Virus doble tilde

Buenos dias:

Me gustaria pedir su ayuda en relacion con un problema que tengo en mi ordenador desde hace algunos dias, al escribir una tilde aparece una doble tilde (d´´ias).

He estado mirando por diferentes lugares de este foro y creo tener este virus del que hablais por aqui. He estado revisando diferentes post y siguiendo algunas de las recomendaciones que haceis he intentado limpiar el ordenador con diferetes programas: CCleaner, Malwarebytes y ESET. Los dos primeros me dicen que esta todo correcto. El tercero al pasarlo me da un archivo detectado que es este:

Memoria operativa	una variante de Win32/Agent.ADLM Troyano	retenido

Al eliminarlo parece funcionar, pero al rato vuelve a aparecer el mismo problema.

Tambien he visto en el foro que pedis que, mediante el uso de FRST, se creen unos informes para poder revirsarlos. He creado estos informes segun sus indicaciones y se los dejo en los mensajes siguientes, para ver si me pudieran ayudar.

Muchisimas gracias de antemano. Un saludo.

FRST.txt

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 10-12-2023
Ejecutado por sandr (administrador) sobre DESKTOP-OFBKLOM (Micro-Star International Co., Ltd MS-7B86) (12-12-2023 12:38:33)
Ejecutado desde C:\Users\sandr\Desktop\FRST64 (1).exe
Perfiles cargados: sandr
Plataforma: Microsoft Windows 10 Pro Versión 22H2 19045.3693 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) H:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Figma, Inc. -> ) C:\Users\sandr\AppData\Local\FigmaAgent\figma_agent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <36>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Notion Labs, Inc. -> Notion Labs, Inc) C:\Users\sandr\AppData\Local\Programs\Notion\Notion.exe <10>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(H:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) H:\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(rundll32.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe <5>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\WINDOWS\System32\NahimicService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_2f8ddf5a4424ef0b\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2022-02-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2591152 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [EpicGamesLauncher] => H:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [Figma Agent] => C:\Users\sandr\AppData\Local\FigmaAgent\figma_agent.exe [6806072 2023-11-29] (Figma, Inc. -> )
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [MicrosoftEdgeAutoLaunch_E6FEE7AE0FAF53EF4FD0AB3BD1E5388D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [GoogleChromeAutoLaunch_2CFF6CFF5CF895442822FC1529B5A54C] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2693920 2023-12-06] (Google LLC -> Google LLC)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [electron.app.Notion] => C:\Users\sandr\AppData\Local\Programs\Notion\Notion.exe [172729016 2023-11-22] (Notion Labs, Inc. -> Notion Labs, Inc)
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2020-12-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.71\Installer\chrmstp.exe [2023-12-07] (Google LLC -> Google LLC)
Startup: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon - Acceso directo.lnk [2021-12-10]
ShortcutTarget: ctfmon - Acceso directo.lnk -> C:\WINDOWS\System32\ctfmon.exe (Microsoft Windows -> Microsoft Corporation)

==================== Tareas programadas (Lista blanca) =================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {BCF4BAF6-D9D8-4A11-891F-33B02DF9BE3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {5CEB3009-EB11-43DD-89D2-E761F3E26787} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8A1FA7F3-8239-4C98-BE16-517D8EE92F2F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {97FC3C3E-0B17-4477-AC15-CE12B3E17C72} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "b573d8be-ba13-45a8-9016-a6099bd29a6c" --version "6.18.10838" --silent
Task: {F2F147A9-5C0E-441D-BD34-D235E67F1098} - System32\Tasks\CCleanerSkipUAC - sandr => C:\Program Files\CCleaner\CCleaner.exe [37546912 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {37533B35-DD55-4538-B356-E95ABC4E0945} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\sandr\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-12-11] (ESET, spol. s r.o. -> ESET)
Task: {68F6B8FF-B5B7-4B33-BBD3-389B59270C44} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\sandr\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-12-11] (ESET, spol. s r.o. -> ESET)
Task: {C2FD3FD7-462A-4EB8-BCF7-C8162261AD1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-11] (Google LLC -> Google LLC)
Task: {117B1FFE-40F8-43E4-B612-855D74FC3E3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-11] (Google LLC -> Google LLC)
Task: {7C8A2D5E-B83D-4306-99DF-08058856E446} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21915840 2023-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E2CF48F-C6C0-4AF7-87FE-88AD22BB9F25} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21915840 2023-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F7D5D48-A5EF-4EED-B634-F8EF15B12ACF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B5ACF5E-E0FD-4206-A547-188CC8AF42A2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {272A1B16-1417-4C89-9231-F820B34F8250} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Gsoehvggsvnzft => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-17] (Microsoft Windows -> Microsoft Corporation) -> C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd
Task: {0D3A9E64-9397-42EC-B9BE-3CA0865C1F2C} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {862621C3-FCAD-42D5-B338-48CC8BC1FCE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EDC63C3C-46DE-4B33-987F-0B4EFA87DDDC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {106F38F8-551D-47F8-A822-1BE3A07A407B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D06A21A8-2CD9-4601-9985-F93637FA8C82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42EB7484-CAEE-4E5C-829E-0C86A2A70391} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-17] (Microsoft Windows -> Microsoft Corporation)
Task: {F628B414-1EE9-4046-8445-157AF2C04E07} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-08-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B2C1DDD2-FCEA-4476-8924-BF26B52955F5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-08-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {0ECD5F2F-E917-4FF0-8F90-BAC3B26DA67D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7CAD21E8-8386-4392-B471-AE97AB74154E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {04AA00FA-177C-4671-9683-5E4643F7D0AE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D2B30F7-22B6-44BE-857F-1B00441724D5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FDC8B1C5-2AFD-4CB5-BFCD-03CED1A29B35} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F159F92C-9324-4E8C-BB2E-E808E311EAE7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66136DC0-7596-42FD-8077-7037173090C7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1D4476E7-1E92-439A-95BB-C42645D7EB9D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C62B43F-107B-49D4-ADA3-BB53E5578A15} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F79EC4F7-066D-4778-B66C-55EF2923A0DC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FD3B136-9CF6-4914-8735-1532A5C2BE03} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-461014865-3593705188-1222923112-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{fa6bef4f-f004-4a1d-8bea-b492eb84eb39}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Edge: 
=======
Edge Profile: C:\Users\sandr\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-12]
Edge Extension: (Documentos de Google sin conexión) - C:\Users\sandr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-24]
Edge Extension: (Edge relevant text changes) - C:\Users\sandr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-29]

