Virus del "doble acento" o de la "doble tilde"

Josemnm · 14 Abril, 2021 06:53

Buenos días,

hace unos días me encontré con un error de doble tilde ´´ y secuestro de navegador. He probado numerosas herramientas para desinfectar el ordenador pero sin éxito.

Buscando soluciones os encontré y he seguido los pasos que indicáis. Os facilito los reportes obtenidos a ver si me pod´´eis ayudar a solucionarlo:

    ´´´´# -------------------------------
    # Malwarebytes AdwCleaner 8.2.0.0
    # -------------------------------
    # Build:    03-22-2021
    # Database: 2021-03-22.1 (Local)
    # Support:  https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start:    04-13-2021
    # Duration: 00:00:00
    # OS:       Windows 10 Home
    # Cleaned:  1
    # Failed:   0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted       http://start.qone8.com/?type=hp&ts=1383564000&from=vtt&uid=HitachiXHDS723020BLA642_MN1240FA02WPMD02WPMDX

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2293 octets] - [06/04/2021 22:40:41]
    AdwCleaner[S01].txt - [2457 octets] - [13/04/2021 20:34:17]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## ´´´´

´´´´ ~ ZHPCleaner v2021.4.3.289 by Nicolas Coolman (2021/04/03)
~ Run by Jose Manuel (Administrator)  (13/04/2021 20:53:02)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Reparar
~ Report : C:\Users\Joas\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Joas\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 19041)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (3)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (1)
BORRADOS clave^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier []  =>Riskware.FlashPlayer


---\\  Resumen de elementos en su estación de trabajo (1)
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/  =>Riskware.FlashPlayer


---\\ Limpieza adicional. (0)
~ Clave de registro Tracing borrados (0)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Mozilla Firefox OK
~ Internet Explorer OK
~ El sistema ha sido reiniciado.


---\\ STATISTIQUES
~ Items escaneado : 2179
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas





~ End of clean in 00h00mn18s

---\\  Reporte (4)
ZHPCleaner-[R]-08042021-11_24_26.txt
ZHPCleaner-[S]-08042021-11_21_58.txt
ZHPCleaner-[S]-13042021-20_46_40.txt
ZHPCleaner-[R]-13042021-20_53_20.txt ´´´´

Josemnm · 14 Abril, 2021 06:59

´´´´ Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 13/4/21
Hora del análisis: 21:02
Archivo de registro: be694394-9c8a-11eb-aa97-4c72b9812f73.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1249
Versión del paquete de actualización: 1.0.39375
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 19041.867)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-HKMUT84\Jose Manuel

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 325795
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 4 min, 0 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 2
Adware.Elex.ShrtCln, C:\USERS\JOAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sustituido, 297, 454727, , , , , , 
PUP.Optional.Spigot, C:\USERS\JOAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Sustituido, 151, 475078, , , , , , 

Archivo: 2
Adware.Elex.ShrtCln, C:\USERS\JOAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 297, 454727, 1.0.39375, , ame, , 0C5B583574F3269682BF6F001DCBF447, A657031E6DBD15DA9EE2F25FE58271016B8E2A508783B590D056C1E77D747C63
PUP.Optional.Spigot, C:\USERS\JOAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 151, 475078, 1.0.39375, , ame, , 0C5B583574F3269682BF6F001DCBF447, A657031E6DBD15DA9EE2F25FE58271016B8E2A508783B590D056C1E77D747C63

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

(end) ´´´´

Josemnm · 14 Abril, 2021 07:00

´´´´ Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 11-04-2021 Ejecutado por Jose Manuel (administrador) sobre DESKTOP-HKMUT84 (Hewlett-Packard h8-1402es) (13-04-2021 21:19:41) Ejecutado desde C:\Users\Joas\Desktop Perfiles cargados: Jose Manuel Platform: Windows 10 Home Versión 2004 19041.867 (X64) Idioma: Español (España, internacional) Navegador predeterminado: Chrome Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. → Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. → Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe (Apple Inc. → Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG → devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <5> (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe (NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Panda Security S.L. → Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe (Panda Security S.L. → Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security S.L. → Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security S.L. → Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIWEE.EXE (Solid Documents → Solid Documents Limited) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Wacom Technology Corp. → Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology Corp. → Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology Corp. → Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology Corp. → Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology Corp. → Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM…\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1923008 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) HKLM…\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2015-06-30] (Integrated Device Technology Inc. → Hewlett-Packard) HKLM…\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated → Adobe Systems Incorporated) HKLM…\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. → Adobe Systems, Incorporated) HKLM…\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [394864 2020-09-18] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) HKLM…\Run: [WindowsDefender] => “%ProgramFiles%\Windows Defender\MSASCuiL.exe” HKLM-x32…\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG → Nero AG) HKLM-x32…\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. → DivX, LLC) HKLM-x32…\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-03-02] (Adobe Inc. → Adobe Inc.) HKLM-x32…\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd → Wondershare) HKLM-x32…\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1319208 2019-05-31] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) HKLM-x32…\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation → Sony Corporation) HKLM-x32…\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Inc.) HKLM-x32…\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-03] (Adobe Inc. → ) HKLM-x32…\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [168456 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIWEE.EXE [418736 2019-08-22] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Run: [com.squirrel.Teams.Teams] => C:\Users\Joas\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-02] (Microsoft 3rd Party Application Component → Microsoft Corporation) HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. → Apple Inc.) HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd → Piriform Software Ltd) HKU\S-1-5-18…\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIWEE.EXE [418736 2019-08-22] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) HKLM…\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated → Adobe Systems Inc) HKLM…\Print\Monitors\EPSON XP-3100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBWEE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher → Seiko Epson Corporation) HKLM…\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard → HP Inc.) HKLM…\Print\Monitors\Solid PDF Port Monitor: C:\WINDOWS\system32\solidlocalmon.dll [30640 2016-09-07] (Solid Documents → ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-02] (Google LLC → Google LLC) Startup: C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-03] ShortcutTarget: MEGAsync.lnk → C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited → Mega Limited) GroupPolicyScripts: Restricción <==== ATENCIÓN HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {04AA7023-C516-463E-97DB-5BE9ADC79BA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {053149FA-3BC1-43FA-AB49-644F900FDB44} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498000 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {0AB36678-146C-41FC-86E6-3C738307266E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {1BF8E382-3EC6-49BE-805A-118510C81EB9} - no ruta de acceso de archivo Task: {2F999BBE-96AE-4A55-A8CB-3D750BAF3CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {30A998D1-3A07-407B-B661-69ADE1938CE9} - System32\Tasks\EPSON XP-3100 Series Update {2CE2E130-B45D-4CB7-AF1E-686518A92227} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) Task: {36253F74-D177-4C37-89AF-44138AF23382} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC → Google LLC) Task: {38F0F717-6FF7-47D5-993A-FFF4F7458FFA} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC → DivX, LLC) Task: {3AF37CE2-5910-4EB2-B05C-417D9E8D297B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) Task: {5388E85A-18EF-4730-B8B6-056F18772A19} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. → Adobe Systems, Incorporated) Task: {633CBED6-9AF9-407E-A046-6CF664DCE30A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) Task: {6B7EE6E2-E6DC-4182-895E-57039EC1143D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {7774F41A-7D2C-43F8-A472-5812EB7430C3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {7A79502E-44B1-4000-97C7-391F8B15CBB1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {7EB06CD9-5DA4-489A-BB7E-AB0233323378} - no ruta de acceso de archivo Task: {86FB263C-149C-4526-BFD6-D77B66D7A4BE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {8A924D0E-9616-4162-96FA-A22F152D593B} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-15] (Mozilla Corporation → Mozilla Foundation) Task: {8BAF875C-C49D-43DB-97E1-E01F412B4087} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {95A0A946-D844-4CA1-8499-45614C65678F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {990A7BBE-FE53-4327-8767-623C2DC7DB6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. → Adobe Inc.) Task: {9E3783D1-0B6C-4184-9180-CF517C3A9ABD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {A53A9332-6F09-4BBA-9ED1-82B4AB017D96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. → Apple Inc.) Task: {A554A74A-344D-4A6A-85BB-8C8D28494623} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) Task: {B04FA225-3FEF-439C-ADFD-D681D0758F7D} - \Microsoft\Windows\UNP\RunCampaignManager → Ningún archivo <==== ATENCIÓN Task: {B1D52E3C-5893-4482-86FF-DAC68234E209} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4061296 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {B2D87801-9A4E-4AF9-A3D3-2E24B6CC88F4} - System32\Tasks\RemoteDesktop\Jose Manuel\Remote Desktop Feed Refresh Task => C:\Program Files\Remote Desktop\msrdcw.exe [9302400 2020-09-22] (Microsoft Corporation → Microsoft) Task: {B36EF5F8-2421-4F2E-B0F2-EB5B7595C0F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd → Piriform Software Ltd) Task: {B5DF47C4-DE82-443E-8897-C5E1FAC0A83D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-10-03] (Adobe Inc. → Adobe) Task: {B8AED129-8333-462A-84CF-6E55078596B6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {C71C2D85-88E3-48D0-833F-DAE0406CFF84} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd → Piriform) Task: {CD999A02-40C0-41CF-B59A-EFAF054613E5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-11] (Microsoft Corporation → Microsoft Corporation) Task: {D600B576-5A44-4A28-9152-3CE31E71EFCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) Task: {DC5B49E0-D343-4800-BCFA-0B457C124C94} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Microsoft.Windows.Dt.PolicyEngineApi.Interop.ni → Ningún archivo <==== ATENCIÓN Task: {DD3F9A08-702D-4109-AD4A-58737F4B18DB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-08-18] (NVIDIA Corporation → NVIDIA Corporation) Task: {E798D19E-4EB5-45DB-9F2C-81FAF7981E87} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3306602120-4223622763-3950894931-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1303800 2021-03-14] (Mega Limited → Mega Limited) Task: {EC7C891C-405E-40F9-AD39-AFFA9B14FA1E} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-HKMUT84-Jose Manuel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated → Adobe Systems Incorporated) Task: {F453D6B7-ACF1-45C2-8D9D-149CD45C8153} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC → Google LLC) Task: {F89E5ABA-86EF-414E-8CEC-76C7FF4AEDB5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-11] (Microsoft Corporation → Microsoft Corporation)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\EPSON XP-3100 Series Update {2CE2E130-B45D-4CB7-AF1E-686518A92227}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE:/EXE:{2CE2E130-B45D-4CB7-AF1E-686518A92227} /F:UpdateWORKGROUP\DESKTOP-HKMUT84$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON XP-3100 Series Update {D6C96086-DC17-4FFF-BE3D-4FDEDF708317}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE:/EXE:{D6C96086-DC17-4FFF-BE3D-4FDEDF708317} /F:UpdateWORKGROUP\DESKTOP-HKMUT84$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip…\Interfaces{00aefcd8-136f-4248-a0c3-c5fcb9611de1}: [DhcpNameServer] 172.20.10.1 Tcpip…\Interfaces{35637c30-8ce4-4fc5-9e6e-21c3b10fd270}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip…\Interfaces{ccb68753-4c27-4f1c-a76a-700af24336fa}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Edge:

DownloadDir: C:\Users\Joas\Downloads Edge HomeButtonPage: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 → hxxp://www.google.es/ Edge Session Restore: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 → está habilitado. Edge Notifications: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 → hxxps://www.leroymerlin.es Edge DefaultProfile: Default Edge Profile: C:\Users\Joas\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-13] Edge HomePage: Default → hxxp://www.google.es/ Edge Session Restore: Default → está habilitado. Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-07] Edge HKLM-x32…\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:

FF DefaultProfile: cwwlruml.default-1503396565461 FF ProfilePath: C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 [2021-04-13] FF Homepage: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 → www.google.es FF Session Restore: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 → está habilitado. FF Notifications: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 → hxxps://www.casadellibro.com; hxxps://www.loteriasyapuestas.es FF Extension: (Favoritos de iCloud) - C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461\Extensions\[email protected] [2019-01-31] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461\Extensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-15] FF HKLM…\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01] FF HKLM-x32…\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-10-03] (Adobe Inc. → ) FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation → Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado] FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated → Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-10-03] (Adobe Inc. → ) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 → C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC → DivX, LLC) FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-10] (Microsoft Corporation → Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation → Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [Archivo no firmado] FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [Archivo no firmado] FF Plugin-x32: @sony.com/ReaderDesktop → C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation → Sony Corporation) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 → C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado] FF Plugin-x32: Adobe Acrobat → C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Inc.) FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. → Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated → Adobe Systems) FF Plugin HKU\S-1-5-21-3306602120-4223622763-3950894931-1001: wacom.com/WacomTabletPlugin → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado]

Chrome:

CHR Profile: C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default [2021-04-13] CHR StartupUrls: Default → “hxxps://www.google.com/”,“hxxps://www.google.com/”,“hxxp://www.google.com”,“hxxps://www.google.com/” CHR Session Restore: Default → está habilitado. CHR Extension: (Presentaciones) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25] CHR Extension: (Documentos) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-25] CHR Extension: (Google Drive) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-25] CHR Extension: (YouTube) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-16] CHR Extension: (Adobe Acrobat) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-16] CHR Extension: (Hojas de cálculo) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-16] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-31] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25] CHR Extension: (Gmail) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25] CHR Extension: (Chrome Media Router) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-25] CHR Extension: (wUpdateMovie) - C:\ProgramData\Cgnzo\Wqnkvtc [2021-03-14] CHR HKLM-x32…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01] CHR HKLM-x32…\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. → Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-03-02] (Adobe Inc. → Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. → Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. → Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-11] (Microsoft Corporation → Microsoft Corporation) R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [16496 2020-09-18] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6274224 2020-04-09] (devolo AG → devolo AG) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd → Disc Soft Ltd) S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd → Disc Soft Ltd) R2 EDUSBAgent; C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe [17328 2020-08-17] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-07-04] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-01-28] (Macrovision Europe Ltd.) [Archivo no firmado] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-26] (Malwarebytes Inc → Malwarebytes) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION → Seiko Epson Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [98896 2020-12-01] (Panda Security S.L. → Panda Security, S.L.) S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-31] (Microsoft Windows → Microsoft Corporation) S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-31] (Microsoft Windows → Microsoft Corporation) S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc → ) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. → Panda Security, S.L.) R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [189288 2020-07-09] (Panda Security S.L. → Panda Security S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [59440 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Archivo no firmado] R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [262576 2016-09-07] (Solid Documents → Solid Documents Limited) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH → TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-09-03] (Microsoft Windows Publisher → Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [107624 2018-12-06] (Wondershare Technology Co.,Ltd → Wondershare) R2 NvTelemetryContainer; “C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe” -s NvTelemetryContainer -f “C:\ProgramData\NVIDIA\NvTelemetryContainer.log” -l 3 -d “C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin”

