443664, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EXTENSIONS\[email protected], En cuarentena, 1812, 443664, 1.0.23076, , ame,
Archivo: 20
PUP.Optional.VideoAdBlockerPlus, C:\USERS\ALUMNO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 2256, 479532, , , ,
PUP.Optional.VideoAdBlockerPlus, C:\USERS\ALUMNO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Sustituido, 2256, 479532, , , ,
PUP.Optional.MindSpark, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EASYPDFCOMBINE_CE\3F763EA4-17C7-4A1A-A5FB-550F018AA3D3.SQLITE, En cuarentena, 708, 240302, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF, En cuarentena, 1812, 443664, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome\ffxtbr.jar, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\manifest.mf, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\mozilla.rsa, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\mozilla.sf, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\bootstrap.js, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome.manifest, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome.manifest.restartless, En cuarentena, 1812, 443664, , , ,
PUP.Optional.ASK, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\PREFS.JS, Sustituido, 281, 301713, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\ALUMNO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZFINT4J4.DEFAULT\EXTENSIONS\[email protected]\INSTALL.RDF, En cuarentena, 1812, 443664, 1.0.23076, , ame,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome\ffxtbr.jar, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\manifest.mf, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\mozilla.rsa, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\META-INF\mozilla.sf, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\bootstrap.js, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome.manifest, En cuarentena, 1812, 443664, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\extensions\[email protected]\chrome.manifest.restartless, En cuarentena, 1812, 443664, , , ,
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-28-2020
# Duration: 00:00:03
# OS: Windows 8.1 Pro
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted http://search.gboxapp.com/
Deleted http://search.gboxapp.com/
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.DellDataProtection Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C11FE22-53F2-4C9B-9E79-824B10D0976E}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1601 octets] - [28/04/2020 12:11:53]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64
Ran by alumno (Administrator) on 28/04/2020 at 12:17:56,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Deleted the following from C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\prefs.js
user_pref(browser.search.defaultenginename, Ask Web Search);
user_pref(browser.search.selectedEngine, Ask Web Search);
user_pref(extensions.mywebsearch.prevKwdEnabled, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.BUTTON_STRUCTURE, [{\b\:235492090,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:235492091,\c\:\mindspark.enterse
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.prev, hxxp://google.com);
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.savedPrev, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.startup.homepage.tb, hxxp://hp.myway.com/easypdfcombine/lmesla/index.html?coId=3d7573074ae84b38b65f8501a8ba211e&s
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.startup.page.savedPrev, 1);
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.startup.page.tb, 1);
user_pref(extensions.toolbar.mindspark._ceMembers_.browser.version.last, 54.0);
user_pref(extensions.toolbar.mindspark._ceMembers_.coId, 3d7573074ae84b38b65f8501a8ba211e);
user_pref(extensions.toolbar.mindspark._ceMembers_.competitorDNS, {\comment\:\refresh every 1 week (7*24*60*60*1000)\,\refreshPeriod\:604800000,\list\:[{\url\:\h
user_pref(extensions.toolbar.mindspark._ceMembers_.firefoxSearchExtensionEnabled, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.firstKnownVersion, 7.800.11.40872);
user_pref(extensions.toolbar.mindspark._ceMembers_.homepage, hxxp://hp.myway.com/easypdfcombine/lmesla/index.html?coId=3d7573074ae84b38b65f8501a8ba211e&subId=COi04J3f0NUCFc
user_pref(extensions.toolbar.mindspark._ceMembers_.hp.enabled, false);
user_pref(extensions.toolbar.mindspark._ceMembers_.hp.guardType, HPR);
