Troyanos bitcoinminer y ureslas.B

El escaneo del SpyHunter me ha dado varios problemas. Los más graves son: Troyano bitconminer y troyano ureslas.B

¿Podrías ayudarme a eliminarlos?

Y otra cuestion: ¿Es fiable el SpyHunter 5?

Hola @TomBogart y Bienvenido al Foro.!!!

Desinstala inmediatamente ese software, NO sirve para nada o mejor dicho NO sirve para lo que se supone que debería servir. :-1:

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Personalizado. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del programa :arrow_forward: Historial de detecciones :arrow_backward: encontrarás el informe de MBAM, que debes copiar y pegar en tu próxima respuesta, para poder analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer/Responsabilidad, pulsamos Sí/Yes

  • En la ventana principal pulsamos en el botón Analizar/Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(más de 64.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

El ordenador creo que funciona con corrección. No todos los pasos han funcionado según las instrucciones pero creo haberlo hecho bien. En fin ahí están los informes. Muchas gracias. Tomàs Cerdà

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 5/1/20
Hora del análisis: 13:47
Archivo de registro: 8e677ad8-2fb9-11ea-a419-c038968dba86.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.785
Versión del paquete de actualización: 1.0.17281
Licencia: Gratis

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: TOMAS\Tom\u00c3\u00a1s

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 285695
Amenazas detectadas: 29
Amenazas en cuarentena: 29
Tiempo transcurrido: 4 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 5
PUP.Optional.Restoro, HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, En cuarentena, 733, 551612, 1.0.17281, , ame, 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, En cuarentena, 733, 551619, , , , 
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, En cuarentena, 733, 551619, 1.0.17281, , ame, 
PUP.Optional.Restoro, HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Restoro, En cuarentena, 733, 551610, 1.0.17281, , ame, 
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, En cuarentena, 733, 551614, 1.0.17281, , ame, 

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 24
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, En cuarentena, 733, 551609, 1.0.17281, , ame, 
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_BACKGROUND.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\001.TMP, En cuarentena, 598, 327133, 1.0.17281, 35CE58FADF0910B0966117D5, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_PADDING.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\64.TMP, En cuarentena, 598, 563412, 1.0.17281, , ame, 
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\JSON_COMMON_ADAPTER.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_DIRECTION.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\32.TMP, En cuarentena, 598, 441760, 1.0.17281, D8C08B392C0FD70646F33BA3, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\EXCLUSIONLIST.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_MARGINS.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX2\001.TMP, En cuarentena, 598, 327133, 1.0.17281, 35CE58FADF0910B0966117D5, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\OPTIONS.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX2\64.TMP, En cuarentena, 598, 563412, 1.0.17281, , ame, 
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX1\001.TMP, En cuarentena, 598, 327133, 1.0.17281, 35CE58FADF0910B0966117D5, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX1\64.TMP, En cuarentena, 598, 563412, 1.0.17281, , ame, 
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX3\001.TMP, En cuarentena, 598, 327133, 1.0.17281, 35CE58FADF0910B0966117D5, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX3\64.TMP, En cuarentena, 598, 563412, 1.0.17281, , ame, 
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_CONTAINER.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\ADAPTER.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_OUTPUT.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX2\32.TMP, En cuarentena, 598, 441760, 1.0.17281, D8C08B392C0FD70646F33BA3, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX3\32.TMP, En cuarentena, 598, 441760, 1.0.17281, D8C08B392C0FD70646F33BA3, dds, 00532048
Trojan.Dropper, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX0\_INSPECT.ZIP, En cuarentena, 804, 647956, 1.0.17281, 97239D70251F4BAAB2CA0751, dds, 00532048
Trojan.BitCoinMiner, C:\USERS\TOMáS\APPDATA\LOCAL\TEMP\RARSFX1\32.TMP, En cuarentena, 598, 441760, 1.0.17281, D8C08B392C0FD70646F33BA3, dds, 00532048

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2019-12-17.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-05-2020
# Duration: 00:00:28
# OS:       Windows 8.1
# Scanned:  35232
# Detected: 79


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki                    C:\ProgramData\Pokki
Adware.pokki                    C:\Users\Public\Pokki
Adware.pokki                    C:\Users\Tomás\AppData\Local\Pokki
PUP.Adware.Heuristic            C:\ProgramData\AVG_UPDATE_0215TB
PUP.Optional.FileViewPro        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
PUP.Optional.Legacy             C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy             C:\ProgramData\TotalAV
PUP.Optional.Legacy             C:\Users\Tomás\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy             C:\Users\Tomás\AppData\Roaming\AdvertismentImages
PUP.Optional.Legacy             C:\Users\Tomás\Documents\TotalAV
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite
PUP.Optional.SpyHunter          C:\Program Files (x86)\Enigma Software Group

***** [ Files ] *****

PUP.Optional.Legacy             C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpService64.dll
PUP.Optional.PCAppStore         C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
PUP.Optional.SpyHunter          C:\Windows\SysWOW64\sh4native.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy             C:\Windows\System32\Tasks\SWEETLABS APP PLATFORM

***** [ Registry ] *****

Adware.pokki                    HKCU\Software\Classes\pokki
Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Adware.pokki                    HKCU\Software\SweetLabs App Platform
PUP.Adware.Heuristic            HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn|SBOEM0
PUP.Adware.Heuristic            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn|SBOEM1
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{278A4AAF-47AE-4625-A3FA-E9B52E96D602}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.PCProtect          HKCU\Software\SSProtect
PUP.Optional.SpyHunter          HKLM\Software\Wow6432Node\EnigmaSoftwareGroup
PUP.Optional.TotalAV            HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.VisualDiscovery    HKLM\Software\Wow6432Node\VisualDiscovery
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Web Search
PUP.Optional.Legacy             http://homepage-web.com/?s=lenovo&m=start
PUP.Optional.Legacy             iZito.com
PUP.Optional.SofTonicAssistant  http://search.softonic.com/MOY00013/tb_v1?SearchSource=48&cc=&mi=682cbc3700000000000006197d6f4514&toi=16038