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc → The OpenVPN Project) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado] R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-28] (Disc Soft Ltd → Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-28] (Disc Soft Ltd → Disc Soft Ltd) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-04-13] (Malwarebytes Inc → Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-26] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-10] (Malwarebytes Inc → Malwarebytes) R1 NNSDNS; C:\WINDOWS\system32\DRIVERS\NNSDNS.sys [141088 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [212768 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [125728 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [132384 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [111296 2020-11-23] (Panda Security S.L. → Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [152864 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [102688 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135456 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [347424 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [353592 2020-12-10] (Panda Security S.L. → Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123168 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [327968 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2020-04-09] (devolo AG → Riverbed Technology, Inc.) R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [195872 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) S0 psinelam; C:\WINDOWS\System32\DRIVERS\psinelam.sys [21432 2020-07-10] (Microsoft Windows Early Launch Anti-malware Publisher → Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [171296 2020-12-27] (Panda Security S.L. → Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [216864 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [148768 2020-12-27] (Panda Security S.L. → Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [160544 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [130336 2020-12-02] (Panda Security S.L. → Panda Security, S.L.) U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72984 2019-02-20] (Panda Security S.L. → Panda Security, S.L.) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [561672 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher → Tempo Semiconductor Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2020-09-03] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428256 2020-09-03] (Microsoft Windows → Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-09-03] (Microsoft Windows → Microsoft Corporation) R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [254464 2018-09-14] (Microsoft Windows Hardware Compatibility Publisher → Jungo) S3 esgiguard; ??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-04-13 21:19 - 2021-04-13 21:20 - 000037864 _____ C:\Users\Joas\Desktop\FRST.txt 2021-04-13 21:19 - 2021-04-13 21:19 - 000000000 ____D C:\Users\Joas\Desktop\FRST-OlderVersion 2021-04-13 21:19 - 2021-04-13 21:19 - 000000000 ____D C:\FRST 2021-04-13 21:15 - 2021-04-13 21:15 - 000002235 _____ C:\Users\Joas\Desktop\malware.txt 2021-04-13 21:12 - 2021-04-13 21:12 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-04-13 21:01 - 2021-04-13 21:01 - 000002518 _____ C:\Users\Joas\Desktop\ZHPCleaner.txt 2021-04-13 20:53 - 2021-04-13 20:53 - 000008696 _____ C:\Users\Joas\Desktop\ZHPCleaner (R).html 2021-04-13 20:46 - 2021-04-13 20:46 - 000008358 _____ C:\Users\Joas\Desktop\ZHPCleaner (S).html 2021-04-13 20:35 - 2021-04-13 20:35 - 000001740 _____ C:\Users\Joas\Desktop\AdwCleaner[C01].txt 2021-04-13 20:19 - 2021-04-13 20:19 - 000348930 _____ C:\Users\Joas\Downloads\Infecci´´on persistente con el Virus del doble acento o de la doble tilde - Eliminar Malwares - ForoSpyware.pdf 2021-04-13 20:10 - 2021-04-13 20:10 - 000394023 _____ C:\Users\Joas\Downloads\Abril…pdf 2021-04-12 21:52 - 2021-04-12 21:52 - 001251341 _____ C:\Users\Joas\Downloads\AUDIO-2021-04-12-21-48-47.m4a 2021-04-12 20:49 - 2021-04-12 20:55 - 021966965 _____ C:\Users\Joas\Downloads\Anuncio Nocilla Básquet, ‘El último partido’.mp4 2021-04-12 20:46 - 2021-04-12 20:46 - 003326104 _____ (Nicolas Coolman) C:\Users\Joas\Downloads\ZHPCleaner (1).exe 2021-04-12 20:45 - 2021-04-12 20:56 - 000000000 ____D C:\Users\Joas\AppData\Roaming\FlashIntegro 2021-04-12 20:45 - 2021-04-12 20:45 - 008534696 _____ (Malwarebytes) C:\Users\Joas\Desktop\adwcleaner_8.2 (1).exe 2021-04-12 20:45 - 2021-04-12 20:45 - 000001052 _____ C:\Users\Joas\Desktop\VSDC Free Video Editor.lnk 2021-04-12 20:45 - 2021-04-12 20:45 - 000000000 ____D C:\Users\Joas\Documents\FlashIntegro 2021-04-12 20:45 - 2021-04-12 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2021-04-12 20:44 - 2021-04-12 20:45 - 000000000 ____D C:\Program Files\FlashIntegro 2021-04-12 20:44 - 2021-04-12 20:44 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro 2021-04-12 20:44 - 2011-12-07 18:32 - 000216064 _____ ( ) C:\WINDOWS\system32\Lagarith.dll 2021-04-12 20:44 - 2005-08-01 18:43 - 000245760 _____ () C:\WINDOWS\system32\lame.ax 2021-04-12 20:44 - 2004-12-10 09:03 - 000438272 _____ (On2.com) C:\WINDOWS\system32\vp6vfw.dll 2021-04-12 20:44 - 2004-09-06 15:06 - 000053248 _____ C:\WINDOWS\system32\xvid.ax 2021-04-12 20:44 - 2004-07-03 20:08 - 000139264 _____ C:\WINDOWS\system32\xvidvfw.dll 2021-04-12 20:44 - 2004-07-03 19:59 - 000524288 _____ C:\WINDOWS\system32\xvidcore.dll 2021-04-12 20:44 - 2004-02-04 20:11 - 000081920 _____ (fccHandler) C:\WINDOWS\system32\AC3ACM.acm 2021-04-12 20:44 - 2003-05-22 11:26 - 000638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\system32\divx.dll 2021-04-12 20:44 - 2003-05-22 11:26 - 000221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\system32\divxdec.ax 2021-04-12 20:44 - 2003-05-21 22:50 - 000261632 _____ (MainConcept) C:\WINDOWS\system32\mcdvd_32.dll 2021-04-12 20:44 - 2003-05-21 22:50 - 000156910 _____ C:\WINDOWS\WMSysPr8.prx 2021-04-12 20:44 - 2003-05-21 22:50 - 000082944 _____ (Voxware, Inc.) C:\WINDOWS\system32\vct3216.acm 2021-04-12 20:44 - 2003-05-21 22:50 - 000038912 _____ (NCT Company) C:\WINDOWS\system32\alf2cd.acm 2021-04-12 20:44 - 2003-05-21 22:50 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll 2021-04-12 20:44 - 2003-03-25 04:49 - 000098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\L3CODECX.AX 2021-04-12 20:44 - 2002-08-19 23:41 - 000413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg4c32.dll 2021-04-12 20:44 - 2000-03-14 19:55 - 000013239 _____ (SHARP Corporation) C:\WINDOWS\system32\Scg726.acm 2021-04-12 20:35 - 2021-04-12 20:43 - 093870944 _____ (Flash-Integro LLC ) C:\Users\Joas\Downloads\video_editor_x64.exe 2021-04-12 20:29 - 2021-04-12 20:29 - 000202866 _____ C:\Users\Joas\Downloads\MARCOS NAVARRO VILLANUEVA PROYECTO REPASO EXAMEN.pdf 2021-04-08 15:25 - 2021-04-08 15:25 - 000006599 _____ C:\Users\Joas\Desktop\etiquetas.xlsx 2021-04-08 13:01 - 2021-04-08 13:01 - 000000000 ____D C:\Users\Joas\Desktop\KET MARCOS 2021-04-08 11:24 - 2021-04-13 20:53 - 000002518 _____ C:\Users\Joas\Desktop\ZHPCleaner (R).txt 2021-04-08 11:21 - 2021-04-13 20:46 - 000002310 _____ C:\Users\Joas\Desktop\ZHPCleaner (S).txt 2021-04-08 11:12 - 2021-04-13 20:53 - 000000000 ____D C:\Users\Joas\AppData\Roaming\ZHP 2021-04-08 11:12 - 2021-04-13 20:35 - 000000919 _____ C:\Users\Joas\Desktop\ZHPCleaner.lnk 2021-04-08 11:12 - 2021-04-08 11:12 - 003325592 _____ (Nicolas Coolman) C:\Users\Joas\Desktop\ZHPCleaner.exe 2021-04-08 11:12 - 2021-04-08 11:12 - 000000000 ____D C:\Users\Joas\AppData\Local\ZHP 2021-04-08 11:06 - 2021-04-08 11:06 - 000000253 _____ C:\DelFix.txt 2021-04-08 11:06 - 2021-04-08 11:06 - 000000000 ____D C:\WINDOWS\ERUNT 2021-04-07 22:32 - 2021-04-07 22:32 - 000025870 _____ C:\Users\Joas\Desktop\eset online escaner.txt 2021-04-07 19:56 - 2021-04-13 21:19 - 002297856 _____ (Farbar) C:\Users\Joas\Desktop\FRST64.exe 2021-04-07 18:58 - 2021-04-07 18:58 - 000029677 _____ C:\Users\Joas\Downloads\1617790910movimiento.pdf 2021-04-07 18:40 - 2021-04-07 18:40 - 000000000 ____D C:\Users\Joas\Desktop\DOCU 2021-04-07 18:22 - 2021-04-07 18:22 - 000005107 _____ C:\Users\Joas\Desktop\fixlist.txt 2021-04-07 18:21 - 2021-04-07 18:21 - 000167034 _____ C:\Users\Joas\Downloads\fileassassin-setup-1.06.exe 2021-04-07 18:20 - 2021-04-07 18:21 - 000797760 _____ C:\Users\Joas\Downloads\delfix_1.013.exe 2021-04-07 15:07 - 2021-04-07 15:07 - 000000822 _____ C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-04-07 15:07 - 2021-04-07 15:07 - 000000694 _____ C:\Users\Joas\Desktop\ESET Online Scanner.lnk 2021-04-07 15:07 - 2021-04-07 15:07 - 000000000 ____D C:\Users\Joas\AppData\Local\ESET 2021-04-07 15:00 - 2021-04-07 15:00 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Joas\Downloads\esetonlinescanner.exe 2021-04-06 23:03 - 2021-04-06 23:03 - 000000930 _____ C:\Users\Joas\Desktop\JRT.txt 2021-04-06 22:58 - 2021-04-06 22:58 - 001790024 _____ (Malwarebytes) C:\Users\Joas\Downloads\JRT.exe 2021-04-06 22:40 - 2021-04-13 20:34 - 000000000 ____D C:\AdwCleaner 2021-04-06 21:11 - 2021-04-06 21:11 - 008534696 _____ (Malwarebytes) C:\Users\Joas\Downloads\adwcleaner_8.2.exe 2021-04-06 13:34 - 2021-04-06 13:34 - 000000000 ____D C:\Users\Joas\Desktop\COPIA SEGURIDAD CCLEANER REGISTRO 2021-04-06 13:31 - 2021-04-06 13:31 - 000000000 ____D C:\Program Files (x86)\WinRAR 2021-04-06 13:26 - 2021-04-13 21:15 - 000000000 ____D C:\Program Files\CCleaner 2021-04-06 13:26 - 2021-04-06 13:26 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-04-06 13:26 - 2021-04-06 13:26 - 000002900 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-04-06 13:26 - 2021-04-06 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-04-06 10:21 - 2021-04-06 13:25 - 031041664 _____ (Piriform Software Ltd) C:\Users\Joas\Downloads\cctrialsetup.exe 2021-04-04 21:29 - 2021-04-05 12:16 - 000000000 ____D C:\Users\Joas\AppData\LocalLow\uTorrent 2021-04-04 17:37 - 2021-04-05 02:49 - 3126248414 _____ C:\Users\Joas\Downloads\Pinocho (2020).mkv 2021-04-03 16:18 - 2021-04-03 16:18 - 000000000 ____D C:\Users\Joas\AppData\Local\Apowersoft 2021-04-03 16:18 - 2021-04-03 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2021-04-03 16:16 - 2021-04-03 16:17 - 010998904 _____ (APOWERSOFT LIMITED ) C:\Users\Joas\Downloads\photo-viewer.exe 2021-04-03 12:00 - 2021-04-03 12:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-04-03 11:51 - 2021-04-03 11:51 - 000000000 ____D C:\Users\Joas\Downloads\E-BOOKS 2021-04-03 11:43 - 2021-04-03 11:43 - 000405934 _____ C:\Users\Joas\Downloads\El principito - Antoine de Saint-Exupery.epub 2021-03-27 13:14 - 2021-03-27 13:14 - 000425747 _____ C:\Users\Joas\Downloads\DTKill.zip 2021-03-27 13:07 - 2021-03-27 13:08 - 000000000 ____D C:\Users\Joas\AppData\Roaming\HSOxjhuuFZ 2021-03-26 21:41 - 2021-03-26 21:41 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-26 21:40 - 2021-03-26 21:40 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-26 21:32 - 2021-03-26 21:40 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-03-26 21:30 - 2021-04-10 00:44 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-25 21:50 - 2021-03-25 21:50 - 000673931 _____ C:\Users\Joas\Downloads\9ee7854df6946440edb6512176e2a884.psd 2021-03-25 20:04 - 2021-03-25 20:04 - 000398567 _____ C:\Users\Joas\Downloads\poster.pdf 2021-03-24 22:56 - 2021-03-24 23:11 - 000008922 _____ C:\Users\Joas\Desktop\INTRIMUTO.xlsx 2021-03-24 22:35 - 2021-03-24 22:35 - 000123079 _____ C:\Users\Joas\Downloads\Pinocho-2020.mkv.torrent 2021-03-24 21:54 - 2020-12-02 12:21 - 000195872 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys 2021-03-24 21:54 - 2020-12-02 12:21 - 000160544 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINProt.sys 2021-03-24 21:54 - 2020-12-02 12:21 - 000130336 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys 2021-03-24 21:54 - 2020-12-02 12:20 - 000141088 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsdns.sys 2021-03-24 21:54 - 2020-12-02 12:20 - 000135456 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspop3.sys 2021-03-24 21:54 - 2020-12-02 12:20 - 000123168 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnssmtp.sys 2021-03-24 21:53 - 2021-03-25 22:36 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk 2021-03-24 21:53 - 2021-03-25 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome 2021-03-24 21:53 - 2020-12-10 14:18 - 000353592 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsprv.sys 2021-03-24 21:53 - 2020-12-02 12:21 - 000216864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINKNC.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000347424 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsprot.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000327968 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsstrm.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000212768 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnshttp.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000152864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspicc.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000132384 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsids.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000125728 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnshttps.sys 2021-03-24 21:53 - 2020-12-02 12:20 - 000102688 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspihsw.sys 2021-03-24 21:53 - 2020-07-10 11:48 - 000021432 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\psinelam.sys 2021-03-20 16:58 - 2021-03-21 01:54 - 000000000 ____D C:\Users\Joas\Downloads\JOVENES Y BRUJAS 2021-03-20 16:55 - 2021-03-20 21:59 - 3269834092 _____ C:\Users\Joas\Downloads\Greenland El Ultimo Refugio (2020).mkv 2021-03-20 14:05 - 2021-03-20 17:03 - 000000000 ____D C:\Users\Joas\Downloads\WONDER WOMAN 1984 2021-03-16 15:01 - 2020-04-13 15:02 - 000000039 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old 2021-03-16 14:47 - 2021-03-16 14:47 - 000000000 ____D C:@RestoreQuarantine 2021-03-16 14:41 - 2021-03-16 14:41 - 000000002 RSHOT C:\WINDOWS\winstart.bat 2021-03-16 14:41 - 2021-03-16 14:41 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT 2021-03-16 14:41 - 2021-03-16 14:41 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT 2021-03-16 14:41 - 2021-03-16 14:41 - 000000000 ___HD C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items 2021-03-16 14:41 - 2021-03-16 14:41 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items 2021-03-16 14:41 - 2021-03-16 14:41 - 000000000 ____D C:\Program Files (x86)\Greatis 2021-03-16 14:40 - 2021-03-16 14:40 - 000000000 ____D C:\Users\Joas\Downloads\regrunplat 2021-03-16 14:35 - 2021-03-16 14:38 - 054169461 _____ C:\Users\Joas\Downloads\regrunplat.zip 2021-03-16 13:59 - 2021-04-02 10:35 - 000000000 ____D C:\Users\Joas\Documents\RegRun2 2021-03-16 13:59 - 2021-04-02 10:35 - 000000000 ____D C:\Program Files (x86)\UnHackMe 2021-03-16 13:58 - 2021-03-16 13:58 - 000000000 ____D C:\Users\Joas\Downloads\unhackme 2021-03-16 13:55 - 2021-03-16 13:57 - 043659569 _____ C:\Users\Joas\Downloads\unhackme.zip 2021-03-16 13:50 - 2021-03-16 13:50 - 000000000 ____D C:\Users\Joas\Downloads\Malwarebytes.Anti-Malware.Premium.v2.1.8.1057 2021-03-15 00:43 - 2021-04-08 11:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-03-15 00:05 - 2021-03-15 00:05 - 000000000 ____D C:\Users\Joas\AppData\Local\mbamtray 2021-03-15 00:05 - 2021-03-15 00:05 - 000000000 ____D C:\Users\Joas\AppData\Local\mbam 2021-03-15 00:04 - 2021-03-15 00:04 - 000000000 ____D C:\ProgramData\MB2Migration 2021-03-15 00:04 - 2021-03-15 00:04 - 000000000 ____D C:\Program Files\Malwarebytes 2021-03-14 23:48 - 2021-03-26 21:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2021-03-14 19:16 - 2021-03-14 21:33 - 000001152 _____ C:\WINDOWS\GA_NT.dat 2021-03-14 19:16 - 2021-03-14 21:33 - 000000000 ___HD C:\Aomei 2021-03-14 19:13 - 2021-03-14 21:33 - 000028672 _____ C:\WINDOWS\AMCPY2M 2021-03-14 19:06 - 2021-03-16 14:22 - 000000000 ____D C:\Program Files (x86)\Runtime Software 2021-03-14 11:12 - 2017-02-28 15:20 - 000038320 _____ C:\WINDOWS\SysWOW64\ampa.sys 2021-03-14 10:49 - 2021-03-14 10:49 - 000000000 ____D C:\Users\Joas\AppData\Local\AdvertisingPopup 2021-03-14 10:49 - 2021-03-14 10:49 - 000000000 ____D C:\Users\Joas.QtWebEngineProcess 2021-03-14 10:49 - 2021-03-14 10:49 - 000000000 ____D C:\Users\Joas.AdvertisingPopup 2021-03-14 06:28 - 2021-04-13 08:35 - 000000000 ___HD C:\ProgramData\Cgnzo 2021-03-14 04:56 - 2021-03-14 10:58 - 000000048 _____ C:\WINDOWS\SysWOW64\EUTB.TODJ 2021-03-14 04:56 - 2021-03-14 04:56 - 000000000 ____D C:\ProgramData\SystemAcCrux 2021-03-14 04:56 - 2021-03-14 04:56 - 000000000 ____D C:\ProgramData\EaseUS 2021-03-14 04:56 - 2021-01-12 11:16 - 000341760 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys 2021-03-14 04:56 - 2021-01-12 11:16 - 000074296 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys 2021-03-14 04:56 - 2021-01-12 11:16 - 000053304 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys 2021-03-14 04:56 - 2021-01-12 11:16 - 000022784 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys 2021-03-14 04:55 - 2021-03-14 11:03 - 000000000 ____D C:\Program Files (x86)\EaseUS 2021-03-14 04:08 - 2021-03-26 21:56 - 000000000 ____D C:\Users\Joas\AppData\Roaming\ktLowyrXQTFV 2021-03-14 04:00 - 2021-03-14 04:00 - 000000000 ____D C:\MCsBackup