user_pref(extensions.toolbar.mindspark._ceMembers_.initialized, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.installType, XPI);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.dlpCountryCode, AR);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.installDate, 2017081212);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.partnerId, ^BSB^xdm902^LMESLA^ar);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.partnerSubId, COi04J3f0NUCFcqBkQod7nUGQQ);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.pixelUrl, hxxp://www.easypdfcombine.com/install_pixels.jhtml?partner=^BSB^xdm902^LMESLA^ar&sub_id=COi04J3f0N
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.success, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.toolbarDataSource, [\COOKIE\,\LOCAL_STORAGE\]);
user_pref(extensions.toolbar.mindspark._ceMembers_.installation.toolbarId, 3F763EA4-17C7-4A1A-A5FB-550F018AA3D3);
user_pref(extensions.toolbar.mindspark._ceMembers_.lastActivePing, 1520607987033);
user_pref(extensions.toolbar.mindspark._ceMembers_.lastKnownVersion, 7.800.11.40872);
user_pref(extensions.toolbar.mindspark._ceMembers_.lssState, {\previousLocales\:[\es-AR\,\es\,\en-US\,\en\],\supportedLocales\:[\de\,\es\,\pt\,\ja\,\en
user_pref(extensions.toolbar.mindspark._ceMembers_.options.defaultSearch, false);
user_pref(extensions.toolbar.mindspark._ceMembers_.options.homePageEnabled, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.options.keywordEnabled, false);
user_pref(extensions.toolbar.mindspark._ceMembers_.options.tabEnabled, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.partnerPixelFired, true);
user_pref(extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.language, es);
user_pref(extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.newTabURL, hxxp://hp.myway.com/easypdfcombine/lmesla/index.html?p2=${partnerID}&n=${installDateHex}
user_pref(extensions.toolbar.mindspark._ceMembers_.productDeliveryOption.type, ToolTab);
user_pref(extensions.toolbar.mindspark._ceMembers_.successUrl, hxxp://easypdfcombine.dl.tb.ask.com/installComplete.jhtml);
user_pref(extensions.toolbar.mindspark._ceMembers_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark._ceMembers_.uninstallSurveyUrl, hxxp://easypdfcombine.dl.myway.com/uninstall.jhtml?surveyUrl=hxxp%3A%2F%2Fwww.research.net%2Fr%2FHYSC
user_pref(extensions.toolbar.mindspark._ceMembers_.uninstallTasks, {\prefBranchesToDelete\:[\extensions.toolbar.mindspark._ceMembers_.\],\filesToDelete\:[\C:\\\\User
user_pref(extensions.toolbar.mindspark._j5Members_.BUTTON_STRUCTURE, [{\b\:232532496,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:232532497,\c\:\mindspark.enterse
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.prev, Google);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.savedPrev, true);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.defaultenginename.tb, Ask Web Search);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.prev, Google);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.savedPrev, true);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.search.selectedEngine.tb, Ask Web Search);
user_pref(extensions.toolbar.mindspark._j5Members_.browser.version.last, 54.0);
user_pref(extensions.toolbar.mindspark._j5Members_.coId, 3d7573074ae84b38b65f8501a8ba211e);
user_pref(extensions.toolbar.mindspark._j5Members_.competitorDNS, {\comment\:\refresh every 1 week (7*24*60*60*1000)\,\refreshPeriod\:604800000,\list\:[{\url\:\h
user_pref(extensions.toolbar.mindspark._j5Members_.firefoxSearchExtensionEnabled, false);
user_pref(extensions.toolbar.mindspark._j5Members_.firstKnownVersion, 7.800.11.11538);
user_pref(extensions.toolbar.mindspark._j5Members_.homepage, hxxp://home.tb.ask.com/index.jhtml?n=780BD6C7&ptb=3F763EA4-17C7-4A1A-A5FB-550F018AA3D3&st=&p2=^BSB^xdm902^LMESL
user_pref(extensions.toolbar.mindspark._j5Members_.hp.enabled, false);
user_pref(extensions.toolbar.mindspark._j5Members_.initialized, true);
user_pref(extensions.toolbar.mindspark._j5Members_.installType, XPI);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.dlpCountryCode, AR);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.installDate, 2017081212);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.partnerId, ^BSB^xdm902^LMESLA^ar);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.partnerSubId, COi04J3f0NUCFcqBkQod7nUGQQ);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.success, true);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.toolbarDataSource, [\COOKIE\,\LOCAL_STORAGE\]);
user_pref(extensions.toolbar.mindspark._j5Members_.installation.toolbarId, 3F763EA4-17C7-4A1A-A5FB-550F018AA3D3);
user_pref(extensions.toolbar.mindspark._j5Members_.lastActivePing, 1520607987068);
user_pref(extensions.toolbar.mindspark._j5Members_.lastKnownVersion, 7.800.11.11538);
user_pref(extensions.toolbar.mindspark._j5Members_.lssState, {\previousLocales\:[\es-AR\,\es\,\en-US\,\en\],\supportedLocales\:[\de\,\es\,\pt\,\ja\,\en