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoEnergyManager   Folder   C:\Program Files (x86)\LENOVO\ENERGY MANAGER 
Preinstalled.LenovoEnergyManager   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\ENERGY MANAGER 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Energy Manager 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Lenovo Utility 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Energy Manager 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Lenovo Utility 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE} 
Preinstalled.LenovoEnergyManager   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AC768037-7079-4658-AC24-2897650E0ABE} 
Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.Pokki   File   C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk 


AdwCleaner[S00].txt - [9180 octets] - [05/01/2020 14:07:52]
AdwCleaner_Debug.log - [17341 octets] - [05/01/2020 14:11:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by Tom s (Administrator) on 05/01/2020 at 14:17:22,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Successfully deleted: C:\ProgramData\avg security toolbar (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\pokki (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\fileviewpro (Folder) 
Successfully deleted: C:\Users\Tom s\AppData\Local\packageaware (Folder) 
Successfully deleted: C:\Users\Tom s\AppData\Local\pokki (Folder) 
Successfully deleted: C:\Users\Tom s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pc app store.lnk (Shortcut) 
Successfully deleted: C:\Users\Tom s\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\Program Files (x86)\freerip (Folder) 


Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9496C197-115C-491E-8863-052635856A83} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/01/2020 at 14:18:25,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 28-12-2019
Ejecutado por Tomás (administrador) sobre TOMAS (LENOVO 20351) (05-01-2020 14:21:02)
Ejecutado desde C:\Users\Tomás\Desktop
Perfiles cargados: Tomás (Perfiles disponibles: Tomás)
Platform: Windows 8.1 (Update) (X64) Idioma: Español (España, internacional)
Navegador predeterminado: FF
Modo de Inicio: Normal
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

() [Archivo no firmado] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(GuinpinSoft inc) [Archivo no firmado] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [Archivo no firmado] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Users\Tomás\Desktop\JRT.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Tomás\Desktop\adwcleaner_8.0.1.exe
(Microsoft Corporation) [Archivo no firmado] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [Archivo no firmado]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation) [Archivo no firmado]
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-02-27] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-11-12] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-11-12] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [228120 2019-12-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [uTorrent] => C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe [1823976 2019-10-14] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [Google Update] => C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe [219592 2019-12-13] (Google LLC -> Google LLC)
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2020-01-05] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\system: [shell] explorer.exe <==== ATENCIÓN
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {081908b4-6e5f-11e7-8363-c038968dba86} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f1ec-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f251-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {9d5608da-ad47-11e8-8380-c038968dba86} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {dbe86d9e-bc2e-11e8-8382-c038968dba86} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2014-10-29] (Microsoft Windows -> Microsoft Corporation) <==== ATENCIÓN
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restricción ? <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {02621FE9-E0CE-4EDD-9672-70BFAD822459} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {0F2DABFD-C2BB-4386-BEDF-DDC3AB0254AF} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {272576D6-787B-4EAE-AFBD-6392775ACB6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854930288-4104776995-3045863489-1001UA => C:\Users\Tomás\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-05] (Google Inc -> Google Inc.)
Task: {278A4AAF-47AE-4625-A3FA-E9B52E96D602} - System32\Tasks\SweetLabs App Platform => C:\Users\Tomás\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {3299E923-ED7E-43BF-92CE-EA02081AB974} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [4460472 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {33CDB5A2-832E-47B5-99F0-E2A766B3DF79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3755DF3E-0CEA-4E53-90D2-839E5F863A9C} - System32\Tasks\Opera scheduled Autoupdate 1426193309 => C:\Program Files (x86)\Opera\launcher.exe [1346584 2019-12-19] (Opera Software AS -> Opera Software)
Task: {4C9D81E2-5C95-4F61-B0E9-948C2BC6B7CE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {55A480EE-13AE-4101-866E-85923384207B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {5B875102-0D1A-4F43-9761-A07DE787A384} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-10] (Adobe Inc. -> Adobe)
Task: {5BBF7BBD-A0FB-4F40-B953-4E4882DA3E3A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [4818848 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {724E6004-F522-4004-B6CD-2637332D07BF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {7ADA0C58-4CFB-4559-97C2-2D13E8F05404} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {7BEF33FB-C802-405E-9BE2-BC9420B82ECD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {894431C5-36EC-4A66-991A-145666F90E0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-08] (Google Inc -> Google Inc.)
Task: {8E49BBBA-F5FF-4E9D-AD1D-BB2F9FE7C63B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2020-01-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B1E760C0-145A-4EF6-BB3A-48CC21009B95} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2757672 2019-11-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B8F6F1AE-1BEC-409F-8FBA-7691335137B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2020-01-05] (Piriform Software Ltd -> Piriform Ltd)
Task: {BF829ABF-9352-425B-A844-394D2E1362B3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {CFA03F04-CD56-4C4B-A309-5A24191E89A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-08] (Google Inc -> Google Inc.)
Task: {E0C26A92-C271-4B72-AAFC-1CB892C4F43D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [17184 2014-05-30] (LENOVO -> Lenovo)
Task: {F950C124-A99E-428B-BEF0-265D6D4E2F16} - System32\Tasks\Adobe[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {FE8E1AB5-0C75-4306-9E5B-CEBDEF82C8F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854930288-4104776995-3045863489-1001Core => C:\Users\Tomás\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-05] (Google Inc -> Google Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{383029B4-C2EA-4841-A124-28BB2A960F7E}: [DhcpNameServer] 212.231.6.7 46.6.113.34
Tcpip\..\Interfaces\{4CF2BD54-369B-4DAB-B5D2-AB6C2F67E6E4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D93453F9-527C-4110-8907-2D8D643FE70A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001 -> DefaultScope {9496C197-115C-491E-8863-052635856A83} URL = 
SearchScopes: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.es/search?q={searchTerms}

