Buenos días. Estoy eliminando el troyano Trojan.Agent.AutoIt y he visto que en todos los hilos siempre se recurre a un script del staff pero no sé cómo lo realizan ellos.
Adjunto mis FRST y Adittion y solicito ayuda con la realización de mi FIXLIST. Muchas gracias.
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 13-05-2020 01
Ejecutado por migue (administrador) sobre MIKEPC (LENOVO 90HY000WSP) (20-05-2020 11:38:21)
Ejecutado desde C:\Users\migue\OneDrive\Escritorio
Perfiles cargados: migue
Platform: Windows 10 Home Versión 1903 18362.836 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <7>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe <2>
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0348718.inf_amd64_74e86bb880d688c3\B348469\atiesrxx.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LITE-ON TECHNOLOGY CORP. -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12005.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skillbrains) [Archivo no firmado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Spotify AB -> Spotify Ltd) C:\Users\migue\AppData\Roaming\Spotify\Spotify.exe <5>
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\migue\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Lenovo Fundamental USB Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2644472 2017-04-10] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238568 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97127680 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [uTorrent] => C:\Users\migue\AppData\Roaming\uTorrent\uTorrent.exe [2073320 2020-03-09] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [AceStream] => C:\Users\migue\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-23] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [uTorrent] => C:\Users\migue\AppData\Roaming\uTorrent\uTorrent.exe [2073320 2020-03-09] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [AceStream] => C:\Users\migue\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-23] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [5431fa94] => C:\ProgramData\Intel\Wireless\788d1f8\idcjdac.exe C:\ProgramData\Intel\Wireless\788d1f8\40f2e73.au3
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2644472 2017-04-10] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\RunOnce: [Application Restart #1] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8983432 2018-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\RunOnce: [Application Restart #2] => C:\Users\migue\AppData\Roaming\Spotify\Spotify.exe [22827752 2020-05-17] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-17] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {0A0210AD-696B-48A6-AD81-AC6A3FB04996} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {0C40650B-5835-4AE7-B477-263BDA757606} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {0E2D8039-2FF5-461F-A9A3-660D10A0E46C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {1DC50C8A-EDE9-49BB-AE69-008BC9672CAB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {2029BB42-535D-48A5-8C22-2A3A415CAD93} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e409b60a-6c64-4e68-83b0-7c3d33bf3760 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {2CE5BBD6-4AE0-4171-884A-2F7C0A4579B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe [1454136 2020-05-17] (Adobe Inc. -> Adobe)
Task: {2FE5FD2F-1192-4C74-A2BF-FD01065C8C1C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3433EBAE-E8BB-462B-8065-2A93E841C439} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167712 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {34AA9219-D455-419B-AF93-0E516CBE0530} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369352 2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {34B4B84D-99E0-47EF-8562-E586E18D05B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6291864 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {35A89972-DDF7-471A-B6B8-BDE30CF4231C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {3CA1E93D-8161-4D37-A530-D56695E3AEC1} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759640 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {51BCBEBC-9131-4FEF-A79C-F3D7F759D77D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-27] (Google Inc -> Google Inc.)
Task: {522224D2-5179-4DFE-9F00-2CAA5F919C4D} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [158648 2020-03-31] (Lenovo -> Lenovo Group Ltd.)
Task: {58E8839B-5AB9-487A-89D8-5F443B064FDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167712 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {66D62973-750A-4B6C-B919-D4EA5C295FAB} - System32\Tasks\update-S-1-5-21-1055259697-3518968227-3811586982-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {71BB6AEB-C777-4ED8-A7D2-30D26A9EA960} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7201B050-C812-4365-AE46-F0431B19D0F4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8d893473-03e2-4879-aa64-fab6ba959cc7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {7A87FB81-C9FE-4CBD-8300-5C712E18E4F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6291864 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D01B98E-B9AD-4F07-8BFA-6B36BC2D458B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-17] (Adobe Inc. -> Adobe)
Task: {7D5EBDB1-8A53-4D3B-A5D3-95B173256037} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-27] (Google Inc -> Google Inc.)