user_pref(extensions.toolbar.mindspark._j5Members_.options.defaultSearch, true);
user_pref(extensions.toolbar.mindspark._j5Members_.options.homePageEnabled, false);
user_pref(extensions.toolbar.mindspark._j5Members_.options.keywordEnabled, true);
user_pref(extensions.toolbar.mindspark._j5Members_.options.tabEnabled, false);
user_pref(extensions.toolbar.mindspark._j5Members_.productDeliveryOption.language, es);
user_pref(extensions.toolbar.mindspark._j5Members_.productDeliveryOption.type, DefaultSearch);
user_pref(extensions.toolbar.mindspark._j5Members_.successUrl, #installed=CPC);
user_pref(extensions.toolbar.mindspark._j5Members_.toolbar.ownSearch, true);
user_pref(extensions.toolbar.mindspark._j5Members_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark._j5Members_.uninstallSurveyUrl, hxxps://www.research.net/r/BZBDLY5?c=<!--toolbarID-->);
user_pref(extensions.toolbar.mindspark._j5Members_.uninstallTasks, {\prefBranchesToDelete\:[\extensions.toolbar.mindspark._j5Members_.\],\filesToDelete\:[\C:\\\\User
user_pref(extensions.toolbar.mindspark.hp.enabled, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);
user_pref(extensions.xpiState, {\app-profile\:{\{7b8a500a-a464-4624-bd4f-73eaafe0f766}\:{\d\:\C:\\\\Users\\\\alumno\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Pr
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/04/2020 at 12:37:23,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 26-04-2020
Ejecutado por alumno (administrador) sobre CI000000000000 (Bangho Suma 1025) (28-04-2020 12:43:09)
Ejecutado desde E:\usuarios\alumno\Escritorio
Perfiles cargados: alumno (Perfiles disponibles: alumno)
Platform: Windows 8.1 Pro (Update) (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
() [Archivo no firmado] C:\Program Files (x86)\HiDTV\SchHD.exe
() [Archivo no firmado] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [Archivo no firmado] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Education Software -> Intel Corporation) C:\Program Files (x86)\Intel Education Software\Device Control Service\DeviceControlService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel) [Archivo no firmado] C:\Program Files\Intel Learning Series\Theft Deterrent\Agent.exe
(Malwarebytes Inc -> Malwarebytes) E:\usuarios\alumno\Escritorio\MBAM\MBAMWsc.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(OEM) [Archivo no firmado] C:\Program Files (x86)\Intel Education Software\Hard Drive Protection\Hard Drive Protection\HDPService.exe
(OEM) [Archivo no firmado] C:\Program Files (x86)\Intel Education Software\Hard Drive Protection\Hard Drive Protection\HPUtility.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13663448 2014-01-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel(R) Software -> Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation) [Archivo no firmado]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2016-01-06] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Agent] => C:\Archivos de programa\Intel Learning Series\Theft Deterrent\Agent.exe [307200 2013-12-18] (Intel) [Archivo no firmado]
HKLM-x32\...\Run: [SchHD] => C:\Program Files (x86)\HiDTV\SchHD.exe [258048 2010-07-03] () [Archivo no firmado]
HKLM-x32\...\Run: [AlwaysAware Hard-Disk Drive] => C:\Program Files (x86)\Intel Education Software\Hard Drive Protection\Hard Drive Protection\HPUtility.exe [3100160 2014-01-15] (OEM) [Archivo no firmado]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2421925336-3874775306-2730502514-1005\...\Run: [Steam] => E:\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2421925336-3874775306-2730502514-1005\...\Run: [Discord] => C:\Users\alumno\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-28] (Google LLC -> Google LLC)
Startup: C:\Users\alumno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2016-08-08]
ShortcutTarget: Launcher.lnk -> C:\Launcher.exe () [Archivo no firmado]
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {07EFA458-AEF9-4E00-9806-30CC40C8DED5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {166C9532-DC07-452D-A5E1-7C55A6DA58F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {181F2240-BCF3-43DF-A85B-57350AE59517} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {293C37E7-EA36-4054-990B-1B30DCE5784E} - \WPD\SqmUpload_S-1-5-21-2421925336-3874775306-2730502514-1001 -> Ningún archivo <==== ATENCIÓN
Task: {3BB09F4D-D483-4E78-89FA-5DB8E82F0265} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {4067E6D8-9605-4019-AA2A-81BB50E4006A} - \WPD\SqmUpload_S-1-5-21-2421925336-3874775306-2730502514-1002 -> Ningún archivo <==== ATENCIÓN
