aca estan mis 2 resultados de los escaneos el primero fue de la primera vez que lo desinfecte el ultimo de la ultima y las entradas de registro PUP que se repiten, note algo curioso en la primera habia un programa llamado csastats no se si estaba relacionado con mi programa de hotkeys de la notebook bueno en fin ahi te los paso y ya desinstale los 2 antivirus
AdwCleaner[S00].txt (2,0 KB) AdwCleaner[S04].txt (2,3 KB)
al spybot no lo desinstalo porque se me va la opcion de inmunizar y quedo expuesto a spywares aparte de que no tiene proteccion en tiempo real es la version free por lo que no interfiere en el antivirus a la hora de usarlo
Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
NO necesitamos este reporte
AdwCleaner
Lo ejecutas.
Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”
ZHPCleaner
Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.
Malwarebytes
No olvides actualizarlo.
Lee detenidamente su Manual
Realiza un Análisis Personalizado marcando todas las unidades
Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
Reinicias el Sistema.
En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.
3.-Nota Importante:
En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.
tambien esta infectadisima, me lo hizo con windows telemetry el que me da el tiempo y la hora, PD: este windows es original
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Ran by gusta (30-07-2019 20:58:40)
Running from C:\Users\gusta\Downloads
Windows 10 Home Single Language Version 1803 17134.885 (X64) (2018-10-01 00:39:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1498555920-1983202831-2001491286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1498555920-1983202831-2001491286-503 - Limited - Disabled)
gusta (S-1-5-21-1498555920-1983202831-2001491286-1002 - Administrator - Enabled) => C:\Users\gusta
Invitado (S-1-5-21-1498555920-1983202831-2001491286-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1498555920-1983202831-2001491286-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Autorizaciones AMR 2.7.5 (HKLM-x32\...\Autorizaciones AMR_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Control Center 5.0000.0.7 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0000.0.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
LibreOffice 5.1.4.2 (HKLM-x32\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 68.0.1 (x64 es-AR) (HKLM\...\Mozilla Firefox 68.0.1 (x64 es-AR)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 68.0.1.7137 - Mozilla)
Paquete de controladores de Windows - Insyde (AirplaneModeHid) HIDClass (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21253 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7629 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1040 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.1 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Nombre de su organización)
VngPlus (HKLM-x32\...\{E2691A75-49F2-4FE6-A6D5-0FF5C48FE396}) (Version: 16.04.07 - Ecleris)
VngPlusSC (HKLM-x32\...\{77CC634C-0182-11D9-9AEC-000D87ADDD10}) (Version: - )
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Packages:
=========
Complemento de teléfono de Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-28] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-15] (Microsoft Corporation) [MS Ad]
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-04-04] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Studios)
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Finanzas -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
Paradise Bay -> C:\Program Files\WindowsApps\king.com.ParadiseBay_3.9.0.0_x86__kgqvnymyfvs32 [2018-12-18] (king.com)
Shuffle Party -> C:\Program Files\WindowsApps\Microsoft.ShuffleParty_2.0.0.2_x86__8wekyb3d8bbwe [2015-09-04] (Microsoft Studios)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-11] (Microsoft Corporation)
Traductor -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.5.14.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-11] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-31 21:38 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-05-31 21:39 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2017-05-31 21:39 - 2018-01-19 11:26 - 002976256 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2017-05-31 21:39 - 2018-01-18 15:39 - 000314368 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2015-11-16 11:57 - 2015-07-17 11:28 - 001127424 _____ (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\BRCOM14A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pwdrvio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwdspio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwNative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ACTSKIN4.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dao350.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRDES.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRID32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HiTime32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mfc42loc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msjet35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJINT35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJTER35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMASK32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrd2x35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSREPL35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWINSCK.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NystITFflip.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPIN32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\THREED32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VB5DB.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6R.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RESN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RUN.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetndis64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Desktop\sep-2016-calendario.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\flashplayer_25_sa.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7941 more sites.
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\1-2005-search.com -> www.1-2005-search.com
There are 12758 more sites.
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\1-2005-search.com -> www.1-2005-search.com
There are 12758 more sites.