FireFox:
========
FF DefaultProfile: djzsnc90.default-1440170854994-1521644691077
FF ProfilePath: C:\Users\Tomás\AppData\Roaming\Pencil\Profiles\mlm6yjxc.default [2016-05-03]
FF ProfilePath: C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077 [2020-01-05]
FF Extension: (General Catalan dictionary) - C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077\Extensions\[email protected] [2018-12-15]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077\Extensions\[email protected] [2019-02-03]
FF Extension: (AdBlock) - C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077\Extensions\[email protected] [2019-10-11]
FF Extension: (YouTube Converter Button) - C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2020-01-03]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Tomás\AppData\Roaming\Mozilla\Firefox\Profiles\djzsnc90.default-1440170854994-1521644691077\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2018-03-31]
FF ProfilePath: C:\Users\Tomás\AppData\Roaming\Greyfirst\Celtx\Profiles\ho3ilaah.default [2019-12-31]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2016-01-24] [Heredado] [no firmado]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2019-10-20] [Heredado] [no firmado]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messa[email protected] [2016-01-24] [Heredado] [no firmado]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2019-10-20] [Heredado] [no firmado]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2016-01-24] [Heredado] [no firmado]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2016-01-24] [Heredado] [no firmado]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2019-10-20] [Heredado] [no firmado]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ningún archivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ningún archivo]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Ningún archivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2854930288-4104776995-3045863489-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2854930288-4104776995-3045863489-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.google.es/
CHR StartupUrls: Profile 2 -> "hxxp://www.google.es/","hxxps://www.google.com/","hxxp://search.softonic.com/MOY00013/tb_v1?SearchSource=48&cc=&mi=682cbc3700000000000006197d6f4514&toi=16038","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://homepage-web.com/?s=lenovo&m=start"
CHR Profile: C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-01-05]
CHR Profile: C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-01-05]
CHR Extension: (Documentos) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-07]
CHR Extension: (Google Drive) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-21]
CHR Extension: (Gliffy Diagrams) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2017-08-25]
CHR Extension: (YouTube) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-21]
CHR Extension: (Axure RP Extension for Chrome) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dogkpdfcklifaemcdfbildhcofnopogp [2018-01-15]
CHR Extension: (Hojas de cálculo) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-07]
CHR Extension: (Avira Navegación segura) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-12-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\Tomás\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera: 
=======
OPR DownloadDir: E:\Descargas
OPR Extension: (SaveFrom.net helper) - C:\Users\Tomás\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2015-08-15]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [240128 2014-03-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210168 2019-12-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535352 2019-11-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484768 2019-11-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484768 2019-11-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [567872 2019-11-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc. -> Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [612944 2019-12-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [Archivo no firmado]
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2019-11-15] (GuinpinSoft inc) [Archivo no firmado]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Archivo no firmado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-12] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Archivo no firmado]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13935104 2014-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [628224 2014-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207784 2019-12-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-07-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-05] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