FireFox:
========
FF DefaultProfile: ldpgh1q3.default
FF ProfilePath: C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\ldpgh1q3.default [2021-12-11]
FF ProfilePath: C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\54okn8v6.default-release [2023-12-12]
FF Session Restore: Mozilla\Firefox\Profiles\54okn8v6.default-release -> está habilitado.
FF Extension: (Qoala) - C:\Users\sandr\AppData\Roaming\Mozilla\Firefox\Profiles\54okn8v6.default-release\Extensions\{9b2a684c-a6fc-4b4c-b53b-06e53a8617c0}.xpi [2022-07-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Ningún archivo]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default [2023-12-12]
CHR Notifications: Default -> hxxps://www.tusclasesparticulares.com
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={9ED2E606-77A5-4425-A3EC-A2B56F8649E0}&mid=b094d996d72145f69bff0fdac9b9fa74-b85aaccfc4291d8a168d725b4ae5f464264c17bd&lang=es-es&ds=hk015&pr=sa&d=2013-04-17 19:45:34&v=15.0.0.2&pid=avg&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html", Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Cute Cursors - cursor personalizado) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\anflghppebdhjipndogapfagemgnlblh [2023-06-14]
CHR Extension: (Earth View from Google Earth) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2022-08-30]
CHR Extension: (SEO META in 1 CLICK) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjogjfinolnhfhkbipphpdlldadpnmhc [2022-06-28]
CHR Extension: (Adobe Acrobat: herramientas para convertir, editar y firmar PDFs) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-11-23]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
CHR Extension: (Wappalyzer - Technology profiler) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2023-11-04]
CHR Extension: (Language Reactor) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoombieeljmmljlkjmnheibnpciblicm [2021-12-11]
CHR Extension: (Player para ver Movistar+) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2021-12-11]
CHR Extension: (Momentum) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2023-12-05]
CHR Extension: (Ultra Violet) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcknjpenlfdlffeafcadkbjfodmmgdip [2022-08-30]
CHR Extension: (Speechify Text to Speech Voice Reader) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljflmlehinmoeknoonhibbjpldiijjmm [2023-12-06]
CHR Extension: (Toucan - Aprendizaje de Idiomas) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokjgaehpcnlmkebpmjiofccpklbmoci [2023-11-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-11]
CHR Extension: (Toggl Track: Productivity & Time Tracker) - C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2023-12-08]
CHR Profile: C:\Users\sandr\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-12-12]
CHR Profile: C:\Users\sandr\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-08] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9201848 2023-11-01] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-02-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncHelper.exe [3509792 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-10] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2023-12-11] (Malwarebytes Inc. -> Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1888424 2021-10-08] (A-Volute SAS -> Nahimic)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\OneDriveUpdaterService.exe [3846064 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534584 2023-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WslInstaller; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_2.0.9.0_x64__8wekyb3d8bbwe\wslinstaller.exe [2766880 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
R2 WSLService; C:\Program Files\WSL\wslservice.exe [6276528 2023-11-10] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_2f8ddf5a4424ef0b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_2f8ddf5a4424ef0b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222784 2023-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2023-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MpKslb210d477; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [221480 2023-07-30] (Microsoft Windows -> Microsoft Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute -> Windows (R) Win 7 DDK provider)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65144 2021-10-08] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl913f6aed; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69E64DFD-7D67-41A4-AE2B-30D8BDDE20EF}\MpKslDrv.sys [X]
S3 MpKslf0e918e1; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5F09A89-7205-4DCA-9996-9A736B6A2633}\MpKslDrv.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2023-12-12 12:38 - 2023-12-12 12:38 - 000029626 _____ C:\Users\sandr\Desktop\FRST.txt
2023-12-12 12:33 - 2023-12-12 12:38 - 000000000 ____D C:\FRST
2023-12-12 12:32 - 2023-12-12 12:32 - 002385408 _____ (Farbar) C:\Users\sandr\Desktop\FRST64 (1).exe
2023-12-12 12:31 - 2023-12-12 12:31 - 002385408 _____ (Farbar) C:\Users\sandr\Downloads\FRST64.exe
2023-12-12 12:06 - 2023-12-12 12:06 - 000000482 _____ C:\Users\sandr\Documents\analiss.txt
2023-12-12 11:20 - 2023-12-12 12:25 - 000001279 _____ C:\Users\sandr\Desktop\ESET Online Scanner.lnk
2023-12-12 10:46 - 2023-12-12 10:46 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2023-12-12 01:49 - 2023-12-12 01:49 - 000001058 _____ C:\Users\sandr\Documents\análisis.txt
2023-12-12 00:43 - 2023-12-12 00:43 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-12-12 00:43 - 2023-12-12 00:43 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-12-11 23:49 - 2023-12-12 10:49 - 000000000 ____D C:\Program Files\CCleaner
2023-12-11 23:49 - 2023-12-12 00:45 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-12-11 23:49 - 2023-12-12 00:11 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-12-11 23:49 - 2023-12-12 00:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-12-11 23:49 - 2023-12-11 23:49 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - sandr
2023-12-11 23:49 - 2023-12-11 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-12-11 23:47 - 2023-12-12 12:25 - 000001385 _____ C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-12-11 23:47 - 2023-12-11 23:47 - 000000000 ____D C:\Users\sandr\AppData\Local\ESET
2023-12-11 21:00 - 2023-12-11 21:00 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2023-12-11 19:36 - 2023-12-12 12:25 - 000000000 ____D C:\Users\sandr\AppData\Local\Malwarebytes
2023-12-11 19:36 - 2023-12-11 19:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-12-11 19:36 - 2023-12-11 19:36 - 000000000 ____D C:\Users\sandr\AppData\Local\mbam
2023-12-11 19:35 - 2023-12-11 19:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-12-11 19:35 - 2023-12-11 19:35 - 000000000 ____D C:\Program Files\Malwarebytes
2023-12-08 15:03 - 2023-12-08 15:03 - 000000000 ____D C:\Users\sandr\AppData\Local\BattlEye
2023-11-18 16:21 - 2023-11-18 16:21 - 000002599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSL.lnk
2023-11-18 16:21 - 2023-11-18 16:21 - 000000000 ____D C:\Program Files\WSL
2023-11-17 16:16 - 2023-11-17 16:16 - 000000000 ___HD C:\$WinREAgent