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-04-13 21:18 - 2020-11-01 00:41 - 001772862 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-13 21:18 - 2019-12-07 16:55 - 000788380 _____ C:\WINDOWS\system32\perfh00A.dat 2021-04-13 21:18 - 2019-12-07 16:55 - 000155768 _____ C:\WINDOWS\system32\perfc00A.dat 2021-04-13 21:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-04-13 21:14 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-04-13 21:14 - 2017-07-20 23:52 - 000000000 ____D C:\ProgramData\NVIDIA 2021-04-13 21:12 - 2020-11-01 00:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-04-13 21:12 - 2020-11-01 00:22 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-13 21:12 - 2017-03-18 10:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-04-13 21:09 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-04-13 20:54 - 2020-03-17 18:40 - 000000000 ____D C:\Users\Joas\AppData\Local\rdclientwpf 2021-04-13 20:34 - 2017-02-03 12:59 - 000000000 ____D C:\Users\Joas\AppData\Local\CrashDumps 2021-04-13 20:32 - 2017-03-18 10:34 - 000000000 ____D C:\Users\Joas\AppData\Roaming\TeamViewer 2021-04-13 20:14 - 2017-01-27 22:16 - 000000000 ____D C:\Users\Joas\AppData\Local\ElevatedDiagnostics 2021-04-13 20:08 - 2020-11-01 00:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-04-13 19:41 - 2020-04-02 11:28 - 000175901 _____ C:\Users\Joas\Desktop\PREVISION GASTOS 2017.xlsx 2021-04-13 19:41 - 2019-01-31 21:45 - 000000000 ____D C:\Users\Joas\Documents\Archivos de Outlook 2021-04-13 11:46 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-04-13 11:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-04-12 20:44 - 2017-01-28 13:29 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-12 19:40 - 2017-01-28 19:48 - 000000000 ____D C:\Program Files\Microsoft Office 2021-04-10 13:09 - 2020-08-25 00:30 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-08 11:31 - 2020-11-01 00:22 - 005452040 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-08 11:31 - 2017-01-27 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-04-08 11:28 - 2017-01-12 03:21 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Adobe 2021-04-07 18:58 - 2017-12-20 15:48 - 000000000 ____D C:\Users\Joas\AppData\Local\Packages 2021-04-06 13:31 - 2020-12-17 20:47 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2021-04-06 13:31 - 2020-12-17 20:46 - 000000000 ____D C:\Program Files (x86)\Audacity 2021-04-06 13:31 - 2017-01-27 22:35 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-06 13:31 - 2017-01-27 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-06 13:29 - 2017-01-28 17:44 - 000000000 ____D C:\Users\Joas\AppData\Roaming\DAEMON Tools Lite 2021-04-06 13:29 - 2017-01-27 22:16 - 000000000 ____D C:\Users\Joas\AppData\Roaming\uTorrent 2021-04-05 11:32 - 2019-03-29 00:11 - 000000000 ____D C:\Users\Joas\AppData\Local\BitTorrentHelper 2021-04-04 17:37 - 2019-02-09 17:36 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-04 17:37 - 2017-01-27 22:09 - 000000000 ____D C:\Users\Joas\AppData\LocalLow\Mozilla 2021-04-03 16:18 - 2020-09-20 14:44 - 000000000 ____D C:\Program Files (x86)\Apowersoft 2021-04-03 16:18 - 2020-03-07 21:40 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Apowersoft 2021-04-03 12:00 - 2017-01-27 22:08 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-04-02 19:50 - 2020-08-24 11:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-02 04:22 - 2020-04-29 12:02 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-31 21:50 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-29 20:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-27 12:55 - 2021-02-22 21:41 - 000010641 _____ C:\Users\Joas\Desktop\plantilla comidas.xlsx 2021-03-26 21:40 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-25 22:48 - 2021-03-06 22:31 - 000000827 _____ C:\Users\Joas\Desktop\ARCHIVOS ESCRITORIO - Acceso directo.lnk 2021-03-23 01:42 - 2020-08-24 11:36 - 000470864 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2021-03-23 01:41 - 2020-08-24 11:36 - 000734008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2021-03-17 02:51 - 2018-07-01 23:08 - 000000000 ____D C:\Users\Joas\AppData\Local\D3DSCache 2021-03-16 14:46 - 2021-03-07 15:43 - 000000000 ____D C:\Users\Joas\Desktop\Acessos directos 2021-03-16 14:26 - 2017-07-03 20:14 - 000000000 ____D C:\Program Files (x86)\Samsung 2021-03-16 14:26 - 2017-01-28 17:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-16 14:25 - 2020-04-15 11:23 - 000000000 ____D C:\xampp 2021-03-16 14:23 - 2017-08-22 20:43 - 000000000 ____D C:\WINDOWS\4941BFEB62C047A2801E998FC469CC2C.TMP 2021-03-16 14:17 - 2020-07-02 11:27 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2021-03-16 14:17 - 2020-07-02 11:27 - 000002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2021-03-16 14:17 - 2020-07-02 11:27 - 000002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2021-03-15 00:04 - 2017-08-22 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-03-14 19:01 - 2020-04-29 11:58 - 000000000 ____D C:\Users\Joas\AppData\Local\Google 2021-03-14 11:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration 2021-03-14 10:49 - 2020-11-01 00:28 - 000000000 ____D C:\Users\Joas 2021-03-14 04:46 - 2019-10-09 20:16 - 000000000 ____D C:\Users\Joas\Documents\MEGAsync Downloads 2021-03-14 04:14 - 2019-06-02 23:20 - 000000000 ____D C:\ProgramData\MEGAsync

==================== Archivos en la raíz de algunos directorios ========

2018-02-25 20:18 - 2020-07-05 14:54 - 000000034 _____ () C:\Users\Joas\AppData\Roaming\AdobeWLCMCache.dat 2017-09-10 23:09 - 2017-09-12 20:01 - 000008192 _____ () C:\Users\Joas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-01-13 19:46 - 2017-01-13 19:46 - 000000001 _____ () C:\Users\Joas\AppData\Local\llftool.4.25.agreement 2018-09-28 15:05 - 2018-09-28 15:05 - 000000000 _____ () C:\Users\Joas\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ======================== ´´´´

Marr0n · 15 Abril, 2021 14:59

Hola, buenas @Josemnm

He reportado los mensajes tuyos de este tema, ya que todas tus respuestas deberían de separarse y crear un nuevo tema. Ya que el problema que tienes debe de ser atendido de forma particular y concreta en un tema separado y solo para ti y tu problema.

Salu2.

Marr0n · 15 Abril, 2021 18:43

Bunas nuevamente @Josemnm

¿Aparte de los síntomas comentados tienes/sucede alguna otra cosa más fuera de lo normal en tu máquina?

Salu2.

Josemnm · 16 Abril, 2021 19:39

Buenas tardes,

No, en principio no he encontrado nada m´´as.

Saludos,

Marr0n · 16 Abril, 2021 22:33

OK bien @Josemnm

EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas y discos duros externos si también tienes.

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.

Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.

1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.

Realizas un Análisis Personalizado, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:

1. Analizar objetos en memoria

2. Analizar configuracion de inicio y registro

3. Analizar dentro de los archivos

Pulsar en “Eliminar Seleccionados” para enviar las infecciones a la cuarentena y Reinicias el ordenador.
Para acceder posteriormente al informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el informe en tu próxima respuesta.

2) Descarga Adwcleaner en el escritorio.

Desactiva tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
Pulsar en el botón Analizar Ahora, y espera a que se termine el análisis. Inmediatamente pulsa sobre el botón Iniciar Reparación.
Espera a que termine y sigue las instrucciones que te aparezcan. Si te pidiera Reiniciar, pues reinicias el ordenador pulsando en Aceptar.
Si no encuentra nada, pulsa en Omitir Reparación.
El log lo encontrarás en la pestaña Informes, volviendo a abrir el programa, si es necesario o en la siguiente ubicación: C:\AdwCleaner\Logs\AdwCleaner[C0].txt.
Para más información aquí te dejo su manual: Manual de Adwcleaner.
Activa de nuevo tu antivirus y cualquier programa de seguridad que tengas activado.

3) Utiliza nuevamente CCleaner tal como te dije en el punto 0.

Pegas los reportes de Malwarebytes y AdwCleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…).

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

Josemnm · 18 Abril, 2021 16:47

Buenas tardes,

Ya he procedido realizando paso a paso tal y como me indicabas.

Estos son los informes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 17/4/21
Hora del análisis: 16:08
Archivo de registro: 6053f426-9f86-11eb-baae-4c72b9812f73.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1251
Versión del paquete de actualización: 1.0.39499
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 19041.928)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-HKMUT84\Jose Manuel

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 1559107
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 25 hr, 58 min, 5 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

(end)

Josemnm · 18 Abril, 2021 16:47

Y este es el segundo reporte:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-18-2021
# Duration: 00:00:13
# OS:       Windows 10 Home
# Scanned:  31974
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Joas\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4780AF24-213D-4187-86F2-0014A6D6077B} 
Preinstalled.ReaderforPC   Folder   C:\Program Files (x86)\SONY\READERDESKTOP 
Preinstalled.ReaderforPC   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562} 
Preinstalled.SamsungSmartSwitch   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC 
Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Joas\AppData\Roaming\SAMSUNG\SMART SWITCH PC 


AdwCleaner[S00].txt - [2293 octets] - [06/04/2021 22:40:41]
AdwCleaner[S01].txt - [2457 octets] - [13/04/2021 20:34:17]
AdwCleaner[C01].txt - [1740 octets] - [13/04/2021 20:34:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Josemnm · 18 Abril, 2021 16:48

De momento no se ha solucionado el problema. Sigue apareciendo la doble tilde cuando uso el acento.

Un saludo cordial,

Marr0n · 19 Abril, 2021 12:32

Hola, buenas @Josemnm

No tal y como te indique lo del Malwareytes, no.

MAL, MUY MAL… Si te pongo instrucciones tan detalladas es por algo, has marcado la casilla de: Análisis en busca de rootkits no la debías de haber marcado. Pues puede hacer que el programa se cuelgue y no finalice el análisis o hacer que este tarde muchísimo. En tu caso ha tardado bastante 25 h, cuando probablemente hubiese tardado bastante menos.

Bueno está limpio.

Respecto AdwCleaner >> ha detectado Software Preinstalado. Nada preocupante.

EN BUSCA / ELIMINACIÓN DE MALWARE

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, USB, etc).

0) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.

1) Descarga Kasperky Virus Removal Tool Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y lo realizas tal y como se indica en su manual. En este caso no da reporte alguno, cuando finalice, presionas en la pestaña Report tal y como se indica en su manual y haces una captura de pantalla y la subes.

¿Como subir imágenes al Foro?

PRÓXIMA RESPUESTA

Pegas los reportes de Eset Online Scaner y Kasperky Virus Removal Tool (captura) y comentas como va el PC.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…).

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

Josemnm · 21 Abril, 2021 18:18

Buenas tardes,

Ya he realizado los 2 ex´´amenes que me indicabas, pero el problema persiste.

Te paso los reportes:

20/04/2021 19:32:11
Archivos analizados: 1218803
Archivos detectados: 14
Archivos desinfectados: 14
Tiempo total de análisis 06:57:57
Estado del análisis: Finalizado
E:\Descargas\Adobe Acrobat Pro DC v2019.010.20069 RePack by KpoJIuK\Adobe.Acrobat.Pro.DC.v2019.010.20069.exe	una variante de Win32/HackTool.Crack.EM aplicación potencialmente no segura	desinfectado por eliminación

E:\Descargas\Microsoft Office 2010 Professional Plus x64 Final\Microsoft Office 2010 Professional Plus x64 Final\pch-office.prof.2010.x64.es.final.iso	Win32/Hidcon.B aplicación potencialmente no segura,Win32/HackKMS.A aplicación potencialmente no segura	eliminado

E:\Descargas\Adobe.Photoshop.CS3.Extended.[www.SpaTorrent.com].rar	una variante de Win32/Keygen.DZ aplicación potencialmente no segura,una variante de Win32/Keygen.AH aplicación potencialmente no segura	eliminado

E:\Descargas\DJ2130_Full_WebPack_40.11.1124(1).exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación

E:\Descargas\DJ2130_Full_WebPack_40.11.1124.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación

E:\Descargas\Microsoft Office 2010 Professional Plus x64 Final.rar	Win32/Hidcon.B aplicación potencialmente no segura,Win32/HackKMS.A aplicación potencialmente no segura	eliminado

E:\ORDENADOR ANTIGUO\Downloads\PELICULAS\Acrobat.XI.Pro\Adobe.Acrobat.Pro.v11.0.12.Multilingual.iso	una variante de Win32/Keygen.HA aplicación potencialmente no segura,una variante de Win32/HackTool.Patcher.CH aplicación potencialmente no segura	eliminado

G:\Users\Joas\Downloads\Adobe Acrobat Pro DC v2019.010.20069 RePack by KpoJIuK\activation\disable_activation.cmd	BAT/HostsChanger.A aplicación potencialmente no segura	desinfectado por eliminación

G:\Users\Joas\Downloads\Adobe Acrobat Pro DC v2019.010.20069 RePack by KpoJIuK\Adobe.Acrobat.Pro.DC.v2019.010.20069.exe	una variante de Win32/HackTool.Crack.EM aplicación potencialmente no segura	desinfectado por eliminación

G:\Users\Joas\Downloads\Microsoft Office 2010 Professional Plus x64 Final\Microsoft Office 2010 Professional Plus x64 Final\pch-office.prof.2010.x64.es.final.iso	Win32/Hidcon.B aplicación potencialmente no segura,Win32/HackKMS.A aplicación potencialmente no segura	eliminado

G:\Users\Joas\Downloads\Adobe.Photoshop.CS3.Extended.[www.SpaTorrent.com].rar	una variante de Win32/Keygen.DZ aplicación potencialmente no segura,una variante de Win32/Keygen.AH aplicación potencialmente no segura	eliminado

G:\Users\Joas\Downloads\DJ2130_Full_WebPack_40.11.1124(1).exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación

G:\Users\Joas\Downloads\DJ2130_Full_WebPack_40.11.1124.exe	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación

G:\Users\Joas\Downloads\Microsoft Office 2010 Professional Plus x64 Final.rar	Win32/Hidcon.B aplicación potencialmente no segura,Win32/HackKMS.A aplicación potencialmente no segura	eliminado

Marr0n · 21 Abril, 2021 20:03

Hola, buenas @Josemnm

Respecto al Eset Online Scaner >> ha hecho lo que debía hacer.

