1.- He hecho el análisis del equipo con Dr. Web y ha detectado solo el desinstalador del USBFix que instalé de vuestra página. Me imagino que es un falso positivo. En cambio no ha visto ninguna amenaza en el disco F donde tengo la copia de seguridad del disco C. Te adjunto el reporte porque es muy grande y no deja subirlo: DrWebReport (Editado)
2.- No han vuelto a desaparecer archivos? De momento toco madera porque lleva ya una semana sin problema de borrado de ficheros.
3.- Sobre FRST: He creado el fichero fixlist.txt como me dijiste y pulsado sobre fix. Aquí está el reporte aunque parece que no tiene problema. Lo que sí que al terminar el antivirus me bloqueó un acceso a hosts como puedes ver también en el reporte:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
Ran by user07 (15-01-2019 10:32:46) Run:1
Running from C:\Users\user07\Desktop
Loaded Profiles: user07 (Available Profiles: user07)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\...\Run: [] => [X]
HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\...\MountPoints2: {1046a183-0458-11e9-ae53-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Tcpip\Parameters: [DhcpNameServer] 10.0.0.20 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{CD416A64-089A-435E-8FC4-C84045FAC572}: [DhcpNameServer] 10.0.0.20 80.58.61.254 80.58.61.250
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
U3 aswbdisk; no ImagePath
2019-01-08 09:17 - 2019-01-08 09:17 - 000000000 ____D C:\Users\user07\AppData\Local\CEF
2019-01-08 09:15 - 2019-01-08 09:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-08 09:14 - 2019-01-08 09:14 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-08 09:11 - 2019-01-08 09:30 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {B53EDE25-C10F-46E6-A3DA-0E9F8BA621FD} - System32\Tasks\{FF96174D-F796-4BD2-948A-A854B0F33800} => C:\Windows\system32\pcalua.exe -a "C:\Users\user07\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OKT3PBA\sp93025[1].exe" -d C:\Users\user07\Desktop
Task: {D4B6E7A1-DB24-4044-8551-B66110CA3D90} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-11] (AVAST Software)
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1046a183-0458-11e9-ae53-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{1046a183-0458-11e9-ae53-806e6f6e6963} => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD416A64-089A-435E-8FC4-C84045FAC572}\\DhcpNameServer" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\Users\user07\AppData\Local\CEF => moved successfully
C:\Windows\System32\Tasks\Avast Software => moved successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B53EDE25-C10F-46E6-A3DA-0E9F8BA621FD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B53EDE25-C10F-46E6-A3DA-0E9F8BA621FD}" => removed successfully
C:\Windows\System32\Tasks\{FF96174D-F796-4BD2-948A-A854B0F33800} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF96174D-F796-4BD2-948A-A854B0F33800}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D4B6E7A1-DB24-4044-8551-B66110CA3D90}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B6E7A1-DB24-4044-8551-B66110CA3D90}" => removed successfully
"C:\Windows\System32\Tasks\Avast Software\Overseer" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local mientras los medios
est‚n desconectados.
Adaptador de Ethernet Conexi¢n de rea local 2:
Sufijo DNS espec¡fico para la conexi¢n. . : sente.local
V¡nculo: direcci¢n IPv6 local. . . : fe80::136:202b:ee9a:5f21%11
Direcci¢n IPv4. . . . . . . . . . . . . . : 10.0.0.200
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 10.0.0.252
Adaptador de Ethernet Conexi¢n de rea local:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de t£nel isatap.{32BF05BD-5318-4990-8343-99AD617B3DB8}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de t£nel isatap.sente.local:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . : sente.local
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3052262105-1033707930-2950275881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10537625 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3354318 B
Edge => 0 B
Chrome => 56469305 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 18061 B
systemprofile32 => 66788 B
LocalService => 66228 B
NetworkService => 66228 B
user07 => 35185189 B
RecycleBin => 0 B
EmptyTemp: => 108.9 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-01-2019 10:37:35)
C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.
==== End of Fixlog 10:37:36 ====
Con respecto a la copia de seguridad ¿puedo fiarme de ella o qué me recomiendas? Gracias por tu interés.