Necesito ayuda para eliminar malware

Hola buenos dias, hace unos dias me percate que al mirar el administrador de tareas tenia algunos programas raros en segundo plano como el pet.exe etc, etc y que cuando yo abria el administrador de tareas el consumo de cpu bajaba de casi 6 o 7 %, me gustaria saber si alguien me puede ayudar a limpiar mi pc

Hola, buenas @Username123 bienvenido al foro. Al ser nuevo le recomiendo que se lea usted las Clic aquí: políticas de este. No porque haya hecho usted nada mal, sino para saber más acerca del funcionamiento de este.

Aclarado esto, voy a intentar ayudarle pero antes necesito que me responda usted a algunas preguntas:

Le hago una pregunta @Username123: ¿Le ha realizado usted un proceso de análisis con su Suite de Seguridad a su ordenador? ¿Dispone usted de los Informes y/o Reportes que le a generado las diferentes Suite de Seguridad cuando usted le ha realizado los procesos de análisis a su ordenador en busca de virus e infecciones? Mándeme usted los Informes y/o Reportes para que pueda revisarlos.

@Username123: ¿Se ha descargado e instalado usted algún programa en su ordenador de alguna página no fiable?

@Username123: ¿Le va lento en su ordenador, al abrir cualquier programa; al navegar por internet; al encender y apagar su ordenador?

capturada6755×137 59.8 KB

Para poder enviarme el Informe y/o Reporte correctamente que le solicite a partir de ahora en este foro realice usted los siguientes pasos que le indico a continuación:

Como se muestra en el siguiente EJEMPLO:

Quedo a la espera de su respuesta!

1. hice un escaneo con ccleaner al equipo

2. Recuerdo haber descargado algun software crackeado hace algun tiempo

3. el ordenador va lento al encender

Dispongo del reporte del Ccleaner pero tiene mas de 6500 caracteres, hay alguna otra suite o programa recomendado para hacer el informe?

@Username123 no se preocupe, ahora empezaremos con todo el proceso de desinfección de su ordenador pero antes necesito realizar unas compronaciones con los pasos e indicaciones que yo le indique en este tema siguiendo usted todos mis indicaciones y pasos que yo le dejo en este tema.

@Username123 se va a proceder a realizar una serie de comprobaciones para poder solucionarle el problema que presenta su ordenador y para ello, realice usted lo siguiente que se le indica a continuación:

Ahora, @Username123, realice usted los siguentes procedimientos que le indico a continuación:

Hacer clic derecho sobre el botón de Inicio () (Dicho botón se encuentra en la parte posterior izquierda).

Seleccionar la opción Sistema. (Tal y como se refleja en la imagen siguiente):

image465×501 69.4 KB

Aparecerá una pantalla similar a esta:

image503×501 39.7 KB

Maximice usted la pantalla y mándeme una Captura completa de todo lo que sale en toda la pantalla incluida si sale alguna notificación adicional y/o ventana adicional que te pueda salir al realizar dicho procedimiento que le he mencionado y envíemelo.

Quedo a la espera de su respuesta!

Adjunto 3 capturas de pantalla con todo lo que sale en la pantalla.

Captura_de_pantall21022×768 206 KB

Captura_de_pantalla1024×761 192 KB

Captura_de_pantalla31024×768 206 KB

Ahora, @Username123, realice usted los siguientes pasos que le indico a continuación:

Un clic en botón de Inicio () y en la Barra de Búsqueda escriba usted lo siguiente: .

Aparecerá una pantalla similar a esta:

capturada570678×564 99 KB

De la lista de opciones que aparece en la pantalla anterior fiseje usted en la parte que pone:

De la lista de opciones que aparece en la pantalla anterior, busque y Un clic en donde pone: tal como se muestra en la pantalla anterior.

Acepte la notificación que le aparezca a usted en la pantalla de su ordenador.