Task: {856EEB13-7703-459C-A4A2-7898A66DAF6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369352 2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {872483CE-5175-422B-94C9-FDE5E4A2F0E6} - System32\Tasks\Microsoft\Office\Actualizaciones automáticas de Office => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [4505952 2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9087E6B9-6F56-47C5-83E2-8A7C8A54ED9C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c32af08c-32df-426a-8c87-83beb28abfcd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {AE7762DF-D219-4249-B3BD-5CC39AEF5221} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150264 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9AC851F-47B7-4F0B-AADA-C3B9BB591E56} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b127e7fe-0df7-4cbb-a9dd-12f54c038661 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {BCAA3981-DD2B-42C1-B615-E78580B4584F} - System32\Tasks\App Explorer => C:\Users\migue\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7499944 2020-05-13] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATENCIÓN
Task: {BEB6AC65-7DF0-4A2D-BBF5-B21B481B6584} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2350176 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D3EE1E76-BF8D-467D-87DD-0C844E821068} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {D4300CFA-2FAD-4B21-9EC2-EBF5044CED66} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F65C7E03-1E99-4C30-9972-9DACC3F33D83} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150264 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1055259697-3518968227-3811586982-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{35388de4-0516-4061-bc01-fa9ef1d0bd33}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{3e6af1b5-fa50-4818-866a-ed56e1e0c054}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Internet Explorer:
==================
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Sin Nombre -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Ningún archivo
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\eagleSniffer.dll => Ningún archivo
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => Ningún archivo
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\migue\AppData\Roaming\Mozilla\Firefox\Profiles\QjHqubFw.default [2018-11-27]
FF Extension: (Avira Browser Safety) - C:\Users\migue\AppData\Roaming\Mozilla\Firefox\Profiles\QjHqubFw.default\Extensions\[email protected] [2018-11-27] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] => no encontrado
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] => no encontrado
FF HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [Ningún archivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\migue\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001: eagleget.com/EagleGet32 -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\npEagleget.dll [Ningún archivo]
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\migue\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269: eagleget.com/EagleGet32 -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\npEagleget.dll [Ningún archivo]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default [2020-05-20]
CHR Notifications: Default -> hxxps://web.telegram.org
CHR StartupUrls: Default -> "hxxp://google.es/"
CHR Extension: (Presentaciones) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-27]
CHR Extension: (Documentos) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-27]
CHR Extension: (Google Drive) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-27]
CHR Extension: (YouTube) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-27]
CHR Extension: (Tampermonkey) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-06]
CHR Extension: (ARC Welder) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2019-01-28]
CHR Extension: (Hojas de cálculo) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-27]
CHR Extension: (Avira Navegación segura) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2020-05-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-17]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-05-20]
CHR Extension: (Avast Online Security) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-28]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2019-01-28]
CHR Extension: (Ace Script) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-12-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Gmail) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-18]
CHR Profile: C:\Users\migue\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-20]
CHR Profile: C:\Users\migue\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0348718.inf_amd64_74e86bb880d688c3\B348469\atiesrxx.exe [516832 2019-11-27] (Advanced Micro Devices, Inc. -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210184 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535960 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484160 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484160 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575800 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [124064 2019-06-03] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636264 2020-05-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-03-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11600776 2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-08-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe [18696 2020-03-10] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-18] (Malwarebytes Inc -> Malwarebytes)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [139952 2020-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [105840 2020-05-18] (Microsoft Windows -> Microsoft Corporation)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [705440 2019-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [X]
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1371768 2019-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 AMDHDAudBusService; C:\WINDOWS\System32\drivers\amdhdaudbus.sys [76704 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0348718.inf_amd64_74e86bb880d688c3\B348469\atikmdag.sys [53509344 2019-11-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0348718.inf_amd64_74e86bb880d688c3\B348469\atikmpag.sys [601848 2019-11-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [138544 2019-05-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208016 2020-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-05-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-18] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-05-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-05-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-05-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-19] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1154336 2019-05-21] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [784032 2019-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11512400 2019-12-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) ===================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-05-20 11:39 - 2020-05-20 11:39 - 000000000 ____D C:\Users\migue\AppData\LocalLow\IGDump
2020-05-20 11:27 - 2020-05-20 11:29 - 000057943 _____ C:\Users\migue\Downloads\Addition.txt
2020-05-20 11:22 - 2020-05-20 11:38 - 000000000 ____D C:\FRST
2020-05-20 11:22 - 2020-05-20 11:29 - 000208588 _____ C:\Users\migue\Downloads\FRST.txt
2020-05-20 11:09 - 2020-05-20 11:09 - 000001691 _____ C:\Users\migue\Downloads\kk.txt
2020-05-20 10:44 - 2020-05-20 10:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-05-20 10:44 - 2020-05-20 10:44 - 000002870 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-05-20 10:44 - 2020-05-20 10:44 - 000000870 _____ C:\ProgramData\Escritorio\CCleaner.lnk
2020-05-20 10:44 - 2020-05-20 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-05-20 10:44 - 2020-05-20 10:44 - 000000000 ____D C:\Program Files\CCleaner
2020-05-20 10:42 - 2020-05-20 10:42 - 025306104 _____ (Piriform Software Ltd) C:\Users\migue\Downloads\ccsetup566.exe
2020-05-19 13:47 - 2020-05-19 13:47 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\migue\Downloads\Zoom_o42l8sofizku_a1af65f2fb593be2.exe
2020-05-19 10:47 - 2020-05-19 10:47 - 000125088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-05-18 23:56 - 2020-05-18 23:56 - 025444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 019851264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 007822888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 007011840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 006291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 005098352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 003822080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 003513856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-05-18 23:56 - 2020-05-18 23:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-05-18 23:56 - 2020-05-18 23:56 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 002073176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001637376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001559040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001556200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-05-18 23:56 - 2020-05-18 23:56 - 001507328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001306112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-05-18 23:56 - 2020-05-18 23:56 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001099600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000852992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000540200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.PredictionUnit.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-05-18 23:56 - 2020-05-18 23:56 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000345016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-05-18 23:56 - 2020-05-18 23:56 - 000299064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2020-05-18 23:56 - 2020-05-18 23:56 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000262848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConsoleLogon.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-05-18 23:56 - 2020-05-18 23:56 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Clipboard.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000139952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityRuntime.dll
2020-05-18 23:56 - 2020-05-18 23:56 - 000135168 _____ (Microsoft Corporation) 
Create registry backup
Con los demás programas cerrados ve a 
Nota 
Sigo de cerca mi equipo para ver si vuelve a ocurrir!