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2023-12-12 12:38 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-12 12:35 - 2021-12-11 17:23 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Notion
2023-12-12 12:25 - 2021-12-26 18:34 - 000000000 ____D C:\Users\sandr\AppData\Local\CrashDumps
2023-12-12 12:25 - 2021-12-11 12:15 - 000000000 ____D C:\ProgramData\NVIDIA
2023-12-12 11:44 - 2022-12-12 15:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-12 11:44 - 2021-12-11 12:34 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-12 11:00 - 2021-06-20 23:42 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-12-12 10:54 - 2022-12-13 12:20 - 002259254 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-12 10:54 - 2022-12-12 15:28 - 000450922 _____ C:\WINDOWS\system32\perfh011.dat
2023-12-12 10:54 - 2022-12-12 15:28 - 000124894 _____ C:\WINDOWS\system32\perfc011.dat
2023-12-12 10:54 - 2019-12-07 15:55 - 000752316 _____ C:\WINDOWS\system32\perfh00A.dat
2023-12-12 10:54 - 2019-12-07 15:55 - 000147994 _____ C:\WINDOWS\system32\perfc00A.dat
2023-12-12 10:54 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-12 10:49 - 2021-06-20 22:23 - 000000000 ___RD C:\Users\sandr\OneDrive
2023-12-12 10:47 - 2022-12-12 15:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-12 10:47 - 2021-06-20 22:16 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-12 10:47 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-12 01:23 - 2022-12-12 15:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-12 00:46 - 2021-12-13 21:23 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Microsoft\Word
2023-12-12 00:16 - 2023-04-15 15:28 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Microsoft\Teams
2023-12-12 00:16 - 2021-12-11 12:27 - 000000000 ____D C:\Users\sandr\AppData\Roaming\discord
2023-12-12 00:16 - 2021-08-26 11:32 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-12-12 00:16 - 2021-06-20 22:20 - 000000000 ___SD C:\Users\sandr\AppData\Roaming\Microsoft\Credentials
2023-12-11 23:51 - 2022-12-14 11:38 - 000000000 ____D C:\WINDOWS\Minidump
2023-12-11 23:51 - 2022-11-22 12:16 - 000000000 ___DC C:\WINDOWS\Panther
2023-12-11 23:51 - 2022-02-12 13:21 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-11 22:46 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-11 21:24 - 2022-02-06 14:29 - 000000000 ____D C:\Users\sandr\AppData\Local\Spotify
2023-12-11 21:22 - 2022-02-06 14:29 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Spotify
2023-12-11 21:10 - 2021-12-11 12:34 - 000000000 ____D C:\Users\sandr\AppData\Local\Google
2023-12-11 20:42 - 2021-12-11 12:29 - 000000000 ____D C:\Users\sandr\AppData\Local\D3DSCache
2023-12-11 20:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-11 20:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-11 19:39 - 2022-01-29 19:25 - 000000000 ____D C:\Users\sandr\AppData\Roaming\uTorrent Web
2023-12-11 19:39 - 2022-01-29 19:25 - 000000000 ____D C:\Users\sandr\AppData\Local\BitTorrentHelper
2023-12-11 19:36 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-12-10 22:22 - 2022-12-12 15:45 - 000000000 ____D C:\Users\sandr
2023-12-10 15:43 - 2023-10-24 18:00 - 000000000 ____D C:\Users\sandr\AppData\Roaming\paradox-launcher-v2
2023-12-09 22:55 - 2022-01-29 20:57 - 000000000 ____D C:\Users\sandr\AppData\Roaming\EasyAntiCheat
2023-12-09 12:48 - 2021-06-20 22:16 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-09 12:41 - 2023-05-21 16:01 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2023-12-08 16:37 - 2021-12-11 12:27 - 000000000 ____D C:\Users\sandr\AppData\Local\Discord
2023-12-08 15:03 - 2021-12-11 12:44 - 000000000 ____D C:\Users\sandr\AppData\Local\UnrealEngine
2023-12-08 11:14 - 2021-12-22 21:49 - 000000000 ____D C:\Users\sandr\AppData\Local\PlaceholderTileLogoFolder
2023-12-08 11:14 - 2021-12-11 12:24 - 000000000 ____D C:\Users\sandr\AppData\Local\Packages
2023-12-08 11:14 - 2021-12-11 12:24 - 000000000 ____D C:\ProgramData\Packages
2023-12-07 21:44 - 2021-12-11 12:35 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-07 11:39 - 2022-12-12 15:50 - 000003916 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-07 11:39 - 2022-12-12 15:50 - 000003792 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-06 13:03 - 2021-12-11 12:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-12-04 01:18 - 2022-07-06 11:54 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Code
2023-12-04 01:11 - 2022-07-06 11:54 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2023-11-28 20:20 - 2023-03-01 14:27 - 000000000 ____D C:\Users\sandr\AppData\Roaming\GitHub Desktop
2023-11-24 14:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-11-23 22:42 - 2023-03-01 14:27 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2023-11-23 22:42 - 2023-03-01 14:27 - 000000000 ____D C:\Users\sandr\AppData\Local\GitHubDesktop
2023-11-19 11:52 - 2023-04-15 15:28 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-11-18 22:14 - 2023-04-14 20:28 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-11-18 22:14 - 2023-04-14 20:28 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-18 22:14 - 2022-12-12 15:50 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-461014865-3593705188-1222923112-1001
2023-11-18 16:20 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-18 16:18 - 2022-12-12 15:44 - 000585536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-18 16:16 - 2023-03-02 15:11 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2023-11-18 16:16 - 2022-12-12 15:44 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-11-18 16:16 - 2022-12-12 15:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2023-11-18 16:16 - 2022-12-12 15:29 - 000000000 ____D C:\WINDOWS\en-GB
2023-11-18 16:16 - 2022-12-12 15:28 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2023-11-18 16:16 - 2022-12-12 15:28 - 000000000 ____D C:\WINDOWS\system32\ja
2023-11-18 16:16 - 2019-12-07 15:58 - 000000000 ___SD C:\WINDOWS\system32\AppV
2023-11-18 16:16 - 2019-12-07 15:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-18 16:16 - 2019-12-07 15:58 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-11-18 16:16 - 2019-12-07 15:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-18 16:16 - 2019-12-07 15:55 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2023-11-18 16:16 - 2019-12-07 15:55 - 000000000 ____D C:\WINDOWS\system32\es
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-18 16:16 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-18 16:16 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-17 16:30 - 2019-12-07 15:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-17 16:30 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-17 16:30 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-17 16:25 - 2021-06-20 21:51 - 000416138 __RSH C:\bootmgr
2023-11-17 16:24 - 2022-12-12 15:45 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-17 16:16 - 2021-12-11 21:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-17 16:14 - 2021-12-11 21:31 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-17 00:30 - 2022-04-24 17:42 - 000000000 ____D C:\Users\sandr\AppData\Local\Steam
2023-11-17 00:28 - 2023-04-14 20:26 - 000000000 ____D C:\Program Files\Microsoft Office

==================== Archivos en la raíz de algunos directorios ========

2023-02-25 20:58 - 2023-02-25 20:58 - 000000000 _____ () C:\ProgramData\39765515438930886819.exe
2023-02-25 19:19 - 2023-02-25 19:19 - 000000000 _____ () C:\ProgramData\70268291777959698464.exe
2021-12-12 01:25 - 2023-07-04 09:04 - 000000309 _____ () C:\Users\sandr\AppData\Local\oobelibMkey.log
2022-04-30 17:31 - 2022-04-30 17:31 - 000000000 _____ () C:\Users\sandr\AppData\Local\{40B8EF68-5C44-4FC6-8103-7BA1CC200773}

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================

Addition.txt

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 10-12-2023
Ejecutado por sandr (12-12-2023 12:39:24)
Ejecutado desde C:\Users\sandr\Desktop
Microsoft Windows 10 Pro Versión 22H2 19045.3693 (X64) (2022-12-13 11:13:47)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-461014865-3593705188-1222923112-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-461014865-3593705188-1222923112-503 - Limited - Disabled)
Invitado (S-1-5-21-461014865-3593705188-1222923112-501 - Limited - Disabled)
sandr (S-1-5-21-461014865-3593705188-1222923112-1001 - Administrator - Enabled) => C:\Users\sandr
WDAGUtilityAccount (S-1-5-21-461014865-3593705188-1222923112-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_1) (Version: 17.0.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_3) (Version: 14.0.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_5) (Version: 22.5.0.384 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.18 - Piriform)
Comprobación de estado de PC Windows (HKLM\...\{8B474A92-CE3A-4F46-B6F1-6DFA1390F826}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Discord (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{F4793223-C6D6-4B99-ACF2-75C066D278BC}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Figma (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Figma) (Version: 116.6.3 - Figma, Inc.)
Figma Agent (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\FigmaAgent) (Version: 116.15.4 - Figma, Inc.)
Git (HKLM\...\Git_is1) (Version: 2.39.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\GitHubDesktop) (Version: 3.3.5 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.71 - Google LLC)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IntelliJ IDEA Community Edition 2022.2.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2022.2.1) (Version: 222.3739.54 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes)
Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.61 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - es-es (HKLM\...\ProPlus2021Volume - es-es) (Version: 16.0.14332.20604 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Project Profesional 2021 - es-es (HKLM\...\ProjectPro2021Volume - es-es) (Version: 16.0.14332.20604 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2021 - es-es (HKLM\...\VisioPro2021Volume - es-es) (Version: 16.0.14332.20604 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.84.2 - Microsoft Corporation)
Miro (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\RealtimeBoard) (Version: 0.7.26 - Miro)
Mozilla Firefox (x64 es-ES) (HKLM\...\Mozilla Firefox 115.0 (x64 es-ES)) (Version: 115.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0 - Mozilla)
MSYS2 (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\{95b1ce10-28e4-4219-96d3-c60c949491d4}) (Version: 20230718 - The MSYS2 Developers)
Notion 2.0.47 (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.47 - Notion Labs, Inc)
Notion 3.0.0 (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.0.0 - Notion Labs, Inc)
NVIDIA Controlador de audio HD 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 528.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 528.49 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20604 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20604 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.14332.20546 - Microsoft Corporation) Hidden
OpenOffice 4.1.12 (HKLM-x32\...\{845E82AF-3C9E-4E36-ABC4-260A7C8E9197}) (Version: 4.112.9809 - Apache Software Foundation)
Paradox Launcher v2 (HKLM\...\{A6BD1EEF-115E-4833-9094-8B9B84E1810A}) (Version: 2.4.0 - Paradox Interactive)
Python 3.10.5 (64-bit) (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
Spotify (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\Spotify) (Version: 1.2.26.1187.g36b715a1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\utweb) (Version: 1.4.0 - Rainberry, Inc.)
UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.61 - Microsoft Corporation)
Windows Subsystem for Linux (HKLM\...\{408A5C50-34F2-4025-968E-A21D6A515D48}) (Version: 2.0.9.0 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-10-31] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa [2023-10-31] (Apple Inc.) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-10-31] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.1129.0_x64__8wekyb3d8bbwe [2023-12-08] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-07] (Microsoft Studios) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.3.49.0_x64__79rhkp1fndgsc [2023-12-05] (Canonical Group Limited)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-461014865-3593705188-1222923112-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\sandr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-02-04] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-02-04] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-02-04] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-02-04] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-12-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncShell64.dll [2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_2f8ddf5a4424ef0b\nvshext.dll [2023-02-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-02-04] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-12-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Accesos directos & WMI ========================