==================== Un mes (creado) ===================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-05 14:21 - 2020-01-05 14:21 - 000035680 _____ C:\Users\Tomás\Desktop\FRST.txt
2020-01-05 14:20 - 2020-01-05 14:21 - 000000000 ____D C:\FRST
2020-01-05 14:18 - 2020-01-05 14:19 - 000001608 _____ C:\Users\Tomás\Desktop\JRT.txt
2020-01-05 14:06 - 2020-01-05 14:07 - 000000000 ____D C:\AdwCleaner
2020-01-05 14:01 - 2020-01-05 14:01 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-05 14:01 - 2020-01-05 14:01 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-05 13:58 - 2020-01-05 14:00 - 000005562 _____ C:\Users\Tomás\Desktop\MB-Informe.txt
2020-01-05 13:45 - 2020-01-05 13:45 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-05 13:45 - 2020-01-05 13:45 - 000001975 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-05 13:45 - 2020-01-05 13:45 - 000001975 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-05 13:45 - 2020-01-05 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-05 13:44 - 2020-01-05 13:44 - 001883976 _____ (Malwarebytes) C:\Users\Tomás\Desktop\MBSetup-009996.009996-consumer.exe
2020-01-05 13:38 - 2020-01-05 13:38 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-05 11:21 - 2020-01-05 11:21 - 000107465 _____ C:\Users\Tomás\Desktop\Yahoo Mail - [ForoSpyware] [Eliminar Malwares] Troyanos bitcoinminer y ureslas.B.pdf
2020-01-05 11:12 - 2020-01-05 14:10 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-01-05 11:12 - 2020-01-05 14:01 - 000000000 ____D C:\Program Files\CCleaner
2020-01-05 11:12 - 2020-01-05 11:12 - 000002802 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-01-05 11:12 - 2020-01-05 11:12 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-01-05 11:12 - 2020-01-05 11:12 - 000000845 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-01-05 11:12 - 2020-01-05 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-01-05 11:09 - 2020-01-05 11:09 - 002272256 _____ (Farbar) C:\Users\Tomás\Desktop\FRST64.exe
2020-01-05 11:08 - 2020-01-05 11:08 - 001790024 _____ (Malwarebytes) C:\Users\Tomás\Desktop\JRT.exe
2020-01-05 11:07 - 2020-01-05 11:07 - 008237744 _____ (Malwarebytes) C:\Users\Tomás\Desktop\adwcleaner_8.0.1.exe
2020-01-05 11:03 - 2020-01-05 11:03 - 025441808 _____ (Piriform Software Ltd) C:\Users\Tomás\Desktop\ccsetup562.exe
2020-01-04 00:49 - 2020-01-04 00:49 - 000000000 ____D C:\Users\Tomás\AppData\Local\mbamtray
2020-01-04 00:49 - 2020-01-04 00:49 - 000000000 ____D C:\Users\Tomás\AppData\Local\mbam
2020-01-04 00:49 - 2020-01-04 00:49 - 000000000 ____D C:\Users\Tomás\AppData\Local\cache
2020-01-03 19:53 - 2020-01-03 19:53 - 000000000 ____D C:\ProgramData\TotalAV
2019-12-28 22:55 - 2019-12-28 22:55 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk
2019-12-28 22:55 - 2019-12-28 22:55 - 000001147 _____ C:\ProgramData\Desktop\Avira.lnk
2019-12-21 23:36 - 2019-12-21 23:37 - 000000000 ____D C:\fotosVideoWhatsapp2019
2019-12-06 13:49 - 2019-12-11 12:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2020-01-05 14:17 - 2015-07-14 19:23 - 000000000 ____D C:\Users\Tomás\AppData\Local\AE616168-6B9D-4AEA-9256-0CC07874A95D.aplzod
2020-01-05 14:06 - 2015-03-12 21:45 - 000000000 ____D C:\Program Files (x86)\Opera
2020-01-05 14:06 - 2015-03-05 20:03 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2854930288-4104776995-3045863489-1001
2020-01-05 14:05 - 2014-11-13 05:50 - 000812192 _____ C:\WINDOWS\system32\perfh00A.dat
2020-01-05 14:05 - 2014-11-13 05:50 - 000167450 _____ C:\WINDOWS\system32\perfc00A.dat
2020-01-05 14:05 - 2014-03-18 10:53 - 001833224 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-05 14:05 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2020-01-05 14:02 - 2016-11-16 18:03 - 000000000 ____D C:\Users\Tomás\AppData\LocalLow\Mozilla
2020-01-05 14:01 - 2015-08-21 16:13 - 000000000 ___RD C:\Users\Tomás\OneDrive
2020-01-05 14:01 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-05 13:45 - 2015-08-23 10:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-05 11:21 - 2015-03-12 12:47 - 000133632 ___SH C:\Users\Tomás\Desktop\Thumbs.db
2020-01-05 11:16 - 2015-07-26 20:18 - 000000000 ____D C:\Users\Tomás\AppData\Roaming\uTorrent
2020-01-05 11:16 - 2015-04-09 12:05 - 000000000 ____D C:\Users\Tomás\AppData\Local\PDFCreator
2020-01-05 11:15 - 2014-04-03 20:15 - 000000000 ____D C:\WINDOWS\Panther
2020-01-05 10:54 - 2019-07-16 18:53 - 000000000 ____D C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2020-01-05 10:40 - 2015-03-12 11:24 - 000000000 ____D C:\Users\Tomás\AppData\Local\Adobe
2020-01-04 00:57 - 2015-03-05 19:58 - 000000000 ____D C:\Users\Tomás
2020-01-04 00:56 - 2017-08-25 14:44 - 000000000 ____D C:\Program Files (x86)\eMuleTorrent
2020-01-02 19:57 - 2015-05-23 23:57 - 000000000 ____D C:\Users\Tomás\AppData\Roaming\Spotify
2019-12-28 22:55 - 2015-07-22 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-12-28 22:55 - 2014-11-12 21:33 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-23 22:59 - 2018-09-19 20:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-22 01:32 - 2015-05-24 00:27 - 000000000 ____D C:\Users\Tomás\AppData\Local\Spotify
2019-12-22 00:13 - 2019-09-29 14:59 - 000000000 ____D C:\Users\Tomás\AppData\Roaming\vlc
2019-12-21 20:31 - 2017-12-20 13:19 - 000000000 ____D C:\BancSantander
2019-12-20 16:11 - 2017-06-30 20:38 - 000001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-12-20 16:11 - 2015-03-12 21:48 - 000003848 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1426193309
2019-12-19 00:09 - 2015-12-08 14:33 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-19 00:09 - 2015-12-08 14:33 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-19 00:09 - 2015-12-08 14:33 - 000002212 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-17 21:41 - 2019-10-25 11:59 - 000000000 ____D C:\Caser-SeguroPisoSonRapinya
2019-12-16 17:10 - 2016-01-01 22:19 - 000000000 ____D C:\bb
2019-12-15 18:19 - 2019-11-23 16:16 - 000000000 ____D C:\fotosWhat'sappTomas2019
2019-12-13 23:37 - 2015-12-08 14:31 - 000003536 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-13 23:37 - 2015-12-08 14:31 - 000003408 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-13 23:10 - 2016-03-05 09:37 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854930288-4104776995-3045863489-1001UA
2019-12-13 23:10 - 2016-03-05 09:37 - 000003442 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854930288-4104776995-3045863489-1001Core
2019-12-11 12:44 - 2015-05-12 10:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-11 12:44 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2019-12-11 12:41 - 2015-05-12 10:05 - 000001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-10 16:17 - 2015-04-26 08:45 - 000004296 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2019-12-10 16:17 - 2015-03-15 12:42 - 000004420 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-10 16:17 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-10 16:17 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-12-10 11:30 - 2018-03-13 12:47 - 000004486 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-06 19:54 - 2019-07-19 14:01 - 000207784 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-12-06 12:57 - 2016-01-12 11:41 - 000000000 ____D C:\Users\Tomás\AppData\Roaming\Audacity

==================== Archivos en la raíz de algunos directorios ========

2015-05-28 11:56 - 2015-05-28 11:56 - 000000322 _____ () C:\Users\Tomás\AppData\Roaming\repmand.ini
2015-05-28 11:56 - 2015-05-28 11:56 - 000000033 _____ () C:\Users\Tomás\AppData\Roaming\repmandlib.ini
2015-03-05 19:59 - 2020-01-05 14:17 - 003165000 _____ () C:\Users\Tomás\AppData\Local\BTServer.log
2019-09-24 16:44 - 2019-09-24 16:44 - 000007047 _____ () C:\Users\Tomás\AppData\Local\recently-used.xbel
2016-03-03 22:25 - 2016-03-03 22:25 - 000000032 RSHOT () C:\Users\Tomás\AppData\Local\t70rc.dat

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2020-01-05 10:50
==================== Final de FRST.txt ========================
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 28-12-2019
Ejecutado por Tomás (05-01-2020 14:22:02)
Ejecutado desde C:\Users\Tomás\Desktop
Windows 8.1 (Update) (X64) (2015-03-05 18:58:43)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-2854930288-4104776995-3045863489-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2854930288-4104776995-3045863489-1003 - Limited - Enabled)
Invitado (S-1-5-21-2854930288-4104776995-3045863489-501 - Limited - Disabled)
Tomás (S-1-5-21-2854930288-4104776995-3045863489-1001 - Administrator - Enabled) => C:\Users\Tomás