Respecto al Kasperky Virus Removal Tool >> ha hecho lo que debía hacer.

Ok. Vamos a darle caña…

EN BUSCA / ELIMINACIÓN DE MALWARE

Desactivas tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). ¿Cómo saber si mi Windows es de 32 o 64 bits.?

Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

Farbar Recovery Scan Tool

Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).
Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.
En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.
Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

PRÓXIMA RESPUESTA

Pegas los reportes de FRST.txt y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…).

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

Josemnm · 22 Abril, 2021 18:27

Buenas tardes,

Te pego los reportes.

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 17-04-2021
Ejecutado por Jose Manuel (administrador) sobre DESKTOP-HKMUT84 (Hewlett-Packard h8-1402es) (22-04-2021 20:19:02)
Ejecutado desde C:\Users\Joas\Desktop
Perfiles cargados: Jose Manuel
Platform: Windows 10 Home Versión 2004 19041.928 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Joas\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <5>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIWEE.EXE
(Solid Documents -> Solid Documents Limited) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1923008 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2015-06-30] (Integrated Device Technology Inc. -> Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [394864 2020-09-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-03-02] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1319208 2019-05-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation -> Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-03] (Adobe Inc. -> )
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [168456 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIWEE.EXE [418736 2019-08-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joas\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-14] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIWEE.EXE [418736 2019-08-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-3100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBWEE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\Solid PDF Port Monitor: C:\WINDOWS\system32\solidlocalmon.dll [30640 2016-09-07] (Solid Documents -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.85\Installer\chrmstp.exe [2021-04-20] (Google LLC -> Google LLC)
Startup: C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-03]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicyScripts: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {04EEA1E7-2C51-4D04-B6BC-85566B7D7D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {053149FA-3BC1-43FA-AB49-644F900FDB44} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498496 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {05E27B8B-955A-4726-93D9-A12412425658} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4071000 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A739BEE-D345-4454-967B-24BEEA125163} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Joas\Desktop\esetonlinescanner.exe [15019488 2021-04-19] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {1BF8E382-3EC6-49BE-805A-118510C81EB9} - no ruta de acceso de archivo
Task: {2F999BBE-96AE-4A55-A8CB-3D750BAF3CF4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {30A998D1-3A07-407B-B661-69ADE1938CE9} - System32\Tasks\EPSON XP-3100 Series Update {2CE2E130-B45D-4CB7-AF1E-686518A92227} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {36253F74-D177-4C37-89AF-44138AF23382} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {38F0F717-6FF7-47D5-993A-FFF4F7458FFA} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {3D38290E-C10C-4B37-A744-F4766A9C9728} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {41062C19-1A45-444D-9CEF-0F403E6082C3} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Joas\Desktop\esetonlinescanner.exe [15019488 2021-04-19] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {5388E85A-18EF-4730-B8B6-056F18772A19} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5A9056EB-1EE8-4AFF-9156-7244055E3D89} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B7EE6E2-E6DC-4182-895E-57039EC1143D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FAF101A-7590-4520-A5A0-F1BD4081FE1B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141192 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {7774F41A-7D2C-43F8-A472-5812EB7430C3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A79502E-44B1-4000-97C7-391F8B15CBB1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7EB06CD9-5DA4-489A-BB7E-AB0233323378} - no ruta de acceso de archivo
Task: {86FB263C-149C-4526-BFD6-D77B66D7A4BE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A924D0E-9616-4162-96FA-A22F152D593B} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {8BAF875C-C49D-43DB-97E1-E01F412B4087} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92091D27-C07A-4844-8A92-47737841A7B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103360 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {990A7BBE-FE53-4327-8767-623C2DC7DB6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {9EA207C6-A25A-4D50-A88A-B6260F2EC95D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103360 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {A53A9332-6F09-4BBA-9ED1-82B4AB017D96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {B04FA225-3FEF-439C-ADFD-D681D0758F7D} - \Microsoft\Windows\UNP\RunCampaignManager -> Ningún archivo <==== ATENCIÓN
Task: {B2D87801-9A4E-4AF9-A3D3-2E24B6CC88F4} - System32\Tasks\RemoteDesktop\Jose Manuel\Remote Desktop Feed Refresh Task => C:\Program Files\Remote Desktop\msrdcw.exe [9302400 2020-09-22] (Microsoft Corporation -> Microsoft)
Task: {B5DF47C4-DE82-443E-8897-C5E1FAC0A83D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-10-03] (Adobe Inc. -> Adobe)
Task: {B8AED129-8333-462A-84CF-6E55078596B6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DADC7D83-9898-4151-8ECA-2B539DED059D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5229504 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC5B49E0-D343-4800-BCFA-0B457C124C94} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Microsoft.Windows.Dt.PolicyEngineApi.Interop.ni -> Ningún archivo <==== ATENCIÓN
Task: {DD3F9A08-702D-4109-AD4A-58737F4B18DB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E798D19E-4EB5-45DB-9F2C-81FAF7981E87} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3306602120-4223622763-3950894931-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1303800 2021-03-14] (Mega Limited -> Mega Limited)
Task: {EC7C891C-405E-40F9-AD39-AFFA9B14FA1E} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-HKMUT84-Jose Manuel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F2231627-655D-4549-9669-EE2BA61AC4C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {F453D6B7-ACF1-45C2-8D9D-149CD45C8153} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\EPSON XP-3100 Series Update {2CE2E130-B45D-4CB7-AF1E-686518A92227}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE:/EXE:{2CE2E130-B45D-4CB7-AF1E-686518A92227} /F:UpdateWORKGROUP\DESKTOP-HKMUT84$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-3100 Series Update {D6C96086-DC17-4FFF-BE3D-4FDEDF708317}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSWEE.EXE:/EXE:{D6C96086-DC17-4FFF-BE3D-4FDEDF708317} /F:UpdateWORKGROUP\DESKTOP-HKMUT84$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{00aefcd8-136f-4248-a0c3-c5fcb9611de1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{35637c30-8ce4-4fc5-9e6e-21c3b10fd270}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{ccb68753-4c27-4f1c-a76a-700af24336fa}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Edge: 
=======
DownloadDir: C:\Users\Joas\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 -> hxxp://www.google.es/
Edge Session Restore: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 -> está habilitado.
Edge Notifications: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001 -> hxxps://www.leroymerlin.es
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Joas\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-18]
Edge HomePage: Default -> hxxp://www.google.es/
Edge Session Restore: Default -> está habilitado.
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: cwwlruml.default-1503396565461
FF ProfilePath: C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 [2021-04-22]
FF Homepage: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 -> www.google.es
FF Session Restore: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 -> está habilitado.
FF Notifications: Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461 -> hxxps://www.casadellibro.com; hxxps://www.loteriasyapuestas.es
FF Extension: (Favoritos de iCloud) - C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461\Extensions\[email protected] [2019-01-31]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Roaming\Mozilla\Firefox\Profiles\cwwlruml.default-1503396565461\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-03-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-10-03] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-10-03] (Adobe Inc. -> )
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado]
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation -> Sony Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3306602120-4223622763-3950894931-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) [Archivo no firmado]

Chrome: 
=======
CHR Profile: C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default [2021-04-22]
CHR Notifications: Default -> hxxps://forospyware.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com","hxxps://www.google.com/"
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Presentaciones) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]
CHR Extension: (Documentos) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-25]
CHR Extension: (Google Drive) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-25]
CHR Extension: (YouTube) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-16]
CHR Extension: (Hojas de cálculo) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-17]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]
CHR Extension: (Gmail) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]
CHR Extension: (Chrome Media Router) - C:\Users\Joas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR Extension: (wUpdateMovie) - C:\ProgramData\Cgnzo\Cuqwrtj [2021-03-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-03-02] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798096 2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [16496 2020-09-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6274224 2020-04-09] (devolo AG -> devolo AG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1340760 2015-08-10] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EDUSBAgent; C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe [17328 2020-08-17] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-07-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-01-28] (Macrovision Europe Ltd.) [Archivo no firmado]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [98896 2020-12-01] (Panda Security S.L. -> Panda Security, S.L.)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [189288 2020-07-09] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [59440 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Archivo no firmado]
R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [262576 2016-09-07] (Solid Documents -> Solid Documents Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [107624 2018-12-06] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-28] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-28] (Disc Soft Ltd -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-17] (Malwarebytes Inc -> Malwarebytes)
R1 NNSDNS; C:\WINDOWS\system32\DRIVERS\NNSDNS.sys [141088 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [212768 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [125728 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [132384 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [111296 2020-11-23] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [152864 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [102688 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135456 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [347424 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [353592 2020-12-10] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123168 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [327968 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2020-04-09] (devolo AG -> Riverbed Technology, Inc.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [195872 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
S0 psinelam; C:\WINDOWS\System32\DRIVERS\psinelam.sys [21432 2020-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [171296 2020-12-27] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [216864 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [148768 2020-12-27] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [160544 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [130336 2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72984 2019-02-20] (Panda Security S.L. -> Panda Security, S.L.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [561672 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Tempo Semiconductor Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-16] (Microsoft Windows -> Microsoft Corporation)
R3 WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [254464 2018-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Jungo)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-04-22 20:19 - 2021-04-22 20:19 - 000037859 _____ C:\Users\Joas\Desktop\FRST.txt
2021-04-22 20:17 - 2021-04-22 20:18 - 002298368 _____ (Farbar) C:\Users\Joas\Desktop\FRST64.exe
2021-04-21 20:14 - 2021-04-21 20:14 - 000224880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_b8b3798fa_mark.sys
2021-04-21 20:14 - 2021-04-21 20:14 - 000127792 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\b8b3798f.sys
2021-04-20 19:34 - 2021-04-21 20:14 - 000000000 ____D C:\KVRT2020_Data
2021-04-20 19:33 - 2021-04-20 19:33 - 000006116 _____ C:\Users\Joas\Desktop\ESET.txt
2021-04-20 19:33 - 2021-04-20 19:33 - 000003810 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-04-20 19:33 - 2021-04-20 19:33 - 000003368 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-04-19 20:20 - 2021-04-19 20:20 - 000000670 _____ C:\Users\Joas\Desktop\ESET Online Scanner.lnk
2021-04-19 20:10 - 2021-04-19 20:18 - 102808888 _____ (AO Kaspersky Lab) C:\Users\Joas\Desktop\KVRT.exe
2021-04-19 19:59 - 2021-04-19 20:00 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Joas\Desktop\esetonlinescanner.exe
2021-04-18 18:42 - 2021-04-18 18:42 - 000002476 _____ C:\Users\Joas\Desktop\AdwCleaner[S02].txt
2021-04-18 18:24 - 2021-04-18 18:24 - 000001561 _____ C:\Users\Joas\Desktop\malware.txt
2021-04-17 15:42 - 2021-04-17 15:42 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-17 15:42 - 2021-04-17 15:42 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-17 15:42 - 2021-04-17 15:42 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-17 15:42 - 2021-04-17 15:42 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-17 15:42 - 2021-04-17 15:42 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-17 15:36 - 2021-04-18 15:37 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-17 15:36 - 2021-04-17 15:36 - 000002900 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-04-17 15:36 - 2021-04-17 15:36 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-04-17 15:36 - 2021-04-17 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-04-17 15:35 - 2021-04-22 15:37 - 000000000 ____D C:\Program Files\CCleaner
2021-04-17 15:20 - 2021-04-17 15:20 - 008534696 _____ (Malwarebytes) C:\Users\Joas\Desktop\adwcleaner_8.2.exe
2021-04-17 15:19 - 2021-04-17 15:19 - 002078632 _____ (Malwarebytes) C:\Users\Joas\Downloads\MBSetup.exe
2021-04-17 15:18 - 2021-04-17 15:21 - 030972600 _____ (Piriform Software Ltd) C:\Users\Joas\Downloads\ccsetup577.exe
2021-04-14 14:46 - 2021-04-14 14:46 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 14:46 - 2021-04-14 14:46 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-14 14:46 - 2021-04-14 14:46 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 21:19 - 2021-04-22 20:19 - 000000000 ____D C:\FRST
2021-04-13 20:19 - 2021-04-13 20:19 - 000348930 _____ C:\Users\Joas\Downloads\Infecci´´on persistente con el Virus del _doble acento_ o de la _doble tilde_ - Eliminar Malwares - ForoSpyware.pdf
2021-04-13 20:10 - 2021-04-13 20:10 - 000394023 _____ C:\Users\Joas\Downloads\Abril..pdf
2021-04-12 21:52 - 2021-04-12 21:52 - 001251341 _____ C:\Users\Joas\Downloads\AUDIO-2021-04-12-21-48-47.m4a
2021-04-12 20:49 - 2021-04-12 20:55 - 021966965 _____ C:\Users\Joas\Downloads\Anuncio Nocilla Básquet, 'El último partido'.mp4
2021-04-12 20:45 - 2021-04-12 20:56 - 000000000 ____D C:\Users\Joas\AppData\Roaming\FlashIntegro
2021-04-12 20:45 - 2021-04-12 20:45 - 000001052 _____ C:\Users\Joas\Desktop\VSDC Free Video Editor.lnk
2021-04-12 20:45 - 2021-04-12 20:45 - 000000000 ____D C:\Users\Joas\Documents\FlashIntegro
2021-04-12 20:45 - 2021-04-12 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2021-04-12 20:44 - 2021-04-12 20:45 - 000000000 ____D C:\Program Files\FlashIntegro
2021-04-12 20:44 - 2021-04-12 20:44 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro
2021-04-12 20:44 - 2011-12-07 18:32 - 000216064 _____ ( ) C:\WINDOWS\system32\Lagarith.dll
2021-04-12 20:44 - 2005-08-01 18:43 - 000245760 _____ () C:\WINDOWS\system32\lame.ax
2021-04-12 20:44 - 2004-12-10 09:03 - 000438272 _____ (On2.com) C:\WINDOWS\system32\vp6vfw.dll
2021-04-12 20:44 - 2004-09-06 15:06 - 000053248 _____ C:\WINDOWS\system32\xvid.ax
2021-04-12 20:44 - 2004-07-03 20:08 - 000139264 _____ C:\WINDOWS\system32\xvidvfw.dll
2021-04-12 20:44 - 2004-07-03 19:59 - 000524288 _____ C:\WINDOWS\system32\xvidcore.dll
2021-04-12 20:44 - 2004-02-04 20:11 - 000081920 _____ (fccHandler) C:\WINDOWS\system32\AC3ACM.acm
2021-04-12 20:44 - 2003-05-22 11:26 - 000638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\system32\divx.dll
2021-04-12 20:44 - 2003-05-22 11:26 - 000221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\system32\divxdec.ax
2021-04-12 20:44 - 2003-05-21 22:50 - 000261632 _____ (MainConcept) C:\WINDOWS\system32\mcdvd_32.dll
2021-04-12 20:44 - 2003-05-21 22:50 - 000156910 _____ C:\WINDOWS\WMSysPr8.prx
2021-04-12 20:44 - 2003-05-21 22:50 - 000082944 _____ (Voxware, Inc.) C:\WINDOWS\system32\vct3216.acm
2021-04-12 20:44 - 2003-05-21 22:50 - 000038912 _____ (NCT Company) C:\WINDOWS\system32\alf2cd.acm
2021-04-12 20:44 - 2003-05-21 22:50 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll
2021-04-12 20:44 - 2003-03-25 04:49 - 000098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\L3CODECX.AX
2021-04-12 20:44 - 2002-08-19 23:41 - 000413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg4c32.dll
2021-04-12 20:44 - 2000-03-14 19:55 - 000013239 _____ (SHARP Corporation) C:\WINDOWS\system32\Scg726.acm
2021-04-12 20:35 - 2021-04-12 20:43 - 093870944 _____ (Flash-Integro LLC ) C:\Users\Joas\Downloads\video_editor_x64.exe
2021-04-12 20:29 - 2021-04-12 20:29 - 000202866 _____ C:\Users\Joas\Downloads\MARCOS NAVARRO VILLANUEVA PROYECTO REPASO EXAMEN.pdf
2021-04-08 15:25 - 2021-04-08 15:25 - 000006599 _____ C:\Users\Joas\Desktop\etiquetas.xlsx
2021-04-08 13:01 - 2021-04-08 13:01 - 000000000 ____D C:\Users\Joas\Desktop\KET MARCOS
2021-04-08 11:12 - 2021-04-13 20:53 - 000000000 ____D C:\Users\Joas\AppData\Roaming\ZHP
2021-04-08 11:12 - 2021-04-08 11:12 - 000000000 ____D C:\Users\Joas\AppData\Local\ZHP
2021-04-08 11:06 - 2021-04-08 11:06 - 000000253 _____ C:\DelFix.txt
2021-04-08 11:06 - 2021-04-08 11:06 - 000000000 ____D C:\WINDOWS\ERUNT
2021-04-07 18:58 - 2021-04-07 18:58 - 000029677 _____ C:\Users\Joas\Downloads\1617790910movimiento.pdf
2021-04-07 18:40 - 2021-04-07 18:40 - 000000000 ____D C:\Users\Joas\Desktop\DOCU
2021-04-07 15:07 - 2021-04-19 20:20 - 000000816 _____ C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-07 15:07 - 2021-04-07 15:07 - 000000000 ____D C:\Users\Joas\AppData\Local\ESET
2021-04-06 23:03 - 2021-04-06 23:03 - 000000930 _____ C:\Users\Joas\Desktop\JRT.txt
2021-04-06 22:40 - 2021-04-13 20:34 - 000000000 ____D C:\AdwCleaner
2021-04-06 13:34 - 2021-04-18 18:44 - 000000000 ____D C:\Users\Joas\Desktop\COPIA SEGURIDAD CCLEANER REGISTRO
2021-04-06 13:31 - 2021-04-06 13:31 - 000001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-04-06 13:31 - 2021-04-06 13:31 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-04-04 21:29 - 2021-04-05 12:16 - 000000000 ____D C:\Users\Joas\AppData\LocalLow\uTorrent
2021-04-04 17:37 - 2021-04-05 02:49 - 3126248414 _____ C:\Users\Joas\Downloads\Pinocho (2020).mkv
2021-04-03 16:18 - 2021-04-03 16:18 - 000001409 _____ C:\Users\Public\Desktop\Apowersoft Photo Viewer.lnk
2021-04-03 16:18 - 2021-04-03 16:18 - 000000000 ____D C:\Users\Joas\AppData\Local\Apowersoft
2021-04-03 16:18 - 2021-04-03 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2021-04-03 16:16 - 2021-04-03 16:17 - 010998904 _____ (APOWERSOFT LIMITED ) C:\Users\Joas\Downloads\photo-viewer.exe
2021-04-03 12:00 - 2021-04-03 12:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-03 11:51 - 2021-04-03 11:51 - 000000000 ____D C:\Users\Joas\Downloads\E-BOOKS
2021-04-03 11:43 - 2021-04-03 11:43 - 000405934 _____ C:\Users\Joas\Downloads\El principito - Antoine de Saint-Exupery.epub
2021-03-27 13:07 - 2021-03-27 13:08 - 000000000 ____D C:\Users\Joas\AppData\Roaming\HSOxjhuuFZ
2021-03-25 21:50 - 2021-03-25 21:50 - 000673931 _____ C:\Users\Joas\Downloads\9ee7854df6946440edb6512176e2a884.psd
2021-03-25 20:04 - 2021-03-25 20:04 - 000398567 _____ C:\Users\Joas\Downloads\poster.pdf
2021-03-24 22:56 - 2021-03-24 23:11 - 000008922 _____ C:\Users\Joas\Desktop\INTRIMUTO.xlsx
2021-03-24 22:35 - 2021-03-24 22:35 - 000123079 _____ C:\Users\Joas\Downloads\Pinocho-2020.mkv.torrent
2021-03-24 21:54 - 2020-12-02 12:21 - 000195872 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINAflt.sys
2021-03-24 21:54 - 2020-12-02 12:21 - 000160544 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINProt.sys
2021-03-24 21:54 - 2020-12-02 12:21 - 000130336 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINReg.sys
2021-03-24 21:54 - 2020-12-02 12:20 - 000141088 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsdns.sys
2021-03-24 21:54 - 2020-12-02 12:20 - 000135456 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspop3.sys
2021-03-24 21:54 - 2020-12-02 12:20 - 000123168 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnssmtp.sys
2021-03-24 21:53 - 2021-03-25 22:36 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2021-03-24 21:53 - 2021-03-25 22:36 - 000002281 _____ C:\Users\Public\Desktop\Panda Dome.lnk
2021-03-24 21:53 - 2021-03-25 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2021-03-24 21:53 - 2020-12-10 14:18 - 000353592 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsprv.sys
2021-03-24 21:53 - 2020-12-02 12:21 - 000216864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSINKNC.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000347424 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsprot.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000327968 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsstrm.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000212768 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnshttp.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000152864 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspicc.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000132384 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnsids.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000125728 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnshttps.sys
2021-03-24 21:53 - 2020-12-02 12:20 - 000102688 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\nnspihsw.sys
2021-03-24 21:53 - 2020-07-10 11:48 - 000021432 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\psinelam.sys