==================== Módulos cargados (Lista blanca) =============

0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Acceso Denegado] C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
2020-12-07 20:24 - 2020-12-07 20:24 - 000021504 _____ (Adobe Systems Inc.) [Archivo no firmado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5988]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\sharepoint.com -> hxxps://unedo365-files.sharepoint.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2023-02-15 10:51 - 2023-02-15 10:51 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\msys64\mingw64\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Git\cmd
HKU\S-1-5-21-461014865-3593705188-1222923112-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sandr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\6503358.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{E4B90B58-8421-4446-A4C8-4258BA8F42FA}] => (Allow) H:\Steam\steamapps\common\FPSAimTrainer\FPSAimTrainer.exe (Epic Games, Inc.) [Archivo no firmado]
FirewallRules: [{A524B402-0682-4D99-9B92-825BFFDAF837}] => (Allow) H:\Steam\steamapps\common\FPSAimTrainer\FPSAimTrainer.exe (Epic Games, Inc.) [Archivo no firmado]
FirewallRules: [UDP Query User{F3DD1C88-0AED-42A5-B873-ED759B901D2E}C:\users\sandr\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9006\discord.exe => Ningún archivo
FirewallRules: [TCP Query User{215BB9F5-BA09-4E41-A76A-B19F08795FAF}C:\users\sandr\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9006\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{C2D8B7AC-647C-4241-88DF-B84E987E9190}C:\users\sandr\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\sandr\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0816C3C4-DC7B-43D1-92A6-9FA0F77C2FFC}C:\users\sandr\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\sandr\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{86C4090A-AD67-4C11-A2E4-C02094C15523}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [TCP Query User{44275B09-D1F1-4733-9D23-E2ACACC5E42D}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [{54EEC14F-4517-46BA-A8FE-17ABCADBE3D6}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [{2EDE7908-FA76-4554-876B-1BCB0C490807}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [{0E65E46E-5E71-42A4-A408-41DEF81A8B1E}] => (Allow) H:\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{1D8D5477-80A8-42E8-AAF3-24A4E398CEA3}] => (Allow) H:\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0D695792-B0D8-4754-8A20-5ABEB04A0777}] => (Allow) H:\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{98879B3A-1807-4F4E-8E72-DFA6CA8A9D0B}] => (Allow) H:\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{52E0B577-751F-4902-94FF-81B7185B2DE6}] => (Allow) H:\Steam\steamapps\common\Commandos 3 Destination Berlin\Legacy\Commandos3.exe () [Archivo no firmado]
FirewallRules: [{62BA59E4-24DE-4ACC-93F0-D01628C6846B}] => (Allow) H:\Steam\steamapps\common\Commandos 3 Destination Berlin\Legacy\Commandos3.exe () [Archivo no firmado]
FirewallRules: [{C0FF3E08-09A7-411C-AAFF-569FCF30513C}] => (Allow) H:\Steam\steamapps\common\Commandos 3 Destination Berlin\Commandos3.exe () [Archivo no firmado]
FirewallRules: [{B2D1C583-B96B-4873-9429-C28D669329BA}] => (Allow) H:\Steam\steamapps\common\Commandos 3 Destination Berlin\Commandos3.exe () [Archivo no firmado]
FirewallRules: [{29B20498-9538-4D35-A36E-2E5C9B015660}] => (Allow) H:\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe () [Archivo no firmado]
FirewallRules: [{39D875C9-3D0E-4467-838F-A4346976C2A8}] => (Allow) H:\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe () [Archivo no firmado]
FirewallRules: [{BE25F344-942A-42D5-A025-2D02FC7B94B5}] => (Allow) H:\Steam\steamapps\common\Commandos 2 Men of Courage\Comm2.exe () [Archivo no firmado]
FirewallRules: [{CB8B8A7A-9120-4AB4-9214-5B842C6928DF}] => (Allow) H:\Steam\steamapps\common\Commandos 2 Men of Courage\Comm2.exe () [Archivo no firmado]
FirewallRules: [{B35D9B20-B439-471A-BB3F-5E3DA915B676}] => (Allow) H:\Steam\steamapps\common\Commandos Beyond the Call of Duty\Legacy\coman_mp.exe () [Archivo no firmado]
FirewallRules: [{03B409FA-A8EF-4365-B3DC-77A9B056B672}] => (Allow) H:\Steam\steamapps\common\Commandos Beyond the Call of Duty\Legacy\coman_mp.exe () [Archivo no firmado]
FirewallRules: [{63BCE0DE-95F9-400E-BC4B-631D99FD706C}] => (Allow) H:\Steam\steamapps\common\Commandos Beyond the Call of Duty\coman_mp.exe () [Archivo no firmado]
FirewallRules: [{CF57EC87-9590-4112-B83C-D6BB5B1BD7E4}] => (Allow) H:\Steam\steamapps\common\Commandos Beyond the Call of Duty\coman_mp.exe () [Archivo no firmado]
FirewallRules: [{35495944-608E-4B77-80BF-0E61EC26F93D}] => (Allow) H:\Steam\steamapps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe () [Archivo no firmado]
FirewallRules: [{9E958E15-6F4F-49DE-99AA-A04A0AD3B6F5}] => (Allow) H:\Steam\steamapps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe () [Archivo no firmado]
FirewallRules: [{DEED8D1F-C982-4AC9-98F6-E9577267AD8D}] => (Allow) H:\Steam\steamapps\common\Commandos Behind Enemy Lines\Comandos.exe () [Archivo no firmado]
FirewallRules: [{9BDAF149-450B-4AC8-8C57-713DD443A3E1}] => (Allow) H:\Steam\steamapps\common\Commandos Behind Enemy Lines\Comandos.exe () [Archivo no firmado]
FirewallRules: [{25AAE265-DC18-495A-B2B9-DD2A140203F1}] => (Allow) H:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B1B1FF3A-5A03-475B-8A0A-8EE3FEF339F4}] => (Allow) H:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{78CCEBA1-1021-41E8-96EE-5CC217B77520}] => (Allow) H:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E269A834-DA61-4A93-B16B-8CFAA4CC27C8}] => (Allow) H:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{709CBDAC-49DD-43AF-8395-E5F15511CE9E}H:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) H:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CEA7FEBF-3B68-4B73-AE1A-87077ADE82B4}H:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) H:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B14A7305-3EDF-4AAE-AE4C-29F4FF4D54D2}H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{5EDCA0F9-D5BF-4603-923E-267BE9E59F65}H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{58B829F7-81CA-4C00-BD6A-17D76D630125}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7329A8DA-13B2-403A-A417-7B4A7F5438A8}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [UDP Query User{0DAF8628-D6A5-45A7-A766-D939CFE335A9}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [TCP Query User{00F74842-61F2-41D6-B8B7-3689FDC131FD}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [UDP Query User{4F94DADA-DEFC-4513-869C-B140802D0E19}C:\users\sandr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sandr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{E14A79A9-E56A-4C02-BB10-73B359874D9E}C:\users\sandr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sandr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{CFD6E2CF-9C37-4D09-AD6B-DC625BFF9935}C:\users\sandr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sandr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{E472D8BE-BC3B-4C1A-9ED9-4A21267C7234}C:\users\sandr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sandr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8413F882-6B0E-44EB-8DE7-3E0AF2D9D3E8}H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3F0D9097-6B5D-4534-A620-D1D1D9261F8E}H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) H:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9D2500C5-DE90-48B1-9B46-E57F42E4E95B}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{6E5526D7-8709-4ABE-B1BA-553001D780E8}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [UDP Query User{C7462A72-1A7F-4F4A-B6B0-01EC85B018BC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [TCP Query User{4C3C69EB-7E63-4329-86A0-9220E350C14C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [UDP Query User{8624C5C8-6015-4E10-AC5F-E4993C9B888A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E4CC0E17-0261-41A8-8360-3EE20393A53E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{41BACF98-2D9A-4C19-9346-EC609ABEABC2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{7C946EB1-0A9C-46DC-886F-67032823F04A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{C23885C7-1BEF-4F33-AABF-EEA580CCABC0}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [TCP Query User{EB7F268B-B32F-4AD0-8ADA-8A51D366EE0A}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [{9E5F5B2F-A852-4F75-A421-698648A4D06E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7664E220-955A-4FB4-9253-D2899FD97BC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7F60E6AD-C73E-463D-8F45-82E5DA1684FB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3F08C248-AD85-480B-8B88-0056414A5FC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6F3C984D-BC45-4125-AB73-C048732EE076}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{143EA456-2C0F-4611-926B-178ACA4645E4}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [{62B6F40E-83F7-40FC-8B77-96EF07C76DF3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA8B384A-B4DA-4D59-AF0A-2721CA6863FE}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{9FF62CD7-2CA2-47DA-AFA0-D9F1296C2C62}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{32199BD1-5A8C-4026-8D19-8D159CD13EAE}] => (Allow) G:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Archivo no firmado]
FirewallRules: [{C5D622AA-3B4C-4A5D-8BFA-9AFA70C7C02A}] => (Allow) G:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [Archivo no firmado]
FirewallRules: [{382FEE20-3E63-4266-92D1-19DBD42B4EBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{44F4469C-3F62-4CB9-9996-FEA2659EBF69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{58E0F9F2-1B70-4671-AFB1-D30B90A3E0E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B2C9D8A6-F2E1-496A-9D4A-CE28B3568C2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CC763124-F673-4501-960F-ADFD44D89D14}] => (Allow) G:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{919064D5-3510-47DF-943B-666C18121263}] => (Allow) G:\SteamLibrary\steamapps\common\Cities Skylines II\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F28BCAF7-631A-4269-B53C-7B6724FF04A1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B1592463-BD75-408B-897C-522C32643E03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{3A4C25BA-29D8-4495-B99F-C57A0FE37184}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1CCB062C-EC4A-42A3-9586-3065DA7FAD18}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{534B8526-56DC-41D4-95FA-8E21CB1E9CCA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4C44224F-3D52-4D0E-A9A0-100B6D0E811B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{315D6B71-1A78-4F66-A603-18B850673809}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B393A98B-CBD2-424C-8C4E-0D715CACB770}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12130.9.2003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2DE6BEAC-7B0F-4FEE-9286-0AEAE85958D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B9303BB-22BE-46ED-AD4E-7464C1E85D9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21E7AC1F-BAC1-42C7-BE1C-4B22228BA7FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6150E791-C71C-464F-A453-A308E28D73C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AF68AD97-6D54-4235-8A86-9FAE00222CC2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe => Ningún archivo
FirewallRules: [{B607ADAB-C2FA-4E08-BD96-187094518095}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE3BBFBB-C878-43C9-851C-4C00D7B5799F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A1C8A550-07A3-4F6B-912F-0E43456359A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2BED6DD-8634-4AD4-B868-DE21674FA657}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2E279AF-81AA-46F0-8BE3-2467FB25F3E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