Aparecerá la siguiente pantalla que se refleja a continuación:

image1348×725 34.6 KB

En dicha pantalla anterior que se le muestra Clic en: ´´Copiar´´ y ´´Pegar´´ el siguiente comando:

Get-PhysicalDisk

Pulse usted la tecla: Enter

Maximice usted la pantalla y me manda una Captura de Pantalla con todo lo que se refleje.

Quedo a la espera de su respuesta!

Ahora, @Username123, realice usted los siguientes pasos que le indico a continuación:

Un clic en el botón: Inicio () >> escriba: Panel de Control tal como se indica a continuación:

Aparecerá una pantalla similar a esta:

capturada369427×539 30.1 KB

Un clic en donde aparece: tal y como aparece en la pantalla anterior.

Aparecerá una pantalla similar a esta:

capturada371810×446 67.4 KB

De toda esa lista que aparece busque y un clic en donde pone: >> Busque y un clic en donde pone: tal como aparece en la pantalla anterior.

Aparecerá una pantalla similar a esta:

capturada22519×543 61.6 KB

Maximice usted la pantalla y me manda usted una ó varias Capturas de Pantalla con todo lo que se refleje!

Quedo a la espera de su respuesta!

Ahora @Username123, realice usted los siguientes pasos que le indico a continuación:

IMPORTANTE:

SIGA USTED LAS ´´INDICACIONES DADAS´´ Y SU ´´MANUAL´´ QUE LE DEJO JUNTO AL PROGRAMA EN EL ´´ORDEN INDICADO´´ Y ´´SIN INVERTIR EL ORDEN´´ QUE SE LE INDICA A USTED EN ESTE TEMA

QUE SU ORDENADOR ´´NO´´ SE PONGA EN ´´ESTADO DE SUSPENSIÓN´´ DURANTE TODO EL PROCESO DE ANALISIS QUE SE LE VAN A REALIZAR CON LOS DIFERENTES PROGRAMAS QUE SE LE INDIQUEN EN ESTE TEMA, ES DECIR, QUE SU ORDENADOR ´´NO SE APAGUE LA PANTALLA´´ YA QUE PODRÍA INTERFERIR EN EL PROCESO DE ANALISIS Y ´´NO´´ ´´ELIMINARSE CORRECTAMENTE LAS INFECCIONES Y VIRUS QUE ENCUENTRE´´.

SIGA SU MANUAL QUE SE LE DEJA JUNTO AL PROGRAMA EN ESTE TEMA.

SI ALGÚN PROGRAMA DE LOS QUE SE LE INDIQUEN EN ESTE TEMA LE PIDE REINICIAR! PROCEDES! PERO ´´SÓLO´´ ´´SI SE LO SOLICITA DICHO PROGRAMA´´.

capturada4760×246 56 KB

Aclarado esto @Username123, realice usted lo siguiente:

EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc)

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas y discos duros externos si también tienes.

Realiza los pasos que te pongo a continuación, ´´sin cambiar el orden´´ y síguelos ´´al pie de la letra´´:

Descarga, Instala, y ejecuta: Malwarebytes. Aquí le dejo la Url de Descarga del: MalwareBytes, para que sepas cómo descargarlo y poder instalarlo correctamente: Clic aquí: MalwareBytes. Aquí le dejo su Manual del: MalwareBytes, para que sepas cómo utilizar el programa y configurarlo correctamente: Clic aquí: Manual del Malwarebytes y seguidamente realice usted los siguientes pasos que le indico a continuación:

• Realizas un Análisis ´´PERSONALIZADO´´, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:

1. Analizar objetos en memoria

2. Analizar configuracion de inicio y registro

3. Analizar dentro de los archivos

4. ´´NO´´ activar la opción que pone:

   

• (Si dicha opción está activada muy probablemente se produzca una lentitud en el Proceso de Análisis que tarde muchas horas en realizar el Análisis Personalizado del MalwareBytes. (Pues esta puede hacer que el programa se cuelgue y no finalice el análisis o hacer que este tarde muchísimo.)