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123simsen.com -> www.123simsen.com
There are 7943 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 08:04 - 2019-07-17 02:09 - 000454656 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15606 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194053902\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054136\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\gusta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Control Panel\Desktop\\Wallpaper -> C:\Users\gusta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: isesrv => 2
HKLM\...\StartupApproved\Run32: => "IseUI"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{056C8075-8C8D-4DD1-9A64-6E5F0A22AACE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A9B201C2-B733-442E-AED9-591AA6174B80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [TCP Query User{53C88FEB-4EDA-43FD-8DE6-83B59EB24A0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A813B966-72B2-417F-A547-CCD14D7AE2C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E94B81F7-A517-4F7E-A36D-243C144C80D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
26-06-2019 21:55:47 Removed COMODO Internet Security
13-07-2019 21:51:23 Punto de control programado
17-07-2019 21:23:44 Windows Update
20-07-2019 15:34:13 ZHPcleaner
21-07-2019 22:42:45 ZHPcleaner
==================== Faulty Device Manager Devices =============
Name: Insyde Airplane Mode HID Mini-Driver
Description: Insyde Airplane Mode HID Mini-Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Insyde
Service: AirplaneModeHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2019 08:42:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ShellExperienceHost.exe, versión 10.0.17134.753, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.
Identificador de proceso: 1a30
Hora de inicio: 01d54727ec8e88a3
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Identificador de informe: ff1bd2ec-55d5-4cbf-82b0-29e694f7c27e
Nombre completo de paquete con errores: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: App
Error: (07/18/2019 03:30:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (07/18/2019 03:28:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {a3261c86-f4d8-4e9f-9881-c3c7caa5049c}
Error: (07/18/2019 02:54:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (07/18/2019 02:52:58 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
Operación:
Recopilando datos del escritor
Contexto:
Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
Nombre del escritor: System Writer
Id. de instancia del escritor: {e455112f-8fa5-437e-ac71-77c55c176e7f}
Error: (07/18/2019 02:35:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (07/18/2019 02:32:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (07/18/2019 02:31:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
System errors:
=============
Error: (07/30/2019 08:41:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-M7LITVE)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
y APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
al usuario DESKTOP-M7LITVE\gusta con SID (S-1-5-21-1498555920-1983202831-2001491286-1002) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
Windows.SecurityCenter.WscDataProtection
y APPID
No disponible
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID
Windows.SecurityCenter.WscBrokerManager
y APPID
No disponible
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
y APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
y APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (07/30/2019 07:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CmdAgentProt no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Windows Defender:
===================================
Date: 2019-07-21 22:41:56.122
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {1FDB4C6E-8F46-42EE-BAAC-6EB21F8EB8B8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-07-20 15:22:51.822
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {11BB40CE-812E-488D-B22E-788B90ED21E6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-07-30 20:46:10.211
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico.
Date: 2019-07-30 20:46:10.211
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico.
Date: 2019-07-30 20:46:10.211
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico.
Date: 2019-07-30 20:45:08.432
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.299.224.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico.
Date: 2019-07-30 19:50:15.129
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.299.224.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual:
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección
CodeIntegrity:
===================================
Date: 2019-07-15 02:47:27.800
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-26 22:09:15.502
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 22:02:50.983
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 21:55:14.438
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 21:55:14.100
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 21:54:47.021
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 21:44:30.436
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 21:42:22.799
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 4.6.5 08/08/2014
Motherboard: BANGHO MAX G0101
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8097.26 MB
Available physical RAM: 4024.86 MB
Total Virtual: 9377.26 MB
Available Virtual: 5140.01 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:480.41 GB) (Free:371.73 GB) NTFS
Drive e: (Datos VNG) (Fixed) (Total:449.9 GB) (Free:449.71 GB) NTFS
\\?\Volume{a8132d7f-7d43-4f94-9295-82714787f5ef}\ (Recovery) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS
\\?\Volume{3a3ed554-fdf8-4520-8e4a-08f63d8330e7}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 161DA336)
Partition: GPT.
==================== End of Addition.txt ============================
No es así, lo que te esta bloqueando Malwarebytes es otra cosa no FRST.
El problema es que como tardas tanto en volver el equipo se te reinfecta con cada reinicio, por lo cual no sirve limpiar ya que al volver te reinfectas de nuevo.
estaba usando sandboxie pero no lo estoy usando actualmente, me estuvo tirando varios errores ese era el unico sandbox que uso actualmente
actualmente estoy sin antivirus, antes usaba comodo internet security essencials, me lo instalo de vuelta a ese o cual me recomendas, que no sea avast ya lo probe y es muy malo
si podes avisame de uno a la brevedad que me tengo que ir en un rato y la pc puede quedar sin proteccion
Esto es otra cosa rara que le pasa a la pc, abro revo uninstaller y mira lo que me muestra