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-04-22 20:16 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-22 20:13 - 2020-11-01 00:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-22 16:53 - 2020-03-17 18:40 - 000000000 ____D C:\Users\Joas\AppData\Local\rdclientwpf
2021-04-22 12:25 - 2017-07-20 23:52 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-22 10:14 - 2021-03-14 06:28 - 000000000 ___HD C:\ProgramData\Cgnzo
2021-04-22 06:57 - 2019-10-03 22:45 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-04-21 21:33 - 2020-04-02 11:28 - 000176022 _____ C:\Users\Joas\Desktop\PREVISION GASTOS 2017.xlsx
2021-04-21 21:33 - 2019-01-31 21:45 - 000000000 ____D C:\Users\Joas\Documents\Archivos de Outlook
2021-04-21 20:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-21 20:19 - 2020-11-01 00:41 - 001772862 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-21 20:19 - 2019-12-07 16:55 - 000788380 _____ C:\WINDOWS\system32\perfh00A.dat
2021-04-21 20:19 - 2019-12-07 16:55 - 000155768 _____ C:\WINDOWS\system32\perfc00A.dat
2021-04-21 20:19 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-21 20:12 - 2020-11-01 00:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-21 20:12 - 2020-11-01 00:22 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-21 20:12 - 2017-03-18 10:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-21 20:09 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-21 20:08 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-21 14:08 - 2020-08-25 00:30 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-21 14:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-21 14:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-21 04:21 - 2020-11-01 00:56 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 04:21 - 2020-11-01 00:56 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 22:54 - 2017-01-12 03:21 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Adobe
2021-04-20 22:23 - 2020-04-29 12:02 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-20 13:44 - 2017-01-28 19:48 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-19 08:53 - 2018-11-10 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-18 18:43 - 2017-02-03 12:59 - 000000000 ____D C:\Users\Joas\AppData\Local\CrashDumps
2021-04-18 18:36 - 2017-07-03 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2021-04-18 18:36 - 2017-07-03 20:14 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Samsung
2021-04-18 18:36 - 2017-01-28 18:04 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Hewlett-Packard
2021-04-18 18:36 - 2017-01-28 17:57 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-04-18 18:36 - 2017-01-28 17:54 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-04-17 15:42 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-16 10:32 - 2018-03-04 01:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-14 21:31 - 2020-04-22 21:05 - 000002408 _____ C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-14 20:52 - 2017-12-20 15:48 - 000000000 ____D C:\Users\Joas\AppData\Local\Packages
2021-04-14 17:38 - 2020-11-01 00:22 - 005452040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-14 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 14:48 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 14:46 - 2020-11-01 00:26 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 14:17 - 2017-01-12 03:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 14:14 - 2017-01-12 03:52 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-13 20:32 - 2017-03-18 10:34 - 000000000 ____D C:\Users\Joas\AppData\Roaming\TeamViewer
2021-04-13 20:14 - 2017-01-27 22:16 - 000000000 ____D C:\Users\Joas\AppData\Local\ElevatedDiagnostics
2021-04-12 20:44 - 2017-01-28 13:29 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-08 11:31 - 2021-03-15 00:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-04-08 11:31 - 2017-01-27 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-06 13:31 - 2020-12-17 20:47 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-04-06 13:31 - 2020-12-17 20:46 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-04-06 13:31 - 2017-01-27 22:35 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-06 13:31 - 2017-01-27 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-06 13:29 - 2017-01-28 17:44 - 000000000 ____D C:\Users\Joas\AppData\Roaming\DAEMON Tools Lite
2021-04-06 13:29 - 2017-01-27 22:16 - 000000000 ____D C:\Users\Joas\AppData\Roaming\uTorrent
2021-04-05 11:32 - 2019-03-29 00:11 - 000000000 ____D C:\Users\Joas\AppData\Local\BitTorrentHelper
2021-04-04 17:37 - 2019-02-09 17:36 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-04 17:37 - 2017-01-27 22:09 - 000000000 ____D C:\Users\Joas\AppData\LocalLow\Mozilla
2021-04-03 16:18 - 2020-09-20 14:44 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2021-04-03 16:18 - 2020-03-07 21:40 - 000000000 ____D C:\Users\Joas\AppData\Roaming\Apowersoft
2021-04-03 12:00 - 2017-01-27 22:08 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-02 19:50 - 2020-08-24 11:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-02 10:35 - 2021-03-16 13:59 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-04-02 10:35 - 2021-03-16 13:59 - 000000000 ____D C:\Users\Joas\Documents\RegRun2
2021-04-02 10:35 - 2021-03-16 13:59 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-03-29 20:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-03-27 12:55 - 2021-02-22 21:41 - 000010641 _____ C:\Users\Joas\Desktop\plantilla comidas.xlsx
2021-03-26 21:56 - 2021-03-14 04:08 - 000000000 ____D C:\Users\Joas\AppData\Roaming\ktLowyrXQTFV
2021-03-26 21:32 - 2021-03-14 23:48 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2021-03-25 22:48 - 2021-03-06 22:31 - 000000827 _____ C:\Users\Joas\Desktop\ARCHIVOS ESCRITORIO - Acceso directo.lnk
2021-03-23 01:42 - 2020-08-24 11:36 - 000470864 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-03-23 01:41 - 2020-08-24 11:36 - 000734008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll

==================== Archivos en la raíz de algunos directorios ========

2018-02-25 20:18 - 2020-07-05 14:54 - 000000034 _____ () C:\Users\Joas\AppData\Roaming\AdobeWLCMCache.dat
2017-09-10 23:09 - 2017-09-12 20:01 - 000008192 _____ () C:\Users\Joas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-13 19:46 - 2017-01-13 19:46 - 000000001 _____ () C:\Users\Joas\AppData\Local\llftool.4.25.agreement
2018-09-28 15:05 - 2018-09-28 15:05 - 000000000 _____ () C:\Users\Joas\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================

Josemnm · 22 Abril, 2021 18:28

Segundo reporte:

[code] Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 17-04-2021 Ejecutado por Jose Manuel (22-04-2021 20:20:13) Ejecutado desde C:\Users\Joas\Desktop Windows 10 Home Versión 2004 19041.928 (X64) (2020-10-31 22:57:05) Modo de Inicio: Normal

==================== Cuentas: =============================

Administrador (S-1-5-21-3306602120-4223622763-3950894931-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3306602120-4223622763-3950894931-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3306602120-4223622763-3950894931-1000 - Limited - Disabled) => C:\Users\defaultuser0 HomeGroupUser$ (S-1-5-21-3306602120-4223622763-3950894931-1003 - Limited - Enabled) Invitado (S-1-5-21-3306602120-4223622763-3950894931-501 - Limited - Disabled) Jose Manuel (S-1-5-21-3306602120-4223622763-3950894931-1001 - Administrator - Enabled) => C:\Users\Joas WDAGUtilityAccount (S-1-5-21-3306602120-4223622763-3950894931-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Panda Dome (Disabled - Up to date) {8EE5B6CC-D555-4755-164C-336E561DE601} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Enabled) {B6DE37E9-9F3A-460D-3D13-9A5BA8CEA17A}