11-12-2023 21:17:50 Removed Eclipse Temurin JDK con Hotspot 17.0.5+8 (x64)

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (12/12/2023 12:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SecHealthUI.exe, versión: 10.0.19041.3636, marca de tiempo: 0xb4232a25
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.19041.3636, marca de tiempo: 0x326edcef
Código de excepción: 0xc000027b
Desplazamiento de errores: 0x000000000012db22
Identificador del proceso con errores: 0x1e38
Hora de inicio de la aplicación con errores: 0x01da2cedd41ce647
Ruta de acceso de la aplicación con errores: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: 2e5f826a-8b21-40e5-9f4f-5df77f4daae5
Nombre completo del paquete con errores: Microsoft.Windows.SecHealthUI_10.0.19041.3636_neutral__cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: SecHealthUI

Error: (12/12/2023 10:46:10 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: Error en el proceso crítico del sistema C:\WINDOWS\system32\lsass.exe con código de estado c0000005. El equipo debe reiniciarse ahora.

Error: (12/12/2023 10:45:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: lsass.exe, versión: 10.0.19041.3636, marca de tiempo: 0x4aaafe3f
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.19041.3636, marca de tiempo: 0x326edcef
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000051882
Identificador del proceso con errores: 0x398
Hora de inicio de la aplicación con errores: 0x01da2c8c284268a5
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\lsass.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll
Identificador del informe: f2ed9a02-fe03-4825-8fc7-2d8544476f5e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


Errores del sistema:
=============
Error: (12/12/2023 12:29:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SASDIFSV no pudo iniciarse debido al siguiente error: 
Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (12/12/2023 12:29:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SASKUTIL no pudo iniciarse debido al siguiente error: 
Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (12/12/2023 12:29:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SASKUTIL no pudo iniciarse debido al siguiente error: 
Windows no puede comprobar la firma digital en este archivo. Un cambio reciente en el hardware o en el software podría haber instalado un archivo con una firma incorrecta o dañada, o podría también tratarse de un software malintencionado proveniente de un origen desconocido.

Error: (12/12/2023 11:50:07 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: No se pudo crear un nuevo trabajo de BITS. El recuento actual de trabajos del usuario DESKTOP-OFBKLOM\sandr (60) es mayor o igual al límite de trabajos (60) especificado mediante la directiva de grupo. Para corregir el problema, complete o cancele los trabajos de BITS que no hayan progresado (indicados en el error) y reinicie el servicio BITS. Si se repite el error, póngase en contacto con el administrador del sistema y aumente los límites de trabajos de la directiva de grupo por usuario y por equipo.

Error: (12/12/2023 11:25:44 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: No se pudo crear un nuevo trabajo de BITS. El recuento actual de trabajos del usuario DESKTOP-OFBKLOM\sandr (60) es mayor o igual al límite de trabajos (60) especificado mediante la directiva de grupo. Para corregir el problema, complete o cancele los trabajos de BITS que no hayan progresado (indicados en el error) y reinicie el servicio BITS. Si se repite el error, póngase en contacto con el administrador del sistema y aumente los límites de trabajos de la directiva de grupo por usuario y por equipo.

