Proceso notepad.exe acumula mucha memoria

Rodma · 6 Diciembre, 2019 12:34

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-12-2019
Ran by pc (06-12-2019 13:15:05) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: J - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: K - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {94a646c7-af01-11e3-90eb-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {9b04a7fa-e0b3-11e6-94f7-74d4351c9282} - H:\setup.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} - G:\iStudio.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d3-3004-11e7-a7b2-74d4351c9282} - K:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\...\MountPoints2: {d1d113d7-3004-11e7-a7b2-74d4351c9282} - J:\HiSuiteDownLoader.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe <==== ATTENTION
Task: C:\Windows\Tasks\IWEOJYP.job => C:\Users\pc\AppData\Roaming\IWEOJYP.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTLRTME.job => C:\Users\pc\AppData\Roaming\WTLRTME.exe <==== ATTENTION
C:\Users\pc\AppData\Roaming\IWEOJYP.exe
C:\Users\pc\AppData\Roaming\WTLRTME.exe
C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]
CHR HKLM-x32\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp]
S3 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2019-11-16 15:41 - 2019-11-16 15:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD
2018-02-02 20:52 - 2018-02-02 20:52 - 000000048 ____H () C:\Program Files (x86)\rad0fviyrv.dat
2014-09-01 09:18 - 2014-09-01 09:18 - 000001248 _____ () C:\Users\pc\AppData\Roaming\WTLRTME
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [221]
MSCONFIG\startupreg: 84ccd914 => C:\ProgramData\Intel\Wireless\e2d778d\hdahhcd.exe C:\ProgramData\Intel\Wireless\e2d778d\2737a28.au3
C:\ProgramData\Intel\Wireless\e2d778d


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94a646c7-af01-11e3-90eb-806e6f6e6963} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b04a7fa-e0b3-11e6-94f7-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b75ee0-0eaa-11e5-a4f9-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d113d3-3004-11e7-a7b2-74d4351c9282} => removed successfully
HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d113d7-3004-11e7-a7b2-74d4351c9282} => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
C:\Windows\Tasks\C2BkvTEs1ugKf1w74WC6Z2gH.job => moved successfully
C:\Windows\Tasks\IWEOJYP.job => moved successfully
C:\Windows\Tasks\WTLRTME.job => moved successfully
"C:\Users\pc\AppData\Roaming\IWEOJYP.exe" => not found
"C:\Users\pc\AppData\Roaming\WTLRTME.exe" => not found
"C:\Users\pc\AppData\Roaming\C2BkvTEs1ugKf1w74WC6Z2gH.exe" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olghjjajidfdflkafeekiojnfmiolccp => removed successfully
HKLM\System\CurrentControlSet\Services\BstHdDrv => removed successfully
BstHdDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => removed successfully
NTIOLib_1_0_C => service removed successfully
C:\Users\pc\AppData\Roaming\813df830e475125792f3f3fe3f2c865bOLD => moved successfully
C:\Program Files (x86)\rad0fviyrv.dat => moved successfully
C:\Users\pc\AppData\Roaming\WTLRTME => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk => moved successfully
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 1 - Chrome.lnk => Shortcut argument removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\84ccd914 => removed successfully
C:\ProgramData\Intel\Wireless\e2d778d => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3950879380-2275949493-3388743034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::1d39:1057:29a2:42e1%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.52
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet VirtualBox Host-Only Network:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::d42a:688b:6c1f:1c6f%13
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.56.1
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 

Adaptador de Ethernet VirtualBox Host-Only Network #2:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::4cf8:1cd9:caa0:8800%14
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.85.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 163800969 B
Java, Flash, Steam htmlcache => 197454681 B
Windows/system/drivers => 57388523 B
Edge => 0 B
Chrome => 669975346 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 79414137 B
systemprofile32 => 79480493 B
LocalService => 79480493 B
NetworkService => 80615689 B
pc => 4990536262 B
UpdatusUser => 4990536262 B

RecycleBin => 1794540837 B
EmptyTemp: => 12.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:20:10 ====

Buenas, pues parece que ya no sale el proceso de notepad, dejare unas horas por si acaso pero creo que se ha solucionado.

Y exactamente que infecciones tenia, era algun programa? Me gustaria saberlo para no volver a caer en el mismo error.

Muchas gracias