==================== Programas instalados ======================

(Solo los programas de adware con indicador “Oculto”, pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\uTorrent) (Version: 3.5.5.45966 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32…{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated) Adobe Acrobat XI Pro (HKLM-x32…{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems) Adobe Creative Cloud (HKLM-x32…\Adobe Creative Cloud) (Version: 5.4.1.534 - Adobe Inc.) Adobe Genuine Service (HKLM-x32…\AdobeGenuineService) (Version: - Adobe) Adobe Illustrator CC 2015 (HKLM-x32…{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated) Adobe Lightroom Classic (HKLM-x32…\LTRM_9_3) (Version: 9.3 - Adobe Inc.) Adobe Photoshop CS3 (HKLM-x32…\Adobe_53a35a181eeb50486a0e091bd67ae62) (Version: 10.0 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Amazon Kindle) (Version: 1.25.1.52064 - Amazon) APLI Soft SE (HKLM-x32…\APLI Soft SE) (Version: 2.0 - APLI PAPER S.A. ) Aplicaciones de Microsoft 365 para empresas - es-es (HKLM…\O365ProPlusRetail - es-es) (Version: 16.0.13929.20216 - Microsoft Corporation) Apowersoft Photo Viewer V1.1.9 (HKLM-x32…{AA88C325-55DB-463A-801E-ED6929D0260E}_is1) (Version: 1.1.9 - APOWERSOFT LIMITED) Apple Application Support (32 bits) (HKLM-x32…{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.) Apple Application Support (64 bits) (HKLM…{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.) Apple Software Update (HKLM-x32…{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Audacity 3.0.0 (HKLM-x32…\Audacity_is1) (Version: 3.0.0 - Audacity Team) AutoFirma (HKLM-x32…\AutoFirma) (Version: 1.6.5 - Gobierno de España) Bonjour (HKLM…{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM…{5E633EE0-B7C7-48DB-8630-498180757952}) (Version: 3.47.1 - Kovid Goyal) Canon MP Navigator EX 2.0 (HKLM-x32…\MP Navigator EX 2.0) (Version: - ) CareLink Uploader (HKLM-x32…\CareLink Uploader 2.0.076) (Version: 2.0.076 - Medtronic Diabetes) CCleaner (HKLM…\CCleaner) (Version: 5.78 - Piriform) Colasoft MAC Scanner 2.3 (HKLM-x32…\Colasoft MAC Scanner 2.3_is1) (Version: 2.3 - Colasoft) DAEMON Tools Lite (HKLM…\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd) DAEMON Tools Ultra (HKLM…\DAEMON Tools Ultra) (Version: 4.0.1.0425 - Disc Soft Ltd) devolo Cockpit (HKLM-x32…\dlancockpit) (Version: 5.1.3.0 - devolo AG) Epson Connect Printer Setup (HKLM-x32…{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation) Epson Data Collection Agent (HKLM…{AF4D8A50-6093-4556-936E-A4C042CC2AE2}) (Version: 4.0 - Seiko Epson Corporation) Epson Device USB Agent (HKLM…{3A022667-4D99-402A-A46A-95CFDD0AE0F6}) (Version: 4.0.0 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32…{49048EBF-3803-4AA4-8943-675E6E8D5B30}) (Version: 3.11.0030 - Seiko Epson Corporation) Epson Photo+ (HKLM-x32…{5874C85E-A911-4A7E-8643-DB2C4322CBBF}) (Version: 3.1.0.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32…{FFA5C174-DB3F-4AFE-B59D-C0FB1744CD76}) (Version: 3.1.0.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32…\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32…{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) Epson ScanSmart (HKLM-x32…{7565F1C6-8DDF-4057-9152-2281A66F4BD3}) (Version: 3.4.1 - Seiko Epson Corporation) Epson Software Updater (HKLM-x32…{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation) EPSON XP-3100 Series Printer Uninstall (HKLM…\EPSON XP-3100 Series) (Version: - Seiko Epson Corporation) Escritorio remoto (HKLM…{0514F116-5C01-497F-BB9E-BEF6B07A3306}) (Version: 1.2.1364.0 - Microsoft Corporation) eSignaDesktop (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\eSignaDesktop_is1) (Version: 2.0.0 - Indenova S.L.) eSignaViewer (HKLM…\eSignaViewer_is1) (Version: 2.3.5 - Indenova S.L.) Google Chrome (HKLM-x32…\Google Chrome) (Version: 90.0.4430.85 - Google LLC) HP DeskJet 2130 series Software básico del dispositivo (HKLM…{985B2E7E-994C-4D0C-A881-72317A4C8E56}) (Version: 40.11.1124.17107 - HP Inc.) iCloud (HKLM…{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.) Instalación de DivX (HKLM…\DivX Setup) (Version: 10.8.8.0 - DivX, LLC) Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Manuales de EPSON (HKLM-x32…{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation) MEGAsync (HKLM-x32…\MEGAsync) (Version: - Mega Limited) Microsoft Edge (HKLM-x32…\Microsoft Edge) (Version: 90.0.818.42 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\OneDriveSetup.exe) (Version: 20.201.1005.0008 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Teams) (Version: 1.4.00.8872 - Microsoft Corporation) Microsoft Update Health Tools (HKLM…{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32…{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32…{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32…{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movavi Video Converter 21 Premium (HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\Movavi Video Converter 21 Premium) (Version: 21.0.0 - Movavi) Mozilla Firefox 86.0.1 (x64 es-ES) (HKLM…\Mozilla Firefox 86.0.1 (x64 es-ES)) (Version: 86.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32…\MozillaMaintenanceService) (Version: 86.0.1.7739 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32…{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyEpson Portal (HKLM-x32…{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden MyEpson Portal (HKLM-x32…\MyEpson Portal) (Version: - SEIKO EPSON Corporation) Nero 11 Mini Repack (HKLM…\NMMS11) (Version: - ) Nero Backup Drivers (HKLM…{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG) NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA GeForce Experience 3.9.0.61 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.16.0318 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32…\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden Panda Devices Agent (HKLM-x32…{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden Panda Devices Agent (HKLM-x32…\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden Panda Dome (HKLM…{EF4168C0-095F-4CFC-8CB3-139A11AC89BE}) (Version: 11.53.00 - Panda Security) Hidden Panda Dome (HKLM-x32…\Panda Universal Agent Endpoint) (Version: 20.2.1 - Panda Security) Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM…\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM…\D43FD4059F47ACA9539247D6CF690AAEA503AF2D) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Paquete de controladores de Windows - Medtronic CDM Driver Package (03/18/2011 2.08.14) (HKLM…\0A96B4728C34CC854388526E310A2EDD80422140) (Version: 03/18/2011 2.08.14 - Medtronic) Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM…\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM…\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM…\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) PDF Settings (HKLM-x32…{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Safari (HKLM-x32…{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Smart View (HKLM-x32…{5F8A3D28-643E-4062-80C9-37AD463EB61D}) (Version: 1.0.0.0 - Samsung ) Solid PDF Creator (HKLM-x32…{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}_is1) (Version: 9.1.3048.1 - Solid Documents) Tableta Wacom (HKLM…\Wacom Tablet Driver) (Version: 6.3.6b5 - Wacom Technology Corp.) Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.17057 - Microsoft Corporation) TeamViewer (HKLM-x32…\TeamViewer) (Version: 15.16.8 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM…{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (HKLM-x32…{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden VSDC Free Video Editor versión 6.6.7.275 (HKLM…\VSDC Free Video Editor_is1) (Version: 6.6.7.275 - Flash-Integro LLC) Vulkan Run Time Libraries 1.0.61.0 (HKLM…\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WebTablet FB Plugin 32 bit (HKLM-x32…\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM…\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebView2 Runtime de Microsoft Edge (HKLM-x32…\Microsoft EdgeWebView) (Version: 90.0.818.42 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM…\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinRAR 6.00 (32-bit) (HKLM-x32…\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) Wondershare Helper Compact 2.5.3 (HKLM-x32…{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare Video Converter Ultimate(Build 10.4.1.188) (HKLM-x32…\Video Converter Ultimate_is1) (Version: 10.4.1.188 - Wondershare Software)

Packages:

Adobe Notification Client → C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-09-10] (Adobe Systems Incorporated) Bubble Witch 3 Saga → C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 [2021-03-19] (king.com) Candy Crush Soda Saga → C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.191.500.0_x86__kgqvnymyfvs32 [2021-04-16] (king.com) Complemento de motor del medio de Fotos → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-19] (Microsoft Corporation) Disney Magic Kingdoms → C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.9.12.0_x86__h6adky7gbf63m [2021-04-21] (Gameloft SE) Facebook → C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.312.1.0_neutral__8xx8rvfyw5nnt [2021-03-25] (Facebook Inc) Grupo Edelvives_texto → C:\Program Files\WindowsApps\Edelvives.GrupoEdelvivestexto_1.9.6.6_x64__67f28mknjmmzt [2021-04-20] (Casa Edelvives) HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-13] (HP Inc.) iTunes → C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-20] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 → C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22002.0_x64__8wekyb3d8bbwe [2021-04-07] (Microsoft Studios) Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.) Royal Revolt 2 → C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_7.0.2.0_x86__g0q0z3kw54rap [2021-04-03] (flaregames GmbH) Twitter → C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) [Archivo no firmado] CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-B87EB86F0342} → [Creative Cloud Files] => C:\Users\Joas\Creative Cloud Files [2018-02-25 20:19] CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\Joas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 → C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. → Adobe Inc.) CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. → Adobe Systems) ShellIconOverlayIdentifiers: [ MEGA (Pending)] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ShellIconOverlayIdentifiers: [ AccExtIco1] → {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. → ) ShellIconOverlayIdentifiers: [ AccExtIco2] → {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. → ) ShellIconOverlayIdentifiers: [ AccExtIco3] → {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. → ) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ContextMenuHandlers1: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. → ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] → {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated → Adobe Systems Inc.) ContextMenuHandlers1: [DivXShellExtensionItem] → {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC → DivX, LLC) ContextMenuHandlers1: [DivXShellExtensionItem64] → {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC → DivX, LLC) ContextMenuHandlers1: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ContextMenuHandlers1: [PhotoStreamsExt] → {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. → Apple Inc.) ContextMenuHandlers1: [UAContextMenu] → {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. → Panda Security, S.L.) ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH → Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH → Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation → Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ContextMenuHandlers4: [MEGA (Context menu)] → {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited → ) ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation → NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] → {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. → Panda Security, S.L.) ContextMenuHandlers6: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. → ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] → {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated → Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation → Malwarebytes) ContextMenuHandlers6: [UAContextMenu] → {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. → Panda Security, S.L.) ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH → Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH → Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM…\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Archivo no firmado] HKLM…\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Archivo no firmado] HKLM…\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Archivo no firmado] HKLM…\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Archivo no firmado] HKLM…\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [Archivo no firmado] HKLM…\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Archivo no firmado] HKLM…\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado] HKLM…\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado] HKLM…\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado] HKLM…\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [Archivo no firmado] HKLM…\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Archivo no firmado] HKLM…\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado] HKLM…\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado] HKLM…\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado] HKLM…\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) → --load-extension=“C:\ProgramData\Cgnzo\Cuqwrtj\66388F25” ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) → --load-extension=“C:\ProgramData\Cgnzo\Cuqwrtj\66388F25”

==================== Módulos cargados (Lista blanca) =============

2019-10-09 08:15 - 2019-05-15 00:09 - 000206848 _____ () [Archivo no firmado] [El archivo está en uso] C:\ProgramData\BrokerGround\8D_ement_FIJE.dll 2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [Archivo no firmado] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp 2018-02-13 17:27 - 2017-12-19 04:51 - 000874880 _____ (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [Archivo no firmado] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll 2018-02-13 17:27 - 2017-12-19 04:51 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 → NVIDIA Corporation) [Archivo no firmado] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo_nvstapisvr64.dll 2017-02-13 15:54 - 2017-02-13 15:54 - 000132096 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll 2018-03-05 17:41 - 2018-03-05 17:41 - 000057856 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL 2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll 2019-02-22 18:01 - 2019-02-22 18:01 - 000704512 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll 2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll 2019-02-22 16:09 - 2019-02-22 16:09 - 000475136 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll 2020-06-17 17:35 - 2020-06-17 17:35 - 003142144 _____ (SEIKO EPSON CORPORATION) [Archivo no firmado] C:\Program Files\EPSON\Epson Data Collection Agent\NDENCMAPI.dll 2020-08-17 19:39 - 2020-08-17 19:39 - 000724992 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files\EPSON\Epson Device USB Agent\EDBC.dll 2019-11-27 13:27 - 2019-11-27 13:27 - 000417792 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files\EPSON\Epson Device USB Agent\EDSAPIX64.DLL

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El “AlternateShell” será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => “”=“Service”

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation → Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation → Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated → Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation → Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\sharepoint.com → hxxps://ceu365-files.sharepoint.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2017-01-10 19:04 - 2021-04-02 10:34 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKCU\Environment\Path → %USERPROFILE%\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-3306602120-4223622763-3950894931-1000\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: El medio no está conectado a internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM…\StartupApproved\Run: => “BeatsOSDApp” HKLM…\StartupApproved\Run: => “AdobeAAMUpdater-1.0” HKLM…\StartupApproved\Run: => “AdobeGCInvoker-1.0” HKLM…\StartupApproved\Run: => “SysTrayApp” HKLM…\StartupApproved\Run: => “WindowsDefender” HKLM…\StartupApproved\Run32: => “NBAgent” HKLM…\StartupApproved\Run32: => “DivXMediaServer” HKLM…\StartupApproved\Run32: => “Adobe Creative Cloud” HKLM…\StartupApproved\Run32: => “KiesTrayAgent” HKLM…\StartupApproved\Run32: => “Wondershare Helper Compact.exe” HKLM…\StartupApproved\Run32: => “Acrobat Assistant 8.0” HKLM…\StartupApproved\Run32: => “Adobe CCXProcess” HKLM…\StartupApproved\Run32: => “Reader Application Helper” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\StartupFolder: => “MEGAsync.lnk” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\Run: => “50474737” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\Run: => “DAEMON Tools Lite Automount” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\Run: => “DAEMON Tools Ultra Agent” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\Run: => “OneDrive” HKU\S-1-5-21-3306602120-4223622763-3950894931-1001…\StartupApproved\Run: => “com.squirrel.Teams.Teams”

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{9B67A7EB-BE2B-4D37-A5CC-C54BBC30BA07}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG → devolo AG) FirewallRules: [{66A9C94B-1E3B-4B5F-8FF5-AE4012C5D299}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG → devolo AG) FirewallRules: [{CB6DFE73-BEC8-40F4-A494-2EE4874CE101}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [Archivo no firmado] FirewallRules: [{06035298-7E05-4021-BAF3-47FCA4348581}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [Archivo no firmado] FirewallRules: [{30F247D1-DAF7-44D3-9F5A-82BAFB3B6A3A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) FirewallRules: [{CB446E85-277F-4BD6-AC62-AC92DF3AB747}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) FirewallRules: [{E7759753-E16D-4945-991F-A304154D0F26}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{F0FD55E5-F6A9-4E9F-AC9B-C1A10DC8C256}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{8554855E-6240-4AC3-B878-3A99A8164C30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{EC91C954-6D60-49F1-8AA3-7A470ECECE80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [UDP Query User{75936029-6261-4F05-B86D-0F20A5A5CDCA}C:\desarrollo\xampp\mysql\bin\mysqld.exe] => (Allow) C:\desarrollo\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab → ) FirewallRules: [TCP Query User{F301C23F-7554-4FEB-BE57-77A23E015170}C:\desarrollo\xampp\mysql\bin\mysqld.exe] => (Allow) C:\desarrollo\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab → ) FirewallRules: [UDP Query User{31B94FE2-3AC6-4DF5-BE11-E76DA9A1905E}C:\desarrollo\xampp\apache\bin\httpd.exe] => (Allow) C:\desarrollo\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Archivo no firmado] FirewallRules: [TCP Query User{AF00EA53-767D-4BDE-89D2-02299C4B812C}C:\desarrollo\xampp\apache\bin\httpd.exe] => (Allow) C:\desarrollo\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Archivo no firmado] FirewallRules: [{B4BFB25A-6F04-4A43-B1ED-97E655158386}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated → Adobe Systems Inc.) FirewallRules: [{C213F0C7-E4E0-41BC-BB28-24F73D5C5212}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated → Adobe Systems Inc.) FirewallRules: [{D68ABDE6-F9F2-4D88-8212-140B4FECFCA5}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated → Adobe Systems Inc.) FirewallRules: [{23A05A79-E886-438D-BE84-6675074678DB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated → Adobe Systems Inc.) FirewallRules: [UDP Query User{BD0F1AF5-2315-4044-986B-5DB67D5E849D}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado] FirewallRules: [TCP Query User{0059DDEF-0B3E-4369-9614-4370A6D3760A}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado] FirewallRules: [{85D413E4-E1DA-4CD8-88D4-2AD5E5735506}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.) FirewallRules: [{34093DEE-E5A8-4888-8C6F-2B150AEEAC7F}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard → HP Inc.) FirewallRules: [{58EBE770-6F74-4C87-91A6-828257FE3C06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{434EAE22-1CF0-4D6F-B6B3-5CE486D1039D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{D31DB870-AFCE-42EC-9B22-CEEAC81A89F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{55B331C5-22ED-4227-9BD5-F138DDE192F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{C4B6B702-EBDC-4A03-9458-0DB6134D925E}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{59DD83DA-7925-4D99-AC27-77C3F6070D65}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{7BF37D3F-A012-4794-9E78-6CD8E8AF809C}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{A9D0B1F2-F5AF-40F1-A98F-504FD0D740D0}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{193F4CD8-C920-4AA1-987B-366C32884EE8}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{591EE13B-4B44-4FB6-A9E8-27724CF5A5F6}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.) FirewallRules: [{ECC84A66-0164-4CDC-8CAA-3423481EFF8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation) FirewallRules: [{8AADE568-2A05-43AB-B191-F4A74E0EAAB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation) FirewallRules: [TCP Query User{7ED4694B-F26E-4282-B09F-C985B805A9C1}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado] FirewallRules: [UDP Query User{46875142-BEA7-40A3-820C-7179FDBE5B01}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado] FirewallRules: [TCP Query User{BA468411-51DC-4543-AEB3-7C2965974CB7}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. → DivX, LLC) FirewallRules: [UDP Query User{7AF9F028-329D-42F0-BCD2-EBF903F13ECB}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. → DivX, LLC) FirewallRules: [{193B883F-E101-46F5-9C4A-81DF7B22130E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{1B499D16-2188-4E52-AE75-95198EE52E0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{DD66429B-2211-408C-A737-BF07F441B2F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{F2B48D94-8C7F-445F-8861-B32FC8C5B86D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{88022444-E65C-4F1F-B329-2B4AF01BBD6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation) FirewallRules: [{256CDDD1-80C2-4951-A925-C4678F20F9BE}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG → devolo AG) FirewallRules: [{AF3EAAB2-5BA9-486D-A1D7-6111CB146909}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [{EA35DEF6-0622-4249-9B13-51E029F1C69E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [TCP Query User{F7C7C4A6-52C7-4262-B2AB-EDA1AAB67A1C}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. → DivX, LLC) FirewallRules: [UDP Query User{3C49167E-44C7-40FA-BCBA-93A955D0C69B}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. → DivX, LLC) FirewallRules: [{37BB36A6-8355-4FA2-920E-8AE239D97ABF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. → Apple Inc.) FirewallRules: [{40F90A51-E790-4EE4-B5F9-549A952773A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.) FirewallRules: [{AFC449E6-9339-494F-831E-3486AD2D4818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.) FirewallRules: [{F35FE8A0-A338-4666-A867-48A0A4C42865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.) FirewallRules: [{53B5233C-BB47-4C60-AE81-0896DF06F936}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.) FirewallRules: [{F30A92CE-F704-4656-958D-17BA5352F4DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. → Apple Inc.) FirewallRules: [{9163AF0A-87F9-4B8F-8C1E-F57D0EA1FFEE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. → Apple Inc.) FirewallRules: [{EEE9A9A3-4625-4198-9883-97D27553ED49}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. → Apple Inc.) FirewallRules: [{3459B8D3-D3D4-4798-9114-8618594B4859}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. → Apple Inc.) FirewallRules: [{86AFEBD1-874C-4AF9-A280-229BFCF02E1F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. → Apple Inc.) FirewallRules: [{9EE94992-C294-4CC2-82DA-441FE792BAE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. → Apple Inc.) FirewallRules: [{4DB4EED7-C09F-45FA-95C8-3730791698B8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. → Apple Inc.) FirewallRules: [{893ED4B8-ABF1-4839-A488-39538CE278BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. → Apple Inc.) FirewallRules: [{A123C25A-0019-497F-BB44-143C899FDCB6}] => (Allow) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) FirewallRules: [{38FD281E-10E3-4856-A6EF-8F78C4193ED9}] => (Allow) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe (SEIKO EPSON CORPORATION → Seiko Epson Corporation) FirewallRules: [{B7E5E92E-EBDE-4562-9749-87CBE479743A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{FA147110-EB28-43B9-99EA-66A54C189153}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{ED4F1516-D9E9-4CCC-8FCD-C2532C9FFFE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{0652186F-216A-4AD6-BAD4-CFC4CF3CF730}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.) FirewallRules: [{72B389D8-09D0-4190-889C-A4474A5792CA}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd → Apowersoft) FirewallRules: [{7D74E2C2-62A8-46C6-836F-A3B3D5129D2E}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd → Apowersoft) FirewallRules: [{79BF0F25-A78A-4333-8732-149F73216025}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{92145FEF-2633-4494-839F-C14FEDECCFEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{69BAE240-068C-477E-AC37-69EB4AD8DC60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{0A70C125-0436-435F-88E4-768855F034C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH → TeamViewer Germany GmbH) FirewallRules: [{E540E53B-BC47-45DC-A52A-6B3E1DE6E910}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector → Multilab LLC) FirewallRules: [{D7FF8AFD-AB68-470B-9E38-F1549D71ED68}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector → Multilab LLC) FirewallRules: [{DF9E7431-59BF-45DC-98BE-45CBC96DC901}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector → Multilab LLC) FirewallRules: [{240B83E2-17E0-4606-B5B6-502AEC22C164}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector → Multilab LLC) FirewallRules: [{7B520886-77DB-49C2-B836-BBA435E2C4C1}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector → Multilab LLC) FirewallRules: [{5A0935DE-DAD9-4FEB-AD42-1FC4F47BCF58}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector → Multilab LLC) FirewallRules: [{845D9334-7B5B-4298-A3F5-D840F823CCCD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [{D1E42A76-F81E-4673-BBE7-32C3D637D11D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [{0E0D73FB-403F-4A5F-A8AD-BF6FAF2422D0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation) FirewallRules: [{EF57819E-331F-43C1-9CC4-48A56D6E6D45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC) FirewallRules: [{271B676D-DA7F-4A94-8D04-BDF9CB2D14DD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.42\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)