• Finalizado el Proceso de Análisis por completo, si encuentra Amenazas Pulsar en Cuarentena para enviar las infecciones a la ´´´´Cuarentena´´´´ y si el programa te pide que reinicies, procedes! pero ´´SÓLO´´ si te lo solicita dicho programa.)

• Para acceder posteriormente al Informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el Informe en tu próxima respuesta.

Para poder enviarme usted el Informe y/o Reporte correctamente que le solicito realice los siguientes pasos que le indico a continuación:

Para poder enviarme el Informe y/o Reporte correctamente que le solicito en este tema realice usted los siguientes pasos que le indico a continuación:

Como se muestra en el siguiente EJEMPLO:

Quedo a la espera de su respuesta!

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 18/10/2024
Hora del análisis: 21:49
Archivo de registro: 07235886-8db4-11ef-9072-38d5471caff3.json

-Información del software-
Versión: 5.1.11.139
Versión de los componentes: 1.0.5072
Versión del paquete de actualización: 1.0.90621
Licencia: Versión de prueba

-Información del sistema-
SO: Windows 10 (Build 19045.5011)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-F6JG9GR\El_H_

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 198120
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 min, 44 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Buenas @Username123, acabo de revisar el Reporte y/o Informe que usted me ha enviado y ha realizado un proceso de análisis de: Amenazas, cuando yo le he indicado en las indicaciones y pasos que le he dejado en este tema que tiene que realizar un proceso de análisis: PERSONALIZADO con dicho programa: MalwareBytes

@Username123, repita de nuevo el proceso de análisis: PERSONALIZADO con dicho programa: MalwareBytes que le he dejado en este tema siguiendo todas las indicaciones y pasos que le he dejado en este tema y me manda de nuevo lo que le he solicitado a este tema.

Quedo a la espera de su respuesta!

Perdon, aca le dejo el analisis personalizado.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 18/10/2024
Hora del análisis: 22:09
Archivo de registro: be0e8a50-8db6-11ef-af74-38d5471caff3.json

-Información del software-
Versión: 5.1.11.139
Versión de los componentes: 1.0.5072
Versión del paquete de actualización: 1.0.90621
Licencia: Versión de prueba

-Información del sistema-
SO: Windows 10 (Build 19045.5011)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-F6JG9GR\El_H_

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 302378
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 26 min, 14 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

@Username123, acabo de revisar el Informe y/o Reporte que usted me ha enviado a este tema y está correctamente realizado y el dicho programa: MalwareBytes ha realizado correctamente su función.

Ahora, @Username123, realice usted los siguientes pasos que le indico a continuación:

IMPORTANTE:

SIGA USTED LAS INDICACIONES DADAS ASÍ COMO SU MANUAL QUE DE DEJO EN ESTE TEMA JUNTO AL PROGRAMA QUE LE INDICO EN ESTE TEMA

DURANTE TODO EL PROCESO DE DESINFECCIÓN DE SU ORDENADOR, QUE NO SE APAGUE LA PANTALLA, ES DECIR, QUE SU PANTALLA NO SE PONGA EN ESTADO DE SUSPENSION YA QUE PUEDE INTERRUMPIRSE EL PROCESO DE DESINFECCIÓN DE SU ORDENADOR Y NO ELIMINAR LAS AMENAZAS E INFECCIONES QUE ENCUENTRE DICHO PROGRAMA.

SI ALGUNO DE LOS PROGRAMA DE LOS QUE LE INDIQUE EN ESTE TEMA, UNA VEZ FINALIZADO EL PROCESO DE ANALISIS, LE INDICA QUE DEBE REINICIAR! PROCECES! PERO SÓLO SI SE LO INDICA DICHO PROGRAMA.

capturada4760×246 56 KB

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Descargue el programa de la siguiente Url: Le dejo “2 Url de Descarga” por si uno no le funciona el proceso de Instalación pueda probar con la segunda Url de Descarga:

Url descarga 1: Clic aquí: RogueKiller x64 Bits

Url descarga 2: Clic aquí: RogueKiller x82 Bits

Aquí le dejo su manual del: RogueKiller para que sepas cómo utilizarlo y configurarlo correctamente: Siga usted el siguiente tutorial que le dejo a continuación:

Abra el programa: RogueKiller que ha descargado.