Task: {45E1F5A2-1D15-4E5B-AFD5-CBA223219669} - \Optimize Start Menu Cache Files-S-1-5-21-2421925336-3874775306-2730502514-1001 -> Ningún archivo <==== ATENCIÓN
Task: {561365E8-7FB0-4E28-B799-F6030CC76D42} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {615597FB-5536-42B9-8E21-8E9161994DF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
Task: {6909C153-8393-4C7D-BA1B-0EED2414FA99} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {6CDE1BBC-6ADF-4078-A3C7-2B314080C52C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7BD708CB-3363-4C0C-B89F-D5554B7193C9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-14] (Adobe Inc. -> Adobe)
Task: {7FE41993-119D-4E7B-96A5-20C4A92C3535} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {9715B791-3E3B-4388-BDB5-3E76928F587A} - \Optimize Start Menu Cache Files-S-1-5-21-2421925336-3874775306-2730502514-1002 -> Ningún archivo <==== ATENCIÓN
Task: {EE49253D-A95D-44DE-BE60-705A2121145F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe)
Task: {F3F7A77B-ECBA-4D09-AA05-093DC06C4AB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7B24A9BF-AF3F-4483-A179-724B6FAD171A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{822DF326-8A58-41A1-AD7D-77C4956CE286}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{FC6B68A4-C165-4969-B9E1-CDD2124259D6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2421925336-3874775306-2730502514-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.conectarigualdad.gob.ar/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-04-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-26] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: zfint4j4.default
FF ProfilePath: C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default [2020-04-28]
FF Homepage: Mozilla\Firefox\Profiles\zfint4j4.default -> hxxps://www.google.com.ar/
FF Extension: (Video AdBlock) - C:\Users\alumno\AppData\Roaming\Mozilla\Firefox\Profiles\zfint4j4.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-07-13] [Heredado]
FF ProfilePath: C:\Users\alumno\AppData\Roaming\Gapminder Foundation\Gapminder World\Profiles\0fqep9bj.default [2016-06-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Archivo no firmado]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default [2020-04-28]
CHR Notifications: Default -> hxxps://tabletopia.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://websearch.fixsearch.info/?pid=3187&r=2014/09/09&hid=17278110766412083572&lg=EN&cc=AR&unqvl=61","hxxps://www.google.com/"
CHR Extension: (Presentaciones) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Hojas de cálculo) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-08]
CHR Extension: (Gmail) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\alumno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-08]
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R2 AlwaysAware HDP Service; C:\Program Files (x86)\Intel Education Software\Hard Drive Protection\Hard Drive Protection\HDPService.exe [163840 2013-08-20] (OEM) [Archivo no firmado]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [69120 2013-10-21] () [Archivo no firmado]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
R2 Device Control Service; C:\Program Files (x86)\Intel Education Software\Device Control Service\DeviceControlService.exe [1955912 2014-12-05] (Intel(R) Education Software -> Intel Corporation)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel(R) Software -> Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel(R) Software -> Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel(R) Software -> Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2016-01-06] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-09-15] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Archivo no firmado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S2 MBAMService; E:\usuarios\alumno\Escritorio\MBAM\MBAMService.exe [6933272 2020-04-28] (Malwarebytes Inc -> Malwarebytes)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [Archivo no firmado]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R3 accel; C:\Windows\System32\drivers\ADXL345accel.sys [27136 2014-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel(R) Software -> Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel(R) Software -> Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel(R) Software -> Intel Corporation)
R0 HDPFilter; C:\Windows\System32\DRIVERS\HDPFilter.sys [10240 2013-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iscm; C:\Windows\System32\drivers\iscm.sys [6656 2014-12-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel(R) Software -> Intel Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2408208 2013-06-18] (Mediatek Inc. -> Ralink Technology Corp.)