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\uTorrent) (Version: 3.5.5.45365 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E2E5B9E-BCCC-066F-BBB5-4DCA7289E2CD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avira (HKLM-x32\...\{4e6a365c-99da-4552-bea4-b13f55457be4}) (Version: 1.2.141.10870 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{93A3C9E9-C927-43EC-B42F-29C3B5670A2E}) (Version: 1.2.141.10870 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.1912.1683 - Avira Operations GmbH & Co. KG)
Axure RP Pro 7.0 (HKLM-x32\...\{030F3DD4-D90D-40FD-946A-D775C2DD8A98}) (Version: 7.0.0.3159 - Axure Software Solutions, Inc.) Hidden
Axure RP Pro 7.0 (HKLM-x32\...\Axure RP Pro 7.0) (Version: 7.0.0.3159 - Axure Software Solutions, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxoft PDF to WORD (freeware) (HKLM-x32\...\Boxoft PDF to WORD (freeware)_is1) (Version:  - boxoft Solution)
calibre (HKLM-x32\...\{ED468F84-6B55-4FFD-A0C2-3C2064696A88}) (Version: 3.40.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (es-ES) - Greyfirst)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CopyTrans Suite Remove Only (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
Cronos (HKLM-x32\...\Cronos) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
eMuleTorrent (HKLM-x32\...\eMuleTorrent) (Version: 2.0.0.6 - eMule.com)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
eXe -- eLearning XHTML editor (HKLM-x32\...\exe) (Version:  - eXe Project)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Free M4a to MP3 Converter 9.7 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
FreeRIP MP3 Converter 5.5.0.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.5.0.2 - GreenTree Applications SRL)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Host App Service (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\SweetLabs_AP) (Version: 0.269.7.800 - Pokki) <==== ATENCIÓN
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
intelliScore Ensemble MP3 to MIDI Converter Demo (HKLM-x32\...\intelliScore Ensemble MP3 to MIDI Converter Demo) (Version: 8.1.2 - Innovative Music Systems)
iZotope RX 7 Audio Editor Advanced (HKLM\...\RX 7 Audio Editor Advanced_is1) (Version: 7.00 - iZotope & Team V.R)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JPEG Compressor 2019 (HKLM-x32\...\JPEG Compressor_is1) (Version: 2019 - Compressor Software)
JPEG to PDF 1.0 (HKLM-x32\...\{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1) (Version:  - jpegtopdf.com)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10264 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.31.1 - ELAN Microelectronic Corp.)
Lenovo Web Start (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki) <==== ATENCIÓN
Magic DVD Ripper V9.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
MakeMKV v1.14.5 (HKLM-x32\...\MakeMKV) (Version: v1.14.5 - GuinpinSoft inc)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 71.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 71.0 (x64 es-ES)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Nombre de su organización)
Opera Stable 65.0.3467.78 (HKLM-x32\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software)
Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Pixate Studio (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\pixate) (Version: 2.0.1 - Pixate Inc.)
Prepros 5.10.2 (HKLM-x32\...\Prepros) (Version: 5.10.2 - Subash Pathak)
PX Profile Update (HKLM-x32\...\{954CFDDE-AF07-2AF9-9600-706E798D42BA}) (Version: 1.00.1. - AMD) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.100813 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
Renta 2014 1.20 (HKLM-x32\...\8330-1526-1221-2374) (Version: 1.20 - AEAT)
Secure Download Manager (HKLM-x32\...\{893418B4-4F82-4FED-9DA3-75C82778FC30}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Spotify (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)
Start Menu (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.800 - Pokki) <==== ATENCIÓN
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\WhatsApp) (Version: 0.2.9229 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 7 Pro(Build 7.0.3) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.0.3.4309 - Wondershare Software Co.,Ltd.)
Packages:
=========
Google Search -> C:\Program Files\WindowsApps\GoogleInc.GoogleSearch_1.2.1.12_x64__yfg5n0ztvskxp [2015-08-21] (Google Inc)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-03-12] (Lenovo, INC.)
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-21] (Skype) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1-x32: [AJC] -> {5071CDA5-D3E1-11D5-BFC0-005004A71005} => C:\Program Files (x86)\Advanced JPEG Compressor\ContextMenuExt.dll [2019-01-04] (Compressor Software Developer, Oleg Lisowski -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-01-06] (Realtek Semiconductor Corporation) [Archivo no firmado]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-05-01] (Florian Heidenreich) [Archivo no firmado]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-05-01] (Florian Heidenreich) [Archivo no firmado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-05-01] (Florian Heidenreich) [Archivo no firmado]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-03-11] (Advanced Micro Devices, Inc.) [Archivo no firmado]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-01-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.2-p95-x64\Interactive Ruby.lnk -> C:\Ruby22-x64\bin\irb.bat ()
Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.2-p95-x64\RubyGems Documentation Server.lnk -> C:\Ruby22-x64\bin\gem.bat ()
Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Tomás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Módulos cargados (Lista blanca) =============

2014-02-26 09:11 - 2014-02-26 09:11 - 000523264 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-26 09:11 - 2014-02-26 09:11 - 000297984 _____ (Intel Corporation) [Archivo no firmado] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2003-04-03 19:05 - 2003-04-03 19:05 - 000024576 _____ (Microsoft Corporation) [Archivo no firmado] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\3082\mdmui.dll
2006-10-26 13:40 - 2006-10-26 13:40 - 000192512 _____ (Microsoft Corporation) [Archivo no firmado] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2014-11-12 21:52 - 2012-02-14 19:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [Archivo no firmado] C:\WINDOWS\system32\Rtlihvs.dll
2014-11-12 21:46 - 2013-07-17 19:39 - 000024576 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpIo64.dll
2014-11-12 21:46 - 2014-02-24 18:37 - 000445440 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DllMonoCtrl.dll
2014-11-12 21:46 - 2011-11-11 17:42 - 000032768 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\Dun.dll
2014-11-12 21:46 - 2014-03-19 11:46 - 000354304 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\FtpShellExt.dll
2014-11-12 21:46 - 2014-03-25 14:18 - 000705536 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\obexpf.dll
2014-11-12 21:46 - 2013-03-01 16:17 - 000045568 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\rtsocket.dll
2014-11-12 21:46 - 2014-02-10 09:43 - 000290816 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2014-11-12 21:46 - 2013-07-17 19:39 - 000025600 _____ (Realtek Semiconductor Corporation) [Archivo no firmado] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\VendorCmdExport.dll
2019-07-21 17:33 - 2017-10-19 09:17 - 000271360 _____ (Wondershare Software) [Archivo no firmado] C:\WINDOWS\System32\WSPDFelementMonitor.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer sitios de confianza/restringidos ==========

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Hay 7865 más sitios.

IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\123simsen.com -> www.123simsen.com

Hay 7865 más sitios.


==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2013-08-22 14:25 - 2015-04-11 10:46 - 000450709 ____N C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Hay 15463 más lineas.


==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall de Windows está habilitado.

Network Binding:
=============
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A85EA9B12782315913D6E86E96C7EADF"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{5BBC5B6C-E3A1-44D5-9542-CBC94D24AA44}] => (Allow) LPort=55100
FirewallRules: [{D2C87139-D3A2-4386-AEE5-BD4BA5FC9436}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{516CC5C0-2411-4E62-8A8D-56975BEA2D30}C:\users\tomás\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomás\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D98BD52-39A0-4F2C-9C16-7ECC6E2CAF8C}C:\users\tomás\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomás\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{A782F97E-4E47-49B4-A16F-10539EC1D73F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [Archivo no firmado]
FirewallRules: [UDP Query User{09C02AF9-92ED-40AA-85A8-36350345E2CA}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe (hxxp://www.emule-project.net) [Archivo no firmado]
FirewallRules: [{DC424BC0-BED7-454F-A3A4-0CF8F5B6E214}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A45C83E6-C671-4158-BCF9-5DEC727D7F0D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{688AD197-4A8D-4807-8287-A7D61B561C7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{34160653-FAB6-4B05-8DC7-57E5BE45F030}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FCBEC075-0DBC-442C-BAA3-80861DD4D728}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1D4B993C-FD80-4911-AB9C-591B2D20129E}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{ABF2FBE1-E689-4944-8CF7-E522BDECC6FF}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7D29D2B0-2777-451B-A908-79BEF49E5398}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{41A9A40F-5C61-4E83-9E64-496AFE22B659}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{61494B61-E84D-478A-BF01-A4B0CC236217}] => (Allow) C:\Users\Tomás\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E82A9EC5-62E2-427D-B087-9F82C36B12BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DB0069C2-B032-4EEF-8951-C7971935890A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FB111AAD-AD6C-4303-8F69-A37FB10418D6}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [Archivo no firmado]
FirewallRules: [{8EA4B692-3F18-4E83-949A-422639B8273D}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [Archivo no firmado]
FirewallRules: [{9AFB014B-6519-4D8F-A76B-8BBBECBADFD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{67937892-AAEF-4CD6-854A-F5B11779FC4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2B8BA33B-DB9F-4E25-8524-D6D207B0F125}] => (Allow) LPort=5556
FirewallRules: [{7F53F98E-D006-4CCF-AF17-5F64312EF79A}] => (Allow) LPort=5558
FirewallRules: [TCP Query User{E67228F2-EB09-4A8B-9A3E-A524291BEDD7}C:\users\tomás\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomás\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A0C60225-8BFF-4C8A-9C73-F8330F638FD7}C:\users\tomás\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomás\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{34125157-B5EF-4789-90BA-AD9E321DFE48}] => (Allow) LPort=10088
FirewallRules: [{40083F20-32AC-467A-9F87-AECA1BC09654}] => (Allow) LPort=22511
FirewallRules: [TCP Query User{BF386D9E-5557-47C2-A2A0-D7F5659E1A95}C:\users\tomás\appdata\local\pixate\app-2.0.1\pixate.exe] => (Allow) C:\users\tomás\appdata\local\pixate\app-2.0.1\pixate.exe (Pixate, Inc. -> Pixate, Inc.)
FirewallRules: [UDP Query User{C042CB32-D415-45A9-9FFC-B4EE5E739ACC}C:\users\tomás\appdata\local\pixate\app-2.0.1\pixate.exe] => (Allow) C:\users\tomás\appdata\local\pixate\app-2.0.1\pixate.exe (Pixate, Inc. -> Pixate, Inc.)
FirewallRules: [TCP Query User{EBB74943-5BA4-450A-A7C9-2BC4EF2527B4}C:\program files (x86)\prepros\prepros.exe] => (Allow) C:\program files (x86)\prepros\prepros.exe (GitHub, Inc.) [Archivo no firmado]
FirewallRules: [UDP Query User{510063A7-4181-4B2D-AFC0-3CB92EE7B84E}C:\program files (x86)\prepros\prepros.exe] => (Allow) C:\program files (x86)\prepros\prepros.exe (GitHub, Inc.) [Archivo no firmado]
FirewallRules: [{2DF982C7-ECC3-4871-8C5D-AA5691DA091E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F0422E59-14E3-4F21-889F-9D1CE125C94E}] => (Allow) LPort=2869
FirewallRules: [{CC1B9676-C5F3-4D9B-8E66-0E29D721E040}] => (Allow) LPort=1900
FirewallRules: [{8FBE5C42-721A-475C-AE95-22054714CAA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F9F2D707-0B05-442B-9E93-686EA4DC185F}C:\program files (x86)\prepros\prepros.exe] => (Allow) C:\program files (x86)\prepros\prepros.exe (GitHub, Inc.) [Archivo no firmado]
FirewallRules: [UDP Query User{901CCA47-49C7-4334-9054-6059E088F008}C:\program files (x86)\prepros\prepros.exe] => (Allow) C:\program files (x86)\prepros\prepros.exe (GitHub, Inc.) [Archivo no firmado]
FirewallRules: [TCP Query User{85A301DA-8A55-48D8-BFDF-097D1EB0CD8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{123809F0-0FCA-48BD-8505-E7ECB05AE436}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FC2DAC0A-E1B7-472F-9726-12A38A817F2D}] => (Allow) C:\Program Files (x86)\Opera\65.0.3467.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7E3CCFDB-5A77-4946-ADAB-AF5BBD9D655C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{33313BC3-FEB7-4910-BA64-3655EDF23593}] => (Allow) C:\Program Files (x86)\Opera\65.0.3467.78\opera.exe (Opera Software AS -> Opera Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Puntos de Restauración =========================