==================== Puntos de Restauración =========================

06-04-2021 22:59:19 JRT Pre-Junkware Removal 08-04-2021 11:22:49 ZHPcleaner 13-04-2021 20:51:53 ZHPcleaner 18-04-2021 18:36:21 AdwCleaner_BeforeCleaning_18/04/2021_18:36:17

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: WinTV MiniStick Description: WinTV MiniStick Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Errores del registro de eventos: ========================

Errores de aplicación:

Error: (04/21/2021 10:39:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0

Error: (04/21/2021 08:12:24 PM) (Source: EDUSBAgent) (EventID: 0) (User: ) Description: Ya se ha agregado el elemento. Clave en el diccionario: ‘DSAgent’ Clave agregada: ‘DSAgent’ en System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add) en System.Configuration.MgmtConfigurationRecord.AddConfigurationSection(String group, String name, ConfigurationSection configSection) en System.Configuration.ConfigurationSectionCollection.Add(String name, ConfigurationSection section) en Epson.Core.ConfigurationReader.GetOrCreateConfiguration(Type configurationType) en Epson.Core.ConfigurationReader.GetOrCreateConfigurationTConfiguration en Epson.PCC.ModuleHelper.IsUnusedModule(String module) en Epson.PCC.ModuleHelper.IsModule(String assemblyPath) en Epson.PCC.ModuleManager.LocalDomain.Load(String assemblyPath) en Epson.PCC.Agent.PCCAgentFacade.Initialize()

Error: (04/20/2021 10:40:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0

Error: (04/19/2021 10:40:21 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0

Error: (04/19/2021 06:07:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (G:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (04/19/2021 06:05:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: El optimizador de almacenamiento no pudo completar volver a optimizar en Reservado para el sistema (F:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (04/19/2021 06:05:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: El optimizador de almacenamiento no pudo completar volver a optimizar en disco duro 2 (E:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Errores del sistema:

Error: (04/19/2021 08:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:34 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: ??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Josemnm · 22 Abril, 2021 18:28

Continuacion segundo reporte:

Windows Defender:

Date: 2021-04-17 11:38:29 Description: El examen de Antivirus de Microsoft Defender se detuvo antes de completarse. Id. de examen: {395F44AE-8612-47E1-8605-ECF29D0A28EA} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:50:16 Description: El examen de Antivirus de Microsoft Defender se detuvo antes de completarse. Id. de examen: {49B10965-1ECF-4F0A-9E83-6717F1009AFA} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:25:45 Description: El examen de Antivirus de Microsoft Defender se detuvo antes de completarse. Id. de examen: {53135D2B-FF1B-464C-92F9-81A2F2A9F525} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:15:01 Description: El examen de Antivirus de Microsoft Defender se detuvo antes de completarse. Id. de examen: {D66F5EB2-C4AE-4D31-B7F8-F78E4F858C7C} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-14 03:16:47 Description: Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Caynamer.A!ml&threatid=2147749819&enterprise=0 Nombre: Trojan:Win32/Caynamer.A!ml Id.: 2147749819 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_C:\Users\Joas\AppData\Roaming\jgggdii; file:_C:\Windows\System32\Tasks\Firefox Default Browser Agent C3B4932A16F2B2A0->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3E9D026D-9958-4B7C-9B5D-388E8BD98905}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent C3B4932A16F2B2A0; taskscheduler:_C:\Windows\System32\Tasks\Firefox Default Browser Agent C3B4932A16F2B2A0 Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe Versión de inteligencia de seguridad: AV: 1.331.1570.0, AS: 1.331.1570.0, NIS: 1.331.1570.0 Versión de motor: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-04-15 08:10:24 Description: Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: 1.335.842.0 Versión anterior de inteligencia de seguridad: 1.333.1238.0 Origen de actualización: Usuario Tipo de inteligencia de seguridad: AntiSpyware Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: 1.1.18000.5 Versión anterior del motor: 1.1.17900.7 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control.

Date: 2021-04-15 08:10:24 Description: Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: 1.335.842.0 Versión anterior de inteligencia de seguridad: 1.333.1238.0 Origen de actualización: Usuario Tipo de inteligencia de seguridad: AntiVirus Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: 1.1.18000.5 Versión anterior del motor: 1.1.17900.7 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control.

Date: 2021-04-15 08:10:24 Description: Antivirus de Microsoft Defender encontró un error al intentar actualizar el motor. Nueva versión de motor: 1.1.18000.5 Versión de motor anterior: 1.1.17900.7 Usuario: NT AUTHORITY\SYSTEM Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control.

Date: 2021-04-15 02:10:24 Description: Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: 1.335.842.0 Versión anterior de inteligencia de seguridad: 1.333.1238.0 Origen de actualización: Usuario Tipo de inteligencia de seguridad: AntiSpyware Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: 1.1.18000.5 Versión anterior del motor: 1.1.17900.7 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control.

Date: 2021-04-15 02:10:24 Description: Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad. Nueva versión de inteligencia de seguridad: 1.335.842.0 Versión anterior de inteligencia de seguridad: 1.333.1238.0 Origen de actualización: Usuario Tipo de inteligencia de seguridad: AntiVirus Tipo de actualización: Diferencia Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: 1.1.18000.5 Versión anterior del motor: 1.1.17900.7 Código de error: 0x80070666 Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control.

CodeIntegrity:

Date: 2021-04-14 17:38:29 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-08 11:31:36 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-03 12:01:14 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements.

==================== Información de la memoria ===========================

BIOS: AMI 8.10 09/25/2012 Placa base: PEGATRON CORPORATION 2AD5 Procesador: Intel(R) Core™ i7-3770 CPU @ 3.40GHz Porcentaje de memoria en uso: 50% RAM física total: 9302.57 MB RAM física disponible: 4607.86 MB Virtual total: 10774.57 MB Virtual disponible: 5618.81 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:464.72 GB) (Free:233.08 GB) NTFS Drive e: (disco duro 2) (Fixed) (Total:1863.01 GB) (Free:57.33 GB) NTFS Drive f: (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)] Drive g: () (Fixed) (Total:1862.01 GB) (Free:1568.54 GB) NTFS Drive p: (Reservado para el sistema) (Fixed) (Total:0.58 GB) (Free:0.55 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]

\?\Volume{5eafc748-0000-0000-0000-d09fd1010000}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS \?\Volume{4d64aa72-0000-0000-0000-805374000000}\ () (Fixed) (Total:0.45 GB) (Free:0.01 GB) NTFS

==================== MBR & Tabla de particiones ====================

========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 429C60A9) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5EAFC748) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=530 MB) - (Type=27)

========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4D64AA72) Partition 1: (Active) - (Size=596 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=463 MB) - (Type=27)

==================== Final de Addition.txt ======================= [/code]

Marr0n · 24 Abril, 2021 02:32

Hola, buenas @Josemnm

Pon el reporte de Addition.txt tal y como lo hiciste con el de FRST.txt. Pues no está bien puesto y analizarlo así es una tortura, el de FRST.txt está correctamente puesto

Salu2.

Josemnm · 24 Abril, 2021 08:10

Buenos d´´ias,

El reporte es muy largo y tengo que ponerlo en 2 respuestas:

.1.188) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.4.1.188 - Wondershare Software)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-09-10] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 [2021-03-19] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.191.500.0_x86__kgqvnymyfvs32 [2021-04-16] (king.com)
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-19] (Microsoft Corporation)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.9.12.0_x86__h6adky7gbf63m [2021-04-21] (Gameloft SE)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.312.1.0_neutral__8xx8rvfyw5nnt [2021-03-25] (Facebook Inc)
Grupo Edelvives_texto -> C:\Program Files\WindowsApps\Edelvives.GrupoEdelvivestexto_1.9.6.6_x64__67f28mknjmmzt [2021-04-20] (Casa Edelvives)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-13] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-20] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22002.0_x64__8wekyb3d8bbwe [2021-04-07] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_7.0.2.0_x86__g0q0z3kw54rap [2021-04-03] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) [Archivo no firmado]
CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B87EB86F0342} -> [Creative Cloud Files] => C:\Users\Joas\Creative Cloud Files [2018-02-25 20:19]
CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2021-03-14] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-22] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2020-12-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Archivo no firmado]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Archivo no firmado]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Archivo no firmado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Archivo no firmado]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [Archivo no firmado]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [Archivo no firmado]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Archivo no firmado]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Cgnzo\Cuqwrtj\66388F25"
ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Cgnzo\Cuqwrtj\66388F25"

==================== Módulos cargados (Lista blanca) =============

2019-10-09 08:15 - 2019-05-15 00:09 - 000206848 _____ () [Archivo no firmado] [El archivo está en uso] C:\ProgramData\BrokerGround\8D_ement_FIJE.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [Archivo no firmado] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2018-02-13 17:27 - 2017-12-19 04:51 - 000874880 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-02-13 17:27 - 2017-12-19 04:51 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Archivo no firmado] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-02-13 15:54 - 2017-02-13 15:54 - 000132096 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2018-03-05 17:41 - 2018-03-05 17:41 - 000057856 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Archivo no firmado] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2019-02-22 18:01 - 2019-02-22 18:01 - 000704512 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll
2019-02-22 16:09 - 2019-02-22 16:09 - 000475136 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
2020-06-17 17:35 - 2020-06-17 17:35 - 003142144 _____ (SEIKO EPSON CORPORATION) [Archivo no firmado] C:\Program Files\EPSON\Epson Data Collection Agent\NDENCMAPI.dll
2020-08-17 19:39 - 2020-08-17 19:39 - 000724992 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files\EPSON\Epson Device USB Agent\EDBC.dll
2019-11-27 13:27 - 2019-11-27 13:27 - 000417792 _____ (Seiko Epson Corporation) [Archivo no firmado] C:\Program Files\EPSON\Epson Device USB Agent\EDSAPIX64.DLL

==================== Alternate Data Streams (Lista blanca) ========

Josemnm · 24 Abril, 2021 08:11

Seguna parte:

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\sharepoint.com -> hxxps://ceu365-files.sharepoint.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2017-01-10 19:04 - 2021-04-02 10:34 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-3306602120-4223622763-3950894931-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Reader Application Helper"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "50474737"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{9B67A7EB-BE2B-4D37-A5CC-C54BBC30BA07}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{66A9C94B-1E3B-4B5F-8FF5-AE4012C5D299}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{CB6DFE73-BEC8-40F4-A494-2EE4874CE101}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [Archivo no firmado]
FirewallRules: [{06035298-7E05-4021-BAF3-47FCA4348581}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [Archivo no firmado]
FirewallRules: [{30F247D1-DAF7-44D3-9F5A-82BAFB3B6A3A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{CB446E85-277F-4BD6-AC62-AC92DF3AB747}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{E7759753-E16D-4945-991F-A304154D0F26}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F0FD55E5-F6A9-4E9F-AC9B-C1A10DC8C256}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8554855E-6240-4AC3-B878-3A99A8164C30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EC91C954-6D60-49F1-8AA3-7A470ECECE80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{75936029-6261-4F05-B86D-0F20A5A5CDCA}C:\desarrollo\xampp\mysql\bin\mysqld.exe] => (Allow) C:\desarrollo\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{F301C23F-7554-4FEB-BE57-77A23E015170}C:\desarrollo\xampp\mysql\bin\mysqld.exe] => (Allow) C:\desarrollo\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{31B94FE2-3AC6-4DF5-BE11-E76DA9A1905E}C:\desarrollo\xampp\apache\bin\httpd.exe] => (Allow) C:\desarrollo\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Archivo no firmado]
FirewallRules: [TCP Query User{AF00EA53-767D-4BDE-89D2-02299C4B812C}C:\desarrollo\xampp\apache\bin\httpd.exe] => (Allow) C:\desarrollo\xampp\apache\bin\httpd.exe (Apache Software Foundation) [Archivo no firmado]
FirewallRules: [{B4BFB25A-6F04-4A43-B1ED-97E655158386}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [{C213F0C7-E4E0-41BC-BB28-24F73D5C5212}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [{D68ABDE6-F9F2-4D88-8212-140B4FECFCA5}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [{23A05A79-E886-438D-BE84-6675074678DB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [UDP Query User{BD0F1AF5-2315-4044-986B-5DB67D5E849D}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{0059DDEF-0B3E-4369-9614-4370A6D3760A}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado]
FirewallRules: [{85D413E4-E1DA-4CD8-88D4-2AD5E5735506}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{34093DEE-E5A8-4888-8C6F-2B150AEEAC7F}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{58EBE770-6F74-4C87-91A6-828257FE3C06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{434EAE22-1CF0-4D6F-B6B3-5CE486D1039D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D31DB870-AFCE-42EC-9B22-CEEAC81A89F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{55B331C5-22ED-4227-9BD5-F138DDE192F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C4B6B702-EBDC-4A03-9458-0DB6134D925E}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{59DD83DA-7925-4D99-AC27-77C3F6070D65}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7BF37D3F-A012-4794-9E78-6CD8E8AF809C}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A9D0B1F2-F5AF-40F1-A98F-504FD0D740D0}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{193F4CD8-C920-4AA1-987B-366C32884EE8}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{591EE13B-4B44-4FB6-A9E8-27724CF5A5F6}] => (Allow) C:\Users\Joas\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{ECC84A66-0164-4CDC-8CAA-3423481EFF8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AADE568-2A05-43AB-B191-F4A74E0EAAB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{7ED4694B-F26E-4282-B09F-C985B805A9C1}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{46875142-BEA7-40A3-820C-7179FDBE5B01}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{BA468411-51DC-4543-AEB3-7C2965974CB7}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. -> DivX, LLC)
FirewallRules: [UDP Query User{7AF9F028-329D-42F0-BCD2-EBF903F13ECB}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. -> DivX, LLC)
FirewallRules: [{193B883F-E101-46F5-9C4A-81DF7B22130E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1B499D16-2188-4E52-AE75-95198EE52E0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD66429B-2211-408C-A737-BF07F441B2F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F2B48D94-8C7F-445F-8861-B32FC8C5B86D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{88022444-E65C-4F1F-B329-2B4AF01BBD6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{256CDDD1-80C2-4951-A925-C4678F20F9BE}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{AF3EAAB2-5BA9-486D-A1D7-6111CB146909}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA35DEF6-0622-4249-9B13-51E029F1C69E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F7C7C4A6-52C7-4262-B2AB-EDA1AAB67A1C}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. -> DivX, LLC)
FirewallRules: [UDP Query User{3C49167E-44C7-40FA-BCBA-93A955D0C69B}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DivX, LLC. -> DivX, LLC)
FirewallRules: [{37BB36A6-8355-4FA2-920E-8AE239D97ABF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40F90A51-E790-4EE4-B5F9-549A952773A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AFC449E6-9339-494F-831E-3486AD2D4818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F35FE8A0-A338-4666-A867-48A0A4C42865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53B5233C-BB47-4C60-AE81-0896DF06F936}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F30A92CE-F704-4656-958D-17BA5352F4DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9163AF0A-87F9-4B8F-8C1E-F57D0EA1FFEE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EEE9A9A3-4625-4198-9883-97D27553ED49}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3459B8D3-D3D4-4798-9114-8618594B4859}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{86AFEBD1-874C-4AF9-A280-229BFCF02E1F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9EE94992-C294-4CC2-82DA-441FE792BAE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4DB4EED7-C09F-45FA-95C8-3730791698B8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{893ED4B8-ABF1-4839-A488-39538CE278BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A123C25A-0019-497F-BB44-143C899FDCB6}] => (Allow) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{38FD281E-10E3-4856-A6EF-8F78C4193ED9}] => (Allow) C:\Program Files\EPSON\Epson Device USB Agent\EDUSBAgent.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{B7E5E92E-EBDE-4562-9749-87CBE479743A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA147110-EB28-43B9-99EA-66A54C189153}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED4F1516-D9E9-4CCC-8FCD-C2532C9FFFE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0652186F-216A-4AD6-BAD4-CFC4CF3CF730}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72B389D8-09D0-4190-889C-A4474A5792CA}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{7D74E2C2-62A8-46C6-836F-A3B3D5129D2E}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{79BF0F25-A78A-4333-8732-149F73216025}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{92145FEF-2633-4494-839F-C14FEDECCFEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{69BAE240-068C-477E-AC37-69EB4AD8DC60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0A70C125-0436-435F-88E4-768855F034C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E540E53B-BC47-45DC-A52A-6B3E1DE6E910}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{D7FF8AFD-AB68-470B-9E38-F1549D71ED68}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{DF9E7431-59BF-45DC-98BE-45CBC96DC901}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{240B83E2-17E0-4606-B5B6-502AEC22C164}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{7B520886-77DB-49C2-B836-BBA435E2C4C1}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{5A0935DE-DAD9-4FEB-AD42-1FC4F47BCF58}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{845D9334-7B5B-4298-A3F5-D840F823CCCD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1E42A76-F81E-4673-BBE7-32C3D637D11D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E0D73FB-403F-4A5F-A8AD-BF6FAF2422D0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF57819E-331F-43C1-9CC4-48A56D6E6D45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{271B676D-DA7F-4A94-8D04-BDF9CB2D14DD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Puntos de Restauración =========================

06-04-2021 22:59:19 JRT Pre-Junkware Removal
08-04-2021 11:22:49 ZHPcleaner
13-04-2021 20:51:53 ZHPcleaner
18-04-2021 18:36:21 AdwCleaner_BeforeCleaning_18/04/2021_18:36:17

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: WinTV MiniStick
Description: WinTV MiniStick
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (04/21/2021 10:39:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/21/2021 08:12:24 PM) (Source: EDUSBAgent) (EventID: 0) (User: )
Description: Ya se ha agregado el elemento. Clave en el diccionario: 'DSAgent'  Clave agregada: 'DSAgent'
   en System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)
   en System.Configuration.MgmtConfigurationRecord.AddConfigurationSection(String group, String name, ConfigurationSection configSection)
   en System.Configuration.ConfigurationSectionCollection.Add(String name, ConfigurationSection section)
   en Epson.Core.ConfigurationReader.GetOrCreateConfiguration(Type configurationType)
   en Epson.Core.ConfigurationReader.GetOrCreateConfiguration[TConfiguration]()
   en Epson.PCC.ModuleHelper.IsUnusedModule(String module)
   en Epson.PCC.ModuleHelper.IsModule(String assemblyPath)
   en Epson.PCC.ModuleManager.LocalDomain.Load(String assemblyPath)
   en Epson.PCC.Agent.PCCAgentFacade.Initialize()

Error: (04/21/2021 08:12:24 PM) (Source: EDUSBAgent) (EventID: 0) (User: )
Description: Ya se ha agregado el elemento. Clave en el diccionario: 'DSAgent'  Clave agregada: 'DSAgent'
   en System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)
   en System.Configuration.MgmtConfigurationRecord.AddConfigurationSection(String group, String name, ConfigurationSection configSection)
   en System.Configuration.ConfigurationSectionCollection.Add(String name, ConfigurationSection section)
   en Epson.Core.ConfigurationReader.GetOrCreateConfiguration(Type configurationType)
   en Epson.Core.ConfigurationReader.GetOrCreateConfiguration[TConfiguration]()
   en Epson.PCC.ModuleHelper.IsUnusedModule(String module)
   en Epson.PCC.ModuleHelper.IsModule(String assemblyPath)
   en Epson.PCC.ModuleManager.LocalDomain.Load(String assemblyPath)
   en Epson.PCC.Agent.PCCAgentFacade.Initialize()

Error: (04/20/2021 10:40:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/19/2021 10:40:21 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/19/2021 06:07:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (G:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (04/19/2021 06:05:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en Reservado para el sistema (F:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (04/19/2021 06:05:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en disco duro 2 (E:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)


Errores del sistema:
=============
Error: (04/19/2021 08:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys

Error: (04/19/2021 08:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (04/19/2021 08:32:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Joas\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2021-04-17 11:38:29
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {395F44AE-8612-47E1-8605-ECF29D0A28EA}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:50:16
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {49B10965-1ECF-4F0A-9E83-6717F1009AFA}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:25:45
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {53135D2B-FF1B-464C-92F9-81A2F2A9F525}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-24 21:15:01
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {D66F5EB2-C4AE-4D31-B7F8-F78E4F858C7C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-03-14 03:16:47
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Caynamer.A!ml&threatid=2147749819&enterprise=0
Nombre: Trojan:Win32/Caynamer.A!ml
Id.: 2147749819
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\Joas\AppData\Roaming\jgggdii; file:_C:\Windows\System32\Tasks\Firefox Default Browser Agent C3B4932A16F2B2A0->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E9D026D-9958-4B7C-9B5D-388E8BD98905}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent C3B4932A16F2B2A0; taskscheduler:_C:\Windows\System32\Tasks\Firefox Default Browser Agent C3B4932A16F2B2A0
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Versión de inteligencia de seguridad: AV: 1.331.1570.0, AS: 1.331.1570.0, NIS: 1.331.1570.0
Versión de motor: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-04-15 08:10:24
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.335.842.0
Versión anterior de inteligencia de seguridad: 1.333.1238.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.18000.5
Versión anterior del motor: 1.1.17900.7
Código de error: 0x80070666
Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

Date: 2021-04-15 08:10:24
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.335.842.0
Versión anterior de inteligencia de seguridad: 1.333.1238.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.18000.5
Versión anterior del motor: 1.1.17900.7
Código de error: 0x80070666
Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

Date: 2021-04-15 08:10:24
Description: 
Antivirus de Microsoft Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor: 1.1.18000.5
Versión de motor anterior: 1.1.17900.7
Usuario: NT AUTHORITY\SYSTEM
Código de error: 0x80070666
Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

Date: 2021-04-15 02:10:24
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.335.842.0
Versión anterior de inteligencia de seguridad: 1.333.1238.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.18000.5
Versión anterior del motor: 1.1.17900.7
Código de error: 0x80070666
Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

Date: 2021-04-15 02:10:24
Description: 
Antivirus de Microsoft Defender detectó un error al intentar actualizar la inteligencia de seguridad.
Nueva versión de inteligencia de seguridad: 1.335.842.0
Versión anterior de inteligencia de seguridad: 1.333.1238.0
Origen de actualización: Usuario
Tipo de inteligencia de seguridad: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión actual del motor: 1.1.18000.5
Versión anterior del motor: 1.1.17900.7
Código de error: 0x80070666
Descripción del error: Ya está instalada otra versión de este producto. La instalación de esta versión no puede continuar. Para configurar o quitar la versión existente de este producto, use Agregar o quitar programas del Panel de control. 

CodeIntegrity:
===============
Date: 2021-04-14 17:38:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-08 11:31:36
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-03 12:01:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements.


==================== Información de la memoria =========================== 

BIOS: AMI 8.10 09/25/2012
Placa base: PEGATRON CORPORATION 2AD5
Procesador: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Porcentaje de memoria en uso: 50%
RAM física total: 9302.57 MB
RAM física disponible: 4607.86 MB
Virtual total: 10774.57 MB
Virtual disponible: 5618.81 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:464.72 GB) (Free:233.08 GB) NTFS
Drive e: (disco duro 2) (Fixed) (Total:1863.01 GB) (Free:57.33 GB) NTFS
Drive f: (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]
Drive g: () (Fixed) (Total:1862.01 GB) (Free:1568.54 GB) NTFS
Drive p: (Reservado para el sistema) (Fixed) (Total:0.58 GB) (Free:0.55 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]

\\?\Volume{5eafc748-0000-0000-0000-d09fd1010000}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{4d64aa72-0000-0000-0000-805374000000}\ () (Fixed) (Total:0.45 GB) (Free:0.01 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 429C60A9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5EAFC748)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=530 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4D64AA72)
Partition 1: (Active) - (Size=596 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=463 MB) - (Type=27)

==================== Final de Addition.txt =======================

Marr0n · 27 Abril, 2021 13:22

Hola, buenas @Josemnm

PREGUNTAS

¿Tú has instalado en tu ordenador los siguientes programas o te suenan: XAMPP, con Apache y Mysqld?

¿Has permitido reglas de estos en el firewall?

¿Los descargaste del sitio oficial?

DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con el nombre: Wondershare o Wondershare + Lo que sea.

Pues en tu caso tienes instalados los siguientes:

Wondershare Helper Compact 2.5.3 (HKLM-x32…{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) 
Wondershare Video Converter Ultimate(Build 10.4.1.188) (HKLM-x32…\Video Converter Ultimate_is1) (Version: 10.4.1.188 - Wondershare Software)

Estos deben de quedar completamente desinstalados.

DESINSTALACIÓN EXTENSIONES

Para las extensiones en que te diga: puedes quitarlas. Hazlo así:

Accedes a Chrome y quitas la extensión llamada wUpdateMovie

Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

Reinicias el ordenador en Modo Normal.
Descargas DelFix en tu escritorio.
Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.
Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
GroupPolicyScripts: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
Task: {1BF8E382-3EC6-49BE-805A-118510C81EB9} - no ruta de acceso de archivo
Task: {7EB06CD9-5DA4-489A-BB7E-AB0233323378} - no ruta de acceso de archivo
Task: {B04FA225-3FEF-439C-ADFD-D681D0758F7D} - \Microsoft\Windows\UNP\RunCampaignManager -> Ningún archivo <==== ATENCIÓN
Task: {DC5B49E0-D343-4800-BCFA-0B457C124C94} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\Microsoft.Windows.Dt.PolicyEngineApi.Interop.ni -> Ningún archivo <==== ATENCIÓN
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
CHR Extension: (wUpdateMovie) - C:\ProgramData\Cgnzo\Cuqwrtj [2021-03-14]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [107624 2018-12-06] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
2021-04-22 10:14 - 2021-03-14 06:28 - 000000000 ___HD C:\ProgramData\Cgnzo
2017-01-13 19:46 - 2017-01-13 19:46 - 000000001 _____ () C:\Users\Joas\AppData\Local\llftool.4.25.agreement
2018-09-28 15:05 - 2018-09-28 15:05 - 000000000 _____ () C:\Users\Joas\AppData\Local\oobelibMkey.log
ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Cgnzo\Cuqwrtj\66388F25"
ShortcutWithArgument: C:\Users\Joas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Cgnzo\Cuqwrtj\66388F25"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
C:\Program Files (x86)\Common Files\Wondershare
C:\Program Files (x86)\Wondershare\
C:\Program Files (x86)\Enigma Software Group
File: C:\WINDOWS\WMSysPr8.prx
VirusTotal: C:\WINDOWS\WMSysPr8.prx
Folder: C:\Users\Joas\AppData\Roaming\HSOxjhuuFZ
File: C:\Users\Joas\Downloads\9ee7854df6946440edb6512176e2a884.psd
VirusTotal: C:\Users\Joas\Downloads\9ee7854df6946440edb6512176e2a884.psd
File: C:\Users\Joas\Downloads\Pinocho-2020.mkv.torrent
VirusTotal: C:\Users\Joas\Downloads\Pinocho-2020.mkv.torrent
Folder: C:\Users\Joas\AppData\Local\rdclientwpf
Folder: C:\Users\Joas\AppData\Roaming\ktLowyrXQTFV
File: C:\Users\Joas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
File: C:\ProgramData\BrokerGround\8D_ement_FIJE.dll
VirusTotal: C:\ProgramData\BrokerGround\8D_ement_FIJE.dll
Folder: C:\ProgramData\BrokerGround
ExportKey: HKU\S-1-5-21-3306602120-4223622763-3950894931-1001\...\StartupApproved\Run: => "50474737"

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).
Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.
Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.
Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

Muy Importante Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

Salu2.