Clikea en la pestaña que pone: Analizar., clic en donde pone: Análisis Completo (Full Scan). Nota: Si NO le deja realizar un “Análisis Personalizado” realice un Análisis Análisis Completo (Full Scan) (Tal y cómo se muestra en la imagen):

image691×378 45 KB

Automáticamente empezará el Proceso de Análisis en busca de Virus e Infecciones dejar que analice por completo y NO interrumpir el programa hasta que finalice en su totalidad. Finalizado el Proceso de Análisis por completo clickea en la pestaña que pone: Resultados: (Proceso tal y como se indica en la siguiente pantalla):

image691×374 52.2 KB

Una vez finalizado el Proceso de Análisis por completo, si encuentra AMENAZAS e INFECCIONES saldrá una pantalla similar a esta, clicka en la pestaña que pone: Resultados para poder eliminar dichas INFECCIONES. (Tal y como se muestra en esta pantalla):

image691×376 51.9 KB

Si le sale una pantalla similar a esta significa que el programa ha ELIMINADO con éxito TODAS las AMENAZAS e INFECCIONES de su ordenador. Clickea en la pestaña que pone: Resultados. (Tal y cómo se indica en esta página):

image691×377 46.6 KB

Para ELIMINAR las AMENAZAS e INFECCIONES clickea en la pestaña que pone: Eliminación. (Tal y como se muestra en esta pantalla):

image691×379 60 KB

Le aparecerá una pantalla similar a esta, dejar TODAS las opciones marcadas que te salgan a ti. Para ELIMINAR todas las INFECCIONES clikea en la pestaña que pone: Finalizar. (Tal y cómo se muestra en la pantalla):

image691×384 61.4 KB

Para enviarme el Informe que ha generado el programa cuando haya finalizado por completo de Analizar siga estos pasos que se reflejan a continuación:

image691×377 87.1 KB

image691×321 46 KB

Para poder enviarme usted el Informe y/o Reporte correctamente que le solicito en este tema realice los siguientes pasos que le indico a continuación:

Como se muestra en el siguiente EJEMPLO:

Quedo a la espera de su respuesta!

Url: ¿Como Pegar Reportes en el Foro?