Error: (12/12/2023 11:20:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (12/12/2023 11:20:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\sandr\AppData\Local\Temp\ehdrv.sys

Error: (12/12/2023 11:20:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


Windows Defender:
================
Date: 2023-12-11 19:37:22
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {3F42DE64-5C2A-4EAF-A344-317A08EE27E7}
Tipo de examen: Antimalware
Parámetros de examen: Examen completo
Usuario: DESKTOP-OFBKLOM\sandr

Date: 2023-12-08 18:30:27
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {B8AA4DD2-48B1-46A4-8E8F-1B4A22D7AD5B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2023-12-07 14:23:53
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {AFE52E46-7374-476C-96B0-8AA4ECF8BEC2}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2023-12-01 00:45:48
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {0E4412FA-9669-4A12-9C42-03B20230B8DF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2023-11-07 20:51:33
Description: 
El examen de Antivirus de Microsoft Defender se detuvo antes de completarse.
Id. de examen: {2226544F-C4E3-40DF-B3A4-8E78FB2DB1EF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-12-05 22:48:28
Description: 
el motor de Antivirus de Microsoft Defender ha terminado debido a un error inesperado. 
Tipo de error:  Bloqueo
Código de excepción:  0xc0000005
Recurso:  
Código de motor:  0

Date: 2023-12-05 22:46:21
Description: 
el motor de Antivirus de Microsoft Defender ha terminado debido a un error inesperado. 
Tipo de error:  Bloqueo
Código de excepción:  0xc0000005
Recurso:  
Código de motor:  0

Date: 2023-12-05 22:44:14
Description: 
el motor de Antivirus de Microsoft Defender ha terminado debido a un error inesperado. 
Tipo de error:  Bloqueo
Código de excepción:  0xc0000005
Recurso:  
Código de motor:  0

Date: 2023-12-05 22:42:06
Description: 
el motor de Antivirus de Microsoft Defender ha terminado debido a un error inesperado. 
Tipo de error:  Bloqueo
Código de excepción:  0xc0000005
Recurso:  
Código de motor:  0

Date: 2023-12-05 22:39:59
Description: 
el motor de Antivirus de Microsoft Defender ha terminado debido a un error inesperado. 
Tipo de error:  Bloqueo
Código de excepción:  0xc0000005
Recurso:  
Código de motor:  0

CodeIntegrity:
===============
Date: 2023-12-12 12:29:39
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SUPERAntiSpyware\sasdifsv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-12-12 12:29:38
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SUPERAntiSpyware\saskutil64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-12-12 12:24:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Información de la memoria =========================== 

BIOS: American Megatrends Inc. H.50 11/07/2019
Placa base: Micro-Star International Co., Ltd B450 GAMING PLUS MAX (MS-7B86)
Procesador: AMD Ryzen 5 3600X 6-Core Processor 
Porcentaje de memoria en uso: 46%
RAM física total: 16334.91 MB
RAM física disponible: 8742.12 MB
Virtual total: 28110.91 MB
Virtual disponible: 17056.68 MB

==================== Unidades ================================

Drive c: (ESD-ISO) (Fixed) (Total:223.02 GB) (Free:82.85 GB) (Model: OCZ-TRION150) NTFS ==>[unidad con componentes de arranque (obtenido de BCD)]
Drive f: (Disco 2) (Fixed) (Total:467.21 GB) (Free:309.83 GB) (Model: WDC WD20EARX-32PASB0) NTFS
Drive g: () (Fixed) (Total:1863.02 GB) (Free:1440.61 GB) (Model: WDC WD1001FALS-00J7B1) NTFS
Drive h: (Disco 3) (Fixed) (Total:464.16 GB) (Free:292.59 GB) (Model: WDC WD20EARX-32PASB0) NTFS

\\?\Volume{0013a57a-0000-0000-0000-60c137000000}\ () (Fixed) (Total:0.55 GB) (Free:0.11 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D26ED26E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 0013A57A)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=561 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E34E1193)

Partition: GPT.

==================== Final de Addition.txt =======================

Hola buenas @Sandryvets

Primero de todo, disculpa en que no hayas recibido respuesta/ayuda en tu tema.

¿Sigues necesitando ayuda acerca del problema qué comentaste inicialmente en este tema?

Si es así, dímelo y por mi parte a partir del 16 de Enero podré seguir atendiendo tu caso. Puede que antes, pero el 16 de Enero. Seguro.

Debo decirte que este tipo de malware si no es con FARBAR o similares, la gran mayoría de veces no puede eliminarse así como así y tiene su dificultad.

Salu2.

Hola, si sigo con la misma dificultad. No hay ningun problema, esperare lo que haga falta. Muchisimas gracias por contestar.

Hola buenas @Sandryvets

De nada. Estoy analizando los informes…

En pronto traigo respuesta.

Salu2.

Hola, buenas @Sandryvets

Ya lo tengo.

PREGUNTAS

Esta máquina la utiliza también un usuario con un perfil tecnológico elevado por lo que he observado . Tipo programador/programadora o algo similar por el estilo ¿Cierto?

He detectado en tu equipo los siguientes antivirus instalados:

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Todo y que por el log me lo imagino… ¿Pero qué antivirus utilizas actualmente en tu equipo como protección residente? ¿Y qué Firewall?

DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con el nombre de uTorrent Web.

Pues en tu caso tienes instalados los siguientes:

uTorrent Web (HKU\S-1-5-21-461014865-3593705188-1222923112-1001\...\utweb) (Version: 1.4.0 - Rainberry, Inc.)

Estos deben de quedar completamente desinstalados.

Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

• Reinicias el ordenador en Modo Normal.

• Descargas DelFix en tu escritorio.

• Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

• Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

• Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

• Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
File: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll;C:\ProgramData\39765515438930886819.exe;C:\ProgramData\70268291777959698464.exe;C:\Users\sandr\AppData\Local\oobelibMkey.log
VirusTotal: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll;C:\ProgramData\39765515438930886819.exe;C:\ProgramData\70268291777959698464.exe;C:\Users\sandr\AppData\Local\oobelibMkey.log
Folder: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall
Folder: C:\bootmgr

Unlock: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
Task: {272A1B16-1417-4C89-9231-F820B34F8250} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Gsoehvggsvnzft => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-17] (Microsoft Windows -> Microsoft Corporation) -> C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Acceso Denegado] C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Ningún archivo]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={9ED2E606-77A5-4425-A3EC-A2B56F8649E0}&mid=b094d996d72145f69bff0fdac9b9fa74-b85aaccfc4291d8a168d725b4ae5f464264c17bd&lang=es-es&ds=hk015&pr=sa&d=2013-04-17 19:45:34&v=15.0.0.2&pid=avg&sg=&sap=hp
S3 MpKsl913f6aed; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69E64DFD-7D67-41A4-AE2B-30D8BDDE20EF}\MpKslDrv.sys [X]
S3 MpKslf0e918e1; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5F09A89-7205-4DCA-9996-9A736B6A2633}\MpKslDrv.sys [X]
2023-12-11 21:00 - 2023-12-11 21:00 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2023-11-17 16:16 - 2023-11-17 16:16 - 000000000 ___HD C:\$WinREAgent
2023-02-25 20:58 - 2023-02-25 20:58 - 000000000 _____ () C:\ProgramData\39765515438930886819.exe
2023-02-25 19:19 - 2023-02-25 19:19 - 000000000 _____ () C:\ProgramData\70268291777959698464.exe
2022-04-30 17:31 - 2022-04-30 17:31 - 000000000 _____ () C:\Users\sandr\AppData\Local\{40B8EF68-5C44-4FC6-8103-7BA1CC200773}
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5988]
2023-02-15 10:51 - 2023-02-15 10:51 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
FirewallRules: [UDP Query User{86C4090A-AD67-4C11-A2E4-C02094C15523}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [TCP Query User{44275B09-D1F1-4733-9D23-E2ACACC5E42D}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [{54EEC14F-4517-46BA-A8FE-17ABCADBE3D6}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [{2EDE7908-FA76-4554-876B-1BCB0C490807}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [UDP Query User{0DAF8628-D6A5-45A7-A766-D939CFE335A9}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [TCP Query User{00F74842-61F2-41D6-B8B7-3689FDC131FD}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [{9D2500C5-DE90-48B1-9B46-E57F42E4E95B}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{6E5526D7-8709-4ABE-B1BA-553001D780E8}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [UDP Query User{C7462A72-1A7F-4F4A-B6B0-01EC85B018BC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [TCP Query User{4C3C69EB-7E63-4329-86A0-9220E350C14C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [UDP Query User{41BACF98-2D9A-4C19-9346-EC609ABEABC2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{7C946EB1-0A9C-46DC-886F-67032823F04A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{C23885C7-1BEF-4F33-AABF-EEA580CCABC0}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [TCP Query User{EB7F268B-B32F-4AD0-8ADA-8A51D366EE0A}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [TCP Query User{6F3C984D-BC45-4125-AB73-C048732EE076}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{143EA456-2C0F-4611-926B-178ACA4645E4}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [{BA8B384A-B4DA-4D59-AF0A-2721CA6863FE}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{9FF62CD7-2CA2-47DA-AFA0-D9F1296C2C62}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{AF68AD97-6D54-4235-8A86-9FAE00222CC2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe => Ningún archivo

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

Muy Importante Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

Hola, Sí, este ordenador lo usan varias personas de la casa. Y una de ellas esta aprendiendo programación. Creo que actualmente solo usamos el Windows Defender. Lo demás se instaló a raíz de este problema. He estado probando un rato el ordenador y parece que ya ha desaparecido el problema. Igualmente te dejo en el siguiente comentario el reporte que me has pedido.