R3 RadioButtonHidVirKbd; C:\Windows\System32\drivers\RadioButtonHidVirKbd.sys [27648 2014-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 8 DDK provider)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [554712 2013-10-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-20] (Microsoft Windows -> Microsoft Corporation)
R3 smsbda; C:\Windows\system32\drivers\smsbda.sys [80000 2011-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Siano)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) ===================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-28 12:42 - 2020-04-28 12:44 - 000000000 ____D C:\FRST
2020-04-28 12:10 - 2020-04-28 12:13 - 000000000 ____D C:\AdwCleaner
2020-04-28 07:12 - 2020-04-28 07:36 - 000001107 _____ C:\ProgramData\Escritorio\Malwarebytes.lnk
2020-04-28 07:12 - 2020-04-28 07:12 - 000000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-04-28 07:12 - 2020-04-28 07:12 - 000000000 ____D C:\Users\alumno\AppData\Local\mbamtray
2020-04-28 07:12 - 2020-04-28 07:12 - 000000000 ____D C:\Users\alumno\AppData\Local\mbam
2020-04-28 07:11 - 2020-04-28 07:11 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-04-28 07:11 - 2020-04-28 07:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-28 07:02 - 2020-04-28 12:43 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-04-28 07:02 - 2020-04-28 07:21 - 000000998 _____ C:\ProgramData\Escritorio\CCleaner.lnk
2020-04-28 07:02 - 2020-04-28 07:02 - 000002822 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-04-28 07:02 - 2020-04-28 07:02 - 000000000 ____D C:\Program Files\CCleaner
2020-04-26 00:54 - 2020-04-26 00:54 - 000129192 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2020-04-26 00:54 - 2020-04-26 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-26 00:53 - 2020-04-26 00:53 - 000000000 ____D C:\Program Files\Java
==================== Un mes (modificado) ==================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-28 12:41 - 2016-07-28 17:55 - 000000000 __SHD C:\Users\alumno\IntelGraphicsProfiles
2020-04-28 12:40 - 2013-08-22 11:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-28 09:07 - 2016-05-10 16:19 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2421925336-3874775306-2730502514-1005
2020-04-28 07:30 - 2016-10-18 18:26 - 000000000 ____D C:\Users\alumno\AppData\Roaming\MPC-HC
2020-04-28 07:29 - 2017-11-25 00:10 - 000000000 ____D C:\Windows\Minidump
2020-04-28 07:29 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Inf
2020-04-28 05:19 - 2017-08-09 00:21 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-28 05:19 - 2017-08-09 00:21 - 000002208 _____ C:\ProgramData\Escritorio\Google Chrome.lnk
2020-04-25 23:22 - 2020-03-17 16:22 - 000496144 _____ C:\Windows\system32\perfh011.dat
2020-04-25 23:22 - 2020-03-17 16:22 - 000133630 _____ C:\Windows\system32\perfc011.dat
2020-04-25 23:22 - 2014-11-20 23:14 - 002459936 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-25 23:22 - 2014-11-20 22:24 - 000813600 _____ C:\Windows\system32\perfh00A.dat
2020-04-25 23:22 - 2014-11-20 22:24 - 000168102 _____ C:\Windows\system32\perfc00A.dat
2020-04-25 08:55 - 2013-08-22 10:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-04-17 22:53 - 2013-08-22 12:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-17 22:51 - 2016-06-01 08:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-04-17 02:07 - 2020-03-26 23:09 - 000000000 ____D C:\Users\alumno\AppData\Roaming\discord
2020-04-15 12:58 - 2017-07-27 14:34 - 000003188 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2421925336-3874775306-2730502514-1005
2020-04-15 12:58 - 2016-06-02 17:53 - 000002391 _____ C:\Users\alumno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
2020-04-14 14:26 - 2018-03-15 07:14 - 000004506 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-04-14 14:26 - 2016-05-23 12:23 - 000004296 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-04-14 14:26 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-04-14 14:25 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-04-14 00:05 - 2016-05-10 16:12 - 000000000 ____D C:\Users\alumno
2020-04-08 16:03 - 2013-08-22 12:36 - 000000000 ____D C:\Windows\system32\NDF
2020-04-05 23:55 - 2016-05-10 16:12 - 000000000 ____D C:\Users\alumno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegación e internet
==================== Archivos en la raíz de algunos directorios ========
2016-05-11 14:36 - 2016-06-06 15:06 - 000004309 _____ () C:\Users\alumno\AppData\Roaming\Programa 2Mp.xml
2016-05-10 16:13 - 2020-04-28 12:41 - 001397228 _____ () C:\Users\alumno\AppData\Local\BTServer.log
2016-05-11 13:11 - 2016-05-11 13:11 - 000002511 _____ () C:\Users\alumno\AppData\Local\recently-used.xbel
2016-10-19 16:55 - 2016-10-20 08:58 - 000007622 _____ () C:\Users\alumno\AppData\Local\Resmon.ResmonCfg
2018-07-07 01:07 - 2018-07-07 01:07 - 000000000 _____ () C:\Users\alumno\AppData\Local\{069F8C1D-158F-49C4-9355-3495295C477A}
==================== SigCheck ============================
(No existe una corrección automática para los archivos que no pasan la verificación.)
LastRegBack: 2020-04-22 03:04
==================== Final de FRST.txt ========================
En la siguiente respuesta pongo addition, que es muy largo y no entra aqui