te mando el reporte pero esta en json, perdon por la demora. Estuve ocupado

{"header": {"date": 133740143632520000, "properties": [{"key": "program", "value": "RogueKiller Anti-Malware"}, {"key": "version", "value": "15.18.3.0"}, {"key": "x64", "value": true}, {"key": "program_date", "value": "Sep 11 2024"}, {"key": "location", "value": "C:\\Users\\El_H_\\Downloads\\RogueKiller_portable64.exe"}, {"key": "premium", "value": false}, {"key": "company", "value": "Adlice Software"}, {"key": "website", "value": "https://www.adlice.com/"}, {"key": "contact", "value": "https://adlice.com/contact/"}, {"key": "website", "value": "https://adlice.com/download/roguekiller/"}, {"key": "os", "value": "Windows 10 (10.0.19045) 64-bit"}, {"key": "os_x64", "value": true}, {"key": "startup", "value": 0}, {"key": "winpe", "value": false}, {"key": "user", "value": "El_H_"}, {"key": "user_admin", "value": true}, {"key": "date", "value": "2024/10/21 19:59:23"}, {"key": "type", "value": "scan"}, {"key": "aborted", "value": false}, {"key": "scan_mode", "value": "standard"}, {"key": "is_ucheck", "value": false}, {"key": "duration", "value": 520}, {"key": "found_count", "value": 0}, {"key": "total_count", "value": 49446}, {"key": "signatures_version", "value": "20241014_143130"}, {"key": "log_legit", "value": false}, {"key": "expert_mode", "value": false}, {"key": "truesight_loaded", "value": true}, {"key": "cloud_id", "value": ""}, {"key": "removal_id", "value": 0}, {"key": "scan_id", "value": 0}, {"key": "updates_count", "value": 2}]}, "sections": [{"entries": [], "id": "WARNINGS", "name": "warnings"}, {"entries": [{"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "calibre 64bit"}, {"key": "update_current_version", "value": "7.19.0"}, {"key": "update_available_version", "value": "7.20.0"}, {"key": "update_size", "value": 589291520}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\Calibre2\\"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "WebView2 Runtime de Microsoft Edge"}, {"key": "update_current_version", "value": "129.0.2792.89"}, {"key": "update_available_version", "value": "130.0.2849.46"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": true}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application"}]}], "id": "UPDATES", "name": "updates"}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "[System Process]"}, {"key": "path", "value": ""}, {"key": "pid", "value": 0}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "smss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\smss.exe"}, {"key": "pid", "value": 492}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Memory Compression"}, {"key": "path", "value": "MemCompression"}, {"key": "pid", "value": 868}]}], "id": "process_item", "properties": [{"key": "name", "value": "System"}, {"key": "path", "value": ""}, {"key": "pid", "value": 4}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Secure System"}, {"key": "path", "value": ""}, {"key": "pid", "value": 72}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Registry"}, {"key": "path", "value": "Registry"}, {"key": "pid", "value": 132}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "csrss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\csrss.exe"}, {"key": "pid", "value": 640}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "fontdrvhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\fontdrvhost.exe"}, {"key": "pid", "value": 580}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "explorer.exe"}, {"key": "path", "value": "C:\\Windows\\explorer.exe"}, {"key": "pid", "value": 224}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 2004}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 1536}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 2200}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 5636}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 12376}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 18696}]}], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\129.0.2792.89\\msedgewebview2.exe"}, {"key": "pid", "value": 1484}]}], "id": "process_item", "properties": [{"key": "name", "value": "SearchApp.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"}, {"key": "pid", "value": 2308}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ShellExperienceHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe"}, {"key": "pid", "value": 2620}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "dllhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\dllhost.exe"}, {"key": "pid", "value": 4868}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 5792}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "StartMenuExperienceHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe"}, {"key": "pid", "value": 6124}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 6156}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "CompPkgSrv.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\CompPkgSrv.exe"}, {"key": "pid", "value": 6592}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "MoUsoCoreWorker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\mousocoreworker.exe"}, {"key": "pid", "value": 7216}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 8864}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "TextInputHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe"}, {"key": "pid", "value": 9264}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ApplicationFrameHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\ApplicationFrameHost.exe"}, {"key": "pid", "value": 10424}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SystemSettings.exe"}, {"key": "path", "value": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe"}, {"key": "pid", "value": 12304}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 17740}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchApp.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe"}, {"key": "pid", "value": 18800}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "smartscreen.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\smartscreen.exe"}, {"key": "pid", "value": 21352}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "LockApp.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.LockApp_cw5n1h2txyewy\\LockApp.exe"}, {"key": "pid", "value": 21360}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 96}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 528}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 880}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 924}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1056}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1104}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1204}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1316}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1320}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1332}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1360}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1412}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "IntelCpHDCPSvc.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\iigd_dch.inf_amd64_51f685305808e3a5\\IntelCpHDCPSvc.exe"}, {"key": "pid", "value": 1448}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1508}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1656}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1708}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1760}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1768}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1776}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1816}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1920}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1956}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2012}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "taskhostw.