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 23.01.2024
Ejecutado por sandr (23-01-2024 18:23:56) Run:1
Ejecutado desde C:\Users\sandr\Desktop
Perfiles cargados: sandr
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
File: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll;C:\ProgramData\39765515438930886819.exe;C:\ProgramData\70268291777959698464.exe;C:\Users\sandr\AppData\Local\oobelibMkey.log
VirusTotal: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll;C:\ProgramData\39765515438930886819.exe;C:\ProgramData\70268291777959698464.exe;C:\Users\sandr\AppData\Local\oobelibMkey.log
Folder: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall
Folder: C:\bootmgr

Unlock: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
Task: {272A1B16-1417-4C89-9231-F820B34F8250} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Gsoehvggsvnzft => C:\WINDOWS\system32\RUNDLL32.EXE [71680 2023-11-17] (Microsoft Windows -> Microsoft Corporation) -> C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () [Acceso Denegado] C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Ningún archivo]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={9ED2E606-77A5-4425-A3EC-A2B56F8649E0}&mid=b094d996d72145f69bff0fdac9b9fa74-b85aaccfc4291d8a168d725b4ae5f464264c17bd&lang=es-es&ds=hk015&pr=sa&d=2013-04-17 19:45:34&v=15.0.0.2&pid=avg&sg=&sap=hp
S3 MpKsl913f6aed; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69E64DFD-7D67-41A4-AE2B-30D8BDDE20EF}\MpKslDrv.sys [X]
S3 MpKslf0e918e1; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5F09A89-7205-4DCA-9996-9A736B6A2633}\MpKslDrv.sys [X]
2023-12-11 21:00 - 2023-12-11 21:00 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2023-11-17 16:16 - 2023-11-17 16:16 - 000000000 ___HD C:\$WinREAgent
2023-02-25 20:58 - 2023-02-25 20:58 - 000000000 _____ () C:\ProgramData\39765515438930886819.exe
2023-02-25 19:19 - 2023-02-25 19:19 - 000000000 _____ () C:\ProgramData\70268291777959698464.exe
2022-04-30 17:31 - 2022-04-30 17:31 - 000000000 _____ () C:\Users\sandr\AppData\Local\{40B8EF68-5C44-4FC6-8103-7BA1CC200773}
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5988]
2023-02-15 10:51 - 2023-02-15 10:51 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
FirewallRules: [UDP Query User{86C4090A-AD67-4C11-A2E4-C02094C15523}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [TCP Query User{44275B09-D1F1-4733-9D23-E2ACACC5E42D}C:\program files (x86)\node.exe] => (Allow) C:\program files (x86)\node.exe => Ningún archivo
FirewallRules: [{54EEC14F-4517-46BA-A8FE-17ABCADBE3D6}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [{2EDE7908-FA76-4554-876B-1BCB0C490807}] => (Allow) C:\Users\sandr\Downloads\icarefone.exe => Ningún archivo
FirewallRules: [UDP Query User{0DAF8628-D6A5-45A7-A766-D939CFE335A9}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [TCP Query User{00F74842-61F2-41D6-B8B7-3689FDC131FD}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe] => (Allow) C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe => Ningún archivo
FirewallRules: [{9D2500C5-DE90-48B1-9B46-E57F42E4E95B}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{6E5526D7-8709-4ABE-B1BA-553001D780E8}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [UDP Query User{C7462A72-1A7F-4F4A-B6B0-01EC85B018BC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [TCP Query User{4C3C69EB-7E63-4329-86A0-9220E350C14C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Ningún archivo
FirewallRules: [UDP Query User{41BACF98-2D9A-4C19-9346-EC609ABEABC2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [TCP Query User{7C946EB1-0A9C-46DC-886F-67032823F04A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Ningún archivo
FirewallRules: [UDP Query User{C23885C7-1BEF-4F33-AABF-EEA580CCABC0}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [TCP Query User{EB7F268B-B32F-4AD0-8ADA-8A51D366EE0A}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe] => (Allow) C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe => Ningún archivo
FirewallRules: [TCP Query User{6F3C984D-BC45-4125-AB73-C048732EE076}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [UDP Query User{143EA456-2C0F-4611-926B-178ACA4645E4}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe => Ningún archivo
FirewallRules: [{BA8B384A-B4DA-4D59-AF0A-2721CA6863FE}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{9FF62CD7-2CA2-47DA-AFA0-D9F1296C2C62}] => (Allow) C:\Users\sandr\AppData\Roaming\uTorrent Web\utweb.exe => Ningún archivo
FirewallRules: [{AF68AD97-6D54-4235-8A86-9FAE00222CC2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe => Ningún archivo

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.

========================= File: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll;C:\ProgramData\39765515438930886819.exe;C:\ProgramData\70268291777959698464.exe;C:\Users\sandr\AppData\Local\oobelibMkey.log ========================

C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll
Archivo no firmado
MD5: 93AD9D1FFC2BD6E10B0A659D32CDF16F
Fecha de creación y modificación: 2021-06-11 13:53 - 2020-11-26 20:08
Tamaño: 000000000
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: nqtLWinarpu.dll
Original Nombre: nqtLWinarpu.dll
Producto: 
Descripción:  
Archivo Versión: 0.0.0.0
Producto Versión: 0.0.0.0
Copyright:  
VirusTotal: 0

C:\ProgramData\39765515438930886819.exe
Archivo no firmado
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATENCIÓN (cero bytes Archivo/Carpeta)
Fecha de creación y modificación: 2023-02-25 20:58 - 2023-02-25 20:58
Tamaño: 000000000
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0-byte

C:\ProgramData\70268291777959698464.exe
Archivo no firmado
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATENCIÓN (cero bytes Archivo/Carpeta)
Fecha de creación y modificación: 2023-02-25 19:19 - 2023-02-25 19:19
Tamaño: 000000000
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0-byte

C:\Users\sandr\AppData\Local\oobelibMkey.log
Archivo no firmado
MD5: 6156D8378CA03159853E9173DDFE6477
Fecha de creación y modificación: 2021-12-12 01:25 - 2023-07-04 09:04
Tamaño: 000000309
Atributos: ----A
Nombre de la compañía: 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: 0

====== Final de File: ======

VirusTotal: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll => 0
VirusTotal: C:\ProgramData\39765515438930886819.exe =>  <==== ATENCIÓN (cero bytes Archivo/Carpeta)
VirusTotal: C:\ProgramData\70268291777959698464.exe =>  <==== ATENCIÓN (cero bytes Archivo/Carpeta)
VirusTotal: C:\Users\sandr\AppData\Local\oobelibMkey.log => 0

========================= Folder: C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall ========================

Acceso Denegado

====== Final de Folder: ======


========================= Folder: C:\bootmgr ========================

C:\bootmgr = Archivo

====== Final de Folder: ======

"C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll" => fue desbloqueado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{272A1B16-1417-4C89-9231-F820B34F8250}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{272A1B16-1417-4C89-9231-F820B34F8250}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Gsoehvggsvnzft => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteApp and Desktop Connections Update\Gsoehvggsvnzft" => eliminado correctamente
C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll => movido correctamente
"C:\Users\sandr\AppData\Local\CommandsStation\CppfyInstall\nqtLWinarpu.dll FXQwsBDzupd" => no encontrado
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => eliminado correctamente
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll" => no encontrado
"Chrome HomePage" => eliminado correctamente
HKLM\System\CurrentControlSet\Services\MpKsl913f6aed => eliminado correctamente
MpKsl913f6aed => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\MpKslf0e918e1 => eliminado correctamente
MpKslf0e918e1 => servicio eliminado correctamente