02-12-2019 22:08:25 Punto de control programado
22-12-2019 20:44:35 Punto de control programado
30-12-2019 01:42:02 Punto de control programado
04-01-2020 10:29:50 Removed Scout
05-01-2020 10:53:56 Removed SpyHunter
05-01-2020 14:17:24 JRT Pre-Junkware Removal

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: Dispositivo HID de Bluetooth
Description: Dispositivo HID de Bluetooth
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidBth
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (01/04/2020 10:22:01 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (01/04/2020 10:22:01 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (01/04/2020 12:18:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: avguard.exe, versión: 15.0.1910.1634, marca de tiempo: 0x5db9d321
Nombre del módulo con errores: avlode.dll, versión: 15.0.1912.1681, marca de tiempo: 0x5de78758
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00019fdd
Identificador del proceso con errores: 0x7bc
Hora de inicio de la aplicación con errores: 0x01d5c2827554716a
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Avira\Antivirus\avlode.dll
Identificador del informe: 5e853f82-2e7f-11ea-83ac-c038968dba86
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (01/02/2020 08:23:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Spotify.exe, versión 1.1.21.1654, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 2bb0

Hora de inicio: 01d5b85e44c4d753

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Users\Tomás\AppData\Roaming\Spotify\Spotify.exe

Identificador de informe: 531bae95-2d95-11ea-83a4-c038968dba86

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (01/02/2020 08:23:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa WINWORD.EXE, versión 12.0.6612.1000, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1eec

Hora de inicio: 01d5b10ace838877

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Identificador de informe: 4fd1c6c7-2d95-11ea-83a4-c038968dba86

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (01/02/2020 08:23:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa firefox.exe, versión 71.0.0.7275, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 4404

Hora de inicio: 01d5c1a1fd02a88f

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Identificador de informe: 4a6c7737-2d95-11ea-83a4-c038968dba86

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (01/02/2020 08:22:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa emule.exe, versión 0.50.0.4, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1740

Hora de inicio: 01d5b573b758e1a4

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Program Files (x86)\eMule\emule.exe

Identificador de informe: 330c6c88-2d95-11ea-83a4-c038968dba86

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (01/01/2020 02:27:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219


Errores del sistema:
=============
Error: (01/05/2020 10:56:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Wondershare Application Framework Service no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (01/05/2020 10:55:47 AM) (Source: DCOM) (EventID: 10010) (User: TOMAS)
Description: El servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/05/2020 10:55:47 AM) (Source: DCOM) (EventID: 10010) (User: TOMAS)
Description: El servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (01/04/2020 11:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Wondershare Application Framework Service no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (01/04/2020 11:38:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Superfetch se cerró con el siguiente error: 
No se ha iniciado el servicio.

Error: (01/04/2020 12:57:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Wondershare Application Framework Service no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (01/04/2020 12:36:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Wondershare Application Framework Service no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (01/04/2020 12:36:29 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Se activó el temporizador de vigilancia del sistema.


CodeIntegrity:
===================================

Date: 2019-07-16 21:24:36.101
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\webshieldfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-16 18:44:04.243
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\webshieldfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Información de la memoria =========================== 

BIOS: LENOVO 9ACN28WW 09/23/2014
Placa base: LENOVO Lancer 5A2
Procesador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Porcentaje de memoria en uso: 30%
RAM física total: 8084.27 MB
RAM física disponible: 5586.21 MB
Virtual total: 10516.27 MB
Virtual disponible: 7895.83 MB

==================== Unidades ================================

Drive c: (Windows8_OS) (Fixed) (Total:201.23 GB) (Free:83.46 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]
Drive d: (LENOVO) (Fixed) (Total:5.65 GB) (Free:3.34 GB) NTFS
Drive e: (Almacen) (Fixed) (Total:931.39 GB) (Free:332.4 GB) NTFS

\\?\Volume{2908d4cf-dcbe-4a27-9f48-f9e695345bf6}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{887960ce-0200-4d59-beeb-9bfefe92cb28}\ (PBR_DRV) (Fixed) (Total:14.82 GB) (Free:4.17 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 01F495D9)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Final de Addition.txt =======================

Bien… pues mientras termino de analizar tus informes, haces lo siguiente :

Descarga e instala este programa :arrow_right: Manual de Revo Uninstaller :+1:

Y úsalo para desinstalar todos los programas que encuentres que se llamen o tengan en su nombre, cualquiera de estas denominaciones :

Cuando Revo te pida, que selecciones el método de desinstalación, seleccionas “Avanzado”.

Si durante el proceso te solicita “Reiniciar” NO lo hagas, dile que NO y deja que Revo siga trabajando.

Cuando termines todos los procesos de desinstalación ya REINICIAS tú el ordenador.

Compruebas y nos comentas incidencias.

Saludos.

Al desinstalar he eliminado los archivos residuales que me pedía eliminar. Excepto en el caso de uno de los programas de Java 45 que me ha dado un poco de miedo porque tenía muchos archivos residuales. ¿Los elimino? Gracias

Hola.

Si, desinstala y elimina TODOS los restos que tengas de esa versión. :+1:

Si luego tu quieres tener JAVA instalado en tu equipo puedes descargarte la ultima versión desde la pagina web oficial :arrow_right: https://www.java.com/es/download/windows-64bit.jsp

Cuando hayas terminado esos pasos nos comentas. :thinking:

Saludos.

Ha ido bien. Al reiniciar ha tardado unos segundos más de lo normal en establecer todos los iconos del escritorio. No sé si esto puede tener importancia. Gracias y hasta pronto

Hola.