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\taskhostw.exe"}, {"key": "pid", "value": 4348}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "MicrosoftEdgeUpdate.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\MicrosoftEdgeUpdate.exe"}, {"key": "pid", "value": 4724}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "taskhostw.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\taskhostw.exe"}, {"key": "pid", "value": 11116}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "taskhostw.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\taskhostw.exe"}, {"key": "pid", "value": 19792}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2020}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "igfxEM.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\cui_dch.inf_amd64_38cfab2b652e4701\\igfxEM.exe"}, {"key": "pid", "value": 4696}]}], "id": "process_item", "properties": [{"key": "name", "value": "igfxCUIService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\cui_dch.inf_amd64_38cfab2b652e4701\\igfxCUIService.exe"}, {"key": "pid", "value": 2056}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2124}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2132}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "audiodg.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 1284}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2272}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2372}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2412}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "sihost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\sihost.exe"}, {"key": "pid", "value": 4516}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2472}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2516}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2520}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2608}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2636}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2880}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2964}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3008}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3140}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AggregatorHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\AggregatorHost.exe"}, {"key": "pid", "value": 4808}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3176}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3184}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3192}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3200}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3208}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3216}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "OneApp.IGCC.WinService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igcc_dch.inf_amd64_c2ac023763d5d3ad\\OneApp.IGCC.WinService.exe"}, {"key": "pid", "value": 3364}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3492}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3548}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "armsvc.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe"}, {"key": "pid", "value": 3576}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3592}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "wslservice.exe"}, {"key": "path", "value": "C:\\Program Files\\WSL\\wslservice.exe"}, {"key": "pid", "value": 3620}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3700}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3964}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4060}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchFilterHost.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 4188}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchProtocolHost.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 19444}]}], "id": "process_item", "properties": [{"key": "name", "value": "SearchIndexer.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SearchIndexer.exe"}, {"key": "pid", "value": 4124}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4344}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SgrmBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SgrmBroker.exe"}, {"key": "pid", "value": 4772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4948}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ctfmon.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\ctfmon.exe"}, {"key": "pid", "value": 13204}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5052}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5224}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5612}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5668}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5968}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6248}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6440}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6616}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6748}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 7904}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8008}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8108}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8180}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8416}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SecurityHealthService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SecurityHealthService.exe"}, {"key": "pid", "value": 8588}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8896}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "vmcompute.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\vmcompute.exe"}, {"key": "pid", "value": 8952}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9124}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9252}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "CCleanerPerformanceOptimizerService.exe"}, {"key": "path", "value": "C:\\Program Files\\CCleaner\\CCleanerPerformanceOptimizerService.exe"}, {"key": "pid", "value": 9580}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9684}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9796}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10372}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10856}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Malwarebytes.exe"}, {"key": "path", "value": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\Malwarebytes.exe"}, {"key": "pid", "value": 8804}]}], "id": "process_item", "properties": [{"key": "name", "value": "MBAMService.exe"}, {"key": "path", "value": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"}, {"key": "pid", "value": 12308}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 14484}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 15044}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 19892}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 20104}]}], "id": "process_item", "properties": [{"key": "name", "value": "services.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\services.exe"}, {"key": "pid", "value": 872}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "LsaIso.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\LsaIso.exe"}, {"key": "pid", "value": 892}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "lsass.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\lsass.exe"}, {"key": "pid", "value": 900}]}], "id": "process_item", "properties": [{"key": "name", "value": "wininit.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wininit.exe"}, {"key": "pid", "value": 728}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "csrss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\csrss.exe"}, {"key": "pid", "value": 736}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "fontdrvhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\fontdrvhost.exe"}, {"key": "pid", "value": 564}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "dwm.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\dwm.exe"}, {"key": "pid", "value": 1116}]}], "id": "process_item", "properties": [{"key": "name", "value": "winlogon.