"C:\ProgramData\SUPERAntiSpyware.com" carpeta mover:

C:\ProgramData\SUPERAntiSpyware.com => movido correctamente

"C:\$WinREAgent" carpeta mover:

C:\$WinREAgent => movido correctamente
C:\ProgramData\39765515438930886819.exe => movido correctamente
C:\ProgramData\70268291777959698464.exe => movido correctamente
C:\Users\sandr\AppData\Local\{40B8EF68-5C44-4FC6-8103-7BA1CC200773} => movido correctamente
C:\Users\Public\Shared Files => ":VersionCache" ADS eliminado correctamente
C:\WINDOWS\system32\drivers\etc\hosts.ics => movido correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{86C4090A-AD67-4C11-A2E4-C02094C15523}C:\program files (x86)\node.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44275B09-D1F1-4733-9D23-E2ACACC5E42D}C:\program files (x86)\node.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54EEC14F-4517-46BA-A8FE-17ABCADBE3D6}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EDE7908-FA76-4554-876B-1BCB0C490807}" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0DAF8628-D6A5-45A7-A766-D939CFE335A9}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{00F74842-61F2-41D6-B8B7-3689FDC131FD}C:\users\sandr\appdata\local\temp\7zs2457\enterprisedu.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D2500C5-DE90-48B1-9B46-E57F42E4E95B}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E5526D7-8709-4ABE-B1BA-553001D780E8}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C7462A72-1A7F-4F4A-B6B0-01EC85B018BC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4C3C69EB-7E63-4329-86A0-9220E350C14C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41BACF98-2D9A-4C19-9346-EC609ABEABC2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7C946EB1-0A9C-46DC-886F-67032823F04A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C23885C7-1BEF-4F33-AABF-EEA580CCABC0}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EB7F268B-B32F-4AD0-8ADA-8A51D366EE0A}C:\users\sandr\desktop\office 2013 - 2019 - descargandolo\files\bin\kmss.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6F3C984D-BC45-4125-AB73-C048732EE076}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{143EA456-2C0F-4611-926B-178ACA4645E4}C:\users\sandr\appdata\local\discord\app-1.0.9011\discord.exe" => eliminado correctamente
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA8B384A-B4DA-4D59-AF0A-2721CA6863FE}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FF62CD7-2CA2-47DA-AFA0-D9F1296C2C62}" => no encontrado
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF68AD97-6D54-4235-8A86-9FAE00222CC2}" => no encontrado

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.


========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::c930:a033:1b4e:50d9%15
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.66
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::7693:daff:fe3b:6090%15
                                       192.168.1.1

Adaptador de Ethernet Conexi¢n de red Bluetooth:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 


========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{2AB0C74D-BD52-438A-9A61-385F9A3F3EDB} canceled.
{CA6E1C17-1525-49C5-9B1B-B6462A3F1BA1} canceled.
{1A5D1EF2-AF4E-4207-8732-9EC95E0F7ED4} canceled.
{797884A8-8ECC-4889-8348-C6E95F019EAD} canceled.
{38C55077-1A55-43A8-BBA0-F21CEDC1656C} canceled.
{49D77BD8-9556-4979-B0DF-175D95A1198D} canceled.
{075E2703-F01C-42B5-9BE3-357B94B09EE4} canceled.
{BDB9AED7-7033-46A6-90F0-35F4C41ECD92} canceled.
{DE9C928E-4EBF-48F2-A1DF-833ABEB84EAF} canceled.
{10E29F5D-2742-414F-B123-75987A4646AB} canceled.
{DBDCEDB1-03AD-40F9-8679-BD2AE5A21E32} canceled.
{6DEA3483-AF39-439E-AD6E-61CDCA2CFD8E} canceled.
{546D201E-4AB5-4F80-85BB-275924DFD24D} canceled.
{F982B005-7AA2-4924-B803-AF3CFD2B5590} canceled.
{7DECE7FF-8A22-4D0E-8EE6-BC326A3CAB40} canceled.
{F66B3C88-624C-459D-9075-A57FA478BC03} canceled.
{62B8C823-E8BC-44CD-B2C5-9FE1A1EA8553} canceled.
{6A2C5DD3-3BAE-4D81-8B85-4873E51FC746} canceled.
{57382008-6713-4733-A87C-C8CE59C94C99} canceled.
{A319240D-9551-4AF8-B9E8-3D56422185AF} canceled.
{ED0142BD-F8F0-405C-AE4C-1DEA3EBEAAD0} canceled.
{5DAC6539-FC55-45DB-BADA-20DE4402A589} canceled.
{AF43DE33-D07A-48B8-B719-1893782BC188} canceled.
{306DB99B-BBD5-49A4-84D6-DB5F0124E7E6} canceled.
{E47CA810-B83E-42B2-9925-4CA8959DD7B7} canceled.
{EFCAABEA-D8DB-484F-8163-DFCD959161D5} canceled.
{28FD017A-430F-4F98-BA60-AE9472737902} canceled.
{C8D75D4D-5046-4ED1-AF64-CA8117EFC293} canceled.
{0737F084-DBFA-4B46-8CB0-5A5C47438064} canceled.
{03178D22-1943-4CCC-8AC2-EA582D0021DC} canceled.
{84029BB0-1BAC-44D5-A9FE-47A9A3BF2814} canceled.
{234A5C71-955F-499A-8677-24EC1DAAA0B0} canceled.
{1355E467-ABFC-4B47-8343-DFBCA764E008} canceled.
{008CBB7C-718B-493E-8CE3-C927C38F8ED7} canceled.
{947D2486-DD46-44C7-9AA6-644915A7AC27} canceled.
{5D95321C-C752-463E-8174-2816C1917350} canceled.
{92D3BF16-0850-4A49-8F8E-048F2FF9460C} canceled.
{E375E3F5-BFF6-473E-9004-DFD062055C97} canceled.
{7A49D759-13C1-481A-B876-01EF75A6A62A} canceled.
{C8A3F5ED-A230-47BD-ACD5-E933332FEDCE} canceled.
{E0572004-BA13-45E1-8A60-FF8449BF947D} canceled.
{FEA65CC4-19A5-4389-B39C-B7929F078DF1} canceled.
{466C658E-9CD0-4B09-B15D-490D7624818E} canceled.
{A89F05AA-D002-4C6A-82F1-B041F979EBC7} canceled.
{97FC2F36-EA9B-4674-88F2-60F604DE5640} canceled.
{6869AD9C-0C5A-4650-B6EB-85C3F099E511} canceled.
{E08E01D4-D6F7-416E-AF44-3735B08A1C76} canceled.
47 out of 47 jobs canceled.


========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.



========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar



========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar



========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.



========= Final de CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.



========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-461014865-3593705188-1222923112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-461014865-3593705188-1222923112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57031442 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 578815043 B
Windows/system/drivers => 151338504 B
Edge => 0 B
Chrome => 1068441528 B
Firefox => 56866843 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 67251123 B
systemprofile32 => 67251123 B
LocalService => 67361801 B
NetworkService => 67362975 B
sandr => 113749106 B

RecycleBin => 199494783 B
EmptyTemp: => 2.3 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 18:24:46 ====

Hola buenas @Sandryvets

En primer lugar, te doy mis disculpas. Pues si no he respondido es porque no tenía tiempo para el foro. Sigamos con el caso.

OK.

Ya he visto el fixlist.

Necesito logs frescos de FARBAR, me los traes en tu próxima respuesta.

Salu2.