Cuando se hacen procesos de instalación y/o desinstalación de cualquier programa es MUY habitual que al realizar el reinicio de la maquina se demore mas tiempo de lo normal o que el escritorio(o sus iconos) tarden en aparecer. :roll_eyes:

E igualmente ocurre cuando realizamos algún proceso de análisis/desinfección del equipo que en el REINICIO nos proporcione algún informe y esto provoque un inicio del sistema mas lento de lo normal. :upside_down_face:



Perfecto… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Pokki"
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2020-01-05] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\system: [shell] explorer.exe <==== ATENCIÓN
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {081908b4-6e5f-11e7-8363-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f1ec-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f251-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {9d5608da-ad47-11e8-8380-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {dbe86d9e-bc2e-11e8-8382-c038968dba86} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2014-10-29] (Microsoft Windows -> Microsoft Corporation) <==== ATENCIÓN
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restricción ? <==== ATENCIÓN
Task: {278A4AAF-47AE-4625-A3FA-E9B52E96D602} - System32\Tasks\SweetLabs App Platform => C:\Users\Tomás\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ningún archivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ningún archivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2854930288-4104776995-3045863489-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tomás\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
CHR StartupUrls: Profile 2 -> "hxxp://www.google.es/","hxxps://www.google.com/","hxxp://search.softonic.com/MOY00013/tb_v1?SearchSource=48&cc=&mi=682cbc3700000000000006197d6f4514&toi=16038","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://homepage-web.com/?s=lenovo&m=start"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
2020-01-05 13:44 - 2020-01-05 13:44 - 001883976 _____ (Malwarebytes) C:\Users\Tomás\Desktop\MBSetup-009996.009996-consumer.exe
MBSetup-009996.009996-consumer.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX/Corregir y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Todo parece que ha ido bien. Aquí teneis el fixlog.txt de mi ordenador


Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 28-12-2019
Ejecutado por Tomás (13-01-2020 23:33:55) Run:1
Ejecutado desde C:\Users\Tomás\Desktop
Perfiles cargados: Tomás (Perfiles disponibles: Tomás)
Modo de Inicio: Safe Mode (with Networking)
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\StartupApproved\Run: => "Pokki"
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [] => [X]
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2020-01-05] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\system: [shell] explorer.exe <==== ATENCI�N
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {081908b4-6e5f-11e7-8363-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f1ec-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {8e85f251-9e4f-11e8-837f-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {9d5608da-ad47-11e8-8380-c038968dba86} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\MountPoints2: {dbe86d9e-bc2e-11e8-8382-c038968dba86} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2014-10-29] (Microsoft Windows -> Microsoft Corporation) <==== ATENCI�N
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restricci�n ? <==== ATENCI�N
Task: {278A4AAF-47AE-4625-A3FA-E9B52E96D602} - System32\Tasks\SweetLabs App Platform => C:\Users\Tom�s\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ning�n archivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Ning�n archivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2854930288-4104776995-3045863489-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tom�s\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
CHR StartupUrls: Profile 2 -> "hxxp://www.google.es/","hxxps://www.google.com/","hxxp://search.softonic.com/MOY00013/tb_v1?SearchSource=48&cc=&mi=682cbc3700000000000006197d6f4514&toi=16038","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://homepage-web.com/?s=lenovo&m=start"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
2020-01-05 13:44 - 2020-01-05 13:44 - 001883976 _____ (Malwarebytes) C:\Users\Tom�s\Desktop\MBSetup-009996.009996-consumer.exe
MBSetup-009996.009996-consumer.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Pokki" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Pokki" => no encontrado
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetIcon" => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{081908b4-6e5f-11e7-8363-c038968dba86} => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e85f1ec-9e4f-11e8-837f-c038968dba86} => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e85f251-9e4f-11e8-837f-c038968dba86} => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d5608da-ad47-11e8-8380-c038968dba86} => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe86d9e-bc2e-11e8-8382-c038968dba86} => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => eliminado correctamente
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => eliminado correctamente
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => eliminado correctamente
C:\WINDOWS\system32\GroupPolicy\Machine => movido correctamente
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido correctamente
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{278A4AAF-47AE-4625-A3FA-E9B52E96D602}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{278A4AAF-47AE-4625-A3FA-E9B52E96D602}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => eliminado correctamente
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => eliminado correctamente
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle America, Inc." => no encontrado
"C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll" => no encontrado
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle America, Inc." => no encontrado
"C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll" => no encontrado
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => eliminado correctamente
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => eliminado correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle America, Inc." => no encontrado
"C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll" => no encontrado
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle America, Inc." => no encontrado
"C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll" => no encontrado
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC" => no encontrado
C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll => movido correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => eliminado correctamente
"C:\Users\Tom�s\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll" => no encontrado
"Chrome StartupUrls" => eliminado correctamente
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => eliminado correctamente
HKLM\System\CurrentControlSet\Services\esgiguard => eliminado correctamente
esgiguard => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\MBAMProtector => eliminado correctamente
MBAMProtector => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\MBAMWebAccessControl => eliminado correctamente
MBAMWebAccessControl => servicio eliminado correctamente
"C:\Users\Tom�s\Desktop\MBSetup-009996.009996-consumer.exe" => no encontrado
MBSetup-009996.009996-consumer.exe => Error: Ninguna corrección automática encontrada para esta entrada.
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => eliminado correctamente
HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-2854930288-4104776995-3045863489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.

========= Final de CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13715794 B
Java, Flash, Steam htmlcache => 1373 B
Windows/system/drivers => 16800564 B
Edge => 0 B
Chrome => 184113 B
Firefox => 1115172689 B
Opera => 2667734 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 189840 B
systemprofile32 => 189968 B
LocalService => 17123564 B
NetworkService => 17123564 B
Tomás => 775047117 B

RecycleBin => 576852528 B
EmptyTemp: => 2.4 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 23:34:09 ====

Perfecto @TomBogart :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.

1 me gusta