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\winlogon.exe"}, {"key": "pid", "value": 808}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "CCleaner64.exe"}, {"key": "path", "value": "C:\\Program Files\\CCleaner\\CCleaner64.exe"}, {"key": "pid", "value": 3464}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Acrobat.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\Acrobat.exe"}, {"key": "pid", "value": 11440}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 4532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 7236}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 7364}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 8152}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 9380}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 11416}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 19604}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 20536}]}], "id": "process_item", "properties": [{"key": "name", "value": "AcroCEF.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\acrocef_1\\AcroCEF.exe"}, {"key": "pid", "value": 16080}]}], "id": "process_item", "properties": [{"key": "name", "value": "Acrobat.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\Acrobat.exe"}, {"key": "pid", "value": 1980}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 1880}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 6080}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 6284}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 6596}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 6648}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "powershell.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"}, {"key": "pid", "value": 5460}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "conhost.exe"}, {"key": "path", "value": "C:\\WINDOWS\\system32\\conhost.exe"}, {"key": "pid", "value": 10648}]}], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 9956}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 11780}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 11232}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "conhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\conhost.exe"}, {"key": "pid", "value": 16620}]}], "id": "process_item", "properties": [{"key": "name", "value": "python.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Python\\Python313\\python.exe"}, {"key": "pid", "value": 20180}]}], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 13192}]}], "id": "process_item", "properties": [{"key": "name", "value": "Code.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\AppData\\Local\\Programs\\Microsoft VS Code\\Code.exe"}, {"key": "pid", "value": 6256}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SecurityHealthSystray.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe"}, {"key": "pid", "value": 8156}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 444}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 636}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 1152}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 2340}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 2648}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 3124}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 4384}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 7600}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 7692}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 7908}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 8188}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 9280}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 9572}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 9844}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 9932}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 10028}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 10772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 11272}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 11304}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 11316}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 11772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 12564}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 13464}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 13532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 13652}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 14048}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 14348}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 14544}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 15500}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 15560}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 15768}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 15876}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 16148}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 16532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 16744}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 16856}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 16996}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 17176}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 17376}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 17540}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 17640}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 17744}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 17928}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 18168}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 18352}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 18428}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 19080}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 19248}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 20364}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RogueKiller_portable64.exe"}, {"key": "path", "value": "C:\\Users\\El_H_\\Downloads\\RogueKiller_portable64.exe"}, {"key": "pid", "value": 21472}]}], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 18164}]}], "id": "process_item", "properties": [{"key": "name", "value": "explorer.exe"}, {"key": "path", "value": "C:\\Windows\\explorer.exe"}, {"key": "pid", "value": 5088}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AdobeCollabSync.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\AdobeCollabSync.exe"}, {"key": "pid", "value": 17824}]}], "id": "process_item", "properties": [{"key": "name", "value": "AdobeCollabSync.exe"}, {"key": "path", "value": "C:\\Program Files\\Adobe\\Acrobat DC\\Acrobat\\AdobeCollabSync.exe"}, {"key": "pid", "value": 15596}]}], "id": "PROCESSES", "name": "processes"}, {"entries": [], "id": "PROCESS_MODULES", "name": "modules"}, {"entries": [], "id": "SERVICES", "name": "services"}, {"entries": [], "id": "TASKS", "name": "tasks"}, {"entries": [], "id": "REGISTRY", "name": "registry"}, {"entries": [], "id": "WMI", "name": "wmi"}, {"entries": [{"entries": [], "id": "info", "properties": [{"key": "is_too_big", "value": false}, {"key": "hosts_file_path", "value": "C:\\Windows\\System32\\drivers\\etc\\hosts"}]}, {"entries": [], "id": "lines", "properties": []}], "id": "HOSTS", "name": "hosts"}, {"entries": [], "id": "FILESYSTEM", "name": "filesystem"}, {"entries": [], "id": "WEB_BROWSERS", "name": "web_browsers"}, {"entries": [], "id": "ANTIROOTKIT", "name": "antirootkit"}], "type": "RK-REPORT"}```

alguien para seguir ayudandome?

Hola buenas con permiso de @Chicloi

@Username123 el compañero @Chicloi dará continuidad con tu tema en cuando buenamente pueda. Pues al igual que yo, también tiene otros asuntos que atender fuera del foro.

Más que nada es para que lo sepas y no pienses que se te ha dejado de ayudar.

Salu2.

Ok, muchisimas gracias y perdon por las molestias

De nada @Username123

Si en una semana no tienes noticias del compañero @Chicloi dímelo.

Salu2.