sigue igual. pero ninguno de las aplicaciones ha informado algo sobre la Unidad (G:) ¿mi usb esta encriptado?
Es posible que algún virus hubiera dañado el usb no necesariamente tiene porque estar encriptado
Por eso lo más recomendable una vez que hemos desinfectado el equipo es que formatees ese USB
Lo he formateado por su recomendación, pero cuando lo quiero expulsar informa que el dispositivo esta siendo usado por un programa.
Eso pasa en algunos casos con las memorias USB Si no lo logras expulsar de esa manera puedes quitarla sacandols del puerto USB
quería volver activar protección en tiempo real y no se puede
¿ya no se puede reactivar el Windows Defender o fue afectado por el virus cuando lo desactivamos?
Si tu Windows no es legal, es posible que no puedas,no te deja activarlo…sale algun error??
Si sale un comunicado.
anteriormente si se podía, en el último análisis (Dr. Web), mientras se analizaba la unidad (D:) aparecieron 8 notificaciones y alarmas sobre archivos maliciosos.
-
Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.
-
Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits)
¿Cómo saber si mi Windows es de 32 o 64 bits? -
Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.
-
En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.
-
Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.
En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST
Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by USUARIO (27-03-2019 18:30:11)
Running from C:\Users\USUARIO\Desktop
Windows 10 Pro Version 1803 17134.167 (X64) (2018-07-15 18:12:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1263756674-2307396826-839413971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1263756674-2307396826-839413971-503 - Limited - Disabled)
Invitado (S-1-5-21-1263756674-2307396826-839413971-501 - Limited - Disabled)
USUARIO (S-1-5-21-1263756674-2307396826-839413971-1001 - Administrator - Enabled) => C:\Users\USUARIO
WDAGUtilityAccount (S-1-5-21-1263756674-2307396826-839413971-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1492, 24.04.2015 - AIMP DevTeam)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden
Cisco WebEx Meeting Center (HKLM-x32\...\{ED8D5D15-627B-4B83-953B-A82C1A1A9690}) (Version: 32.15.33.8 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-1263756674-2307396826-839413971-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
CyberLink PowerDVD 16 (HKLM-x32\...\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}) (Version: 16.0.1510.60 - CyberLink Corp.)
Desinstalar impresora EPSON L220 Series (HKLM\...\EPSON L220 Series) (Version: - SEIKO EPSON Corporation)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{9EFA35CF-3250-4E22-8198-41FF7640E506}) (Version: 2.5.2.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0324C972-6139-489C-9003-857C4F195A80}) (Version: 3.10.0094 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Foxit PhantomPDF Business (HKLM-x32\...\{F54D6DB2-CEE3-4089-BE83-09F4DD180B4E}) (Version: 7.0.8.1216 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Grabadora y reproductor de WebEx (HKLM-x32\...\{B2190DC0-035D-4430-84F2-0E9B00908435}) (Version: 32.15.33.8 - Cisco WebEx LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
K-Lite Codec Pack 11.1.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.6 - )
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1263756674-2307396826-839413971-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.29.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 es-MX)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Nitro Pro 10 (HKLM\...\{7242D889-1E07-40C9-8FC6-670707B34EE1}) (Version: 10.5.9.9 - Nitro)
NVIDIA Controlador de 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-876322ECFB78}) (Version: 1.00.0179 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1263756674-2307396826-839413971-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-07-15] (AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-11-17] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-07-22] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-07-15] (AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0590B1FB-A14F-4B79-B8D3-19CBEFEA2544} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {073B6523-C318-4689-94EC-F540F0B309B8} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1263756674-2307396826-839413971-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {0E09842F-ED5F-4C72-AE57-74BE2A6CB0F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {339E5F59-49E9-4F0E-845D-923C92986A4E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {373E9385-0484-402E-B256-B29F109DE715} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5C07D73D-15B6-4028-98E0-554E1224602A} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\USUARIO\Desktop\ESETOnlineScanner_ESL.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {662103BB-0EA3-4B68-90C7-75B2BE748786} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {663EA22A-1276-4AB8-AE75-37489BAAB544} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6997138B-5C61-4827-A730-2CC3AF9A9A28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6B003D8F-5DF5-4AF8-AEE9-58E1121B0A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6C4B9ED1-A105-4FBC-9023-ADB425A63976} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {73C9C4D7-2E97-4900-8DC5-F6B077A3CA14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7F4F69EE-C468-402E-ADC8-440EACD5BCE0} - System32\Tasks\S-1-5-21-1263756674-2307396826-839413971-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {95F8FE77-19A3-493B-8249-6B0D4ED4A34F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\USUARIO\Desktop\ESETOnlineScanner_ESL.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {A8F20796-CA67-4225-90BD-3F5E72B53DF0} - System32\Tasks\EPSON L220 Series Update {F7385428-9A8D-4C7C-9978-431EAE636671} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON L220 Series Update {F7385428-9A8D-4C7C-9978-431EAE636671}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSN2E.EXE:/EXE:{F7385428-9A8D-4C7C-9978-431EAE636671} /F:UpdateWORKGROUP\DESKTOP-F0VM3U4$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\USUARIO\Desktop\Química - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\[email protected] - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2018-07-15 19:01 - 2010-04-16 16:10 - 000036864 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlService.exe
2018-07-15 13:19 - 2016-11-14 04:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2017-10-18 16:51 - 2017-10-18 16:51 - 000598528 _____ () [File not signed] C:\ProgramData\MEGAsync\ShellExtX64.dll
2018-07-15 13:38 - 2018-07-15 13:38 - 000590848 _____ (AIMP DevTeam) [File not signed] C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll
2018-07-15 19:01 - 2011-01-13 18:26 - 001196032 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtWlan.exe
2018-07-15 19:01 - 2010-02-04 11:15 - 000045056 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlICS.dll
2018-07-15 19:01 - 2009-12-09 21:20 - 000126976 _____ () [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\EnumDevLib.dll
2018-07-15 19:01 - 2009-01-21 11:33 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\IpLib.dll
2018-07-15 19:01 - 2011-01-03 15:59 - 000479232 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlLib.dll
2018-07-15 19:01 - 2006-07-05 06:45 - 001069056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\LIBEAY32.dll
2018-07-15 19:01 - 2010-09-02 14:17 - 000225280 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtlIhvOid.dll
2018-12-21 04:28 - 2018-12-21 04:28 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2018-07-15 13:43 - 2015-01-31 10:08 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll
2018-07-15 13:43 - 2013-06-25 11:03 - 000036864 _____ () [File not signed] C:\Program Files (x86)\USB Disk Security\locales\spanish.dll
2018-07-15 13:43 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1263756674-2307396826-839413971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool10 => 2
MSCONFIG\Services: NitroUpdateService => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "PowerDVD16Agent"
HKU\S-1-5-21-1263756674-2307396826-839413971-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F6F0F0AF-C696-43F6-ABD0-89DE80067287}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2745C74E-D846-4CFD-A9A5-8E04CF123ED3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{667E7665-8349-472E-99E1-D691F4F38C7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7F9CA016-B5BD-4954-84C0-9A0E27799288}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Kernel\DMS\CLMSServerPDVD16.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{AD0F93D3-FCDB-4653-9773-AA763E36B89E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{207B7C3E-6455-4E7C-A31D-31DD65467BCC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C2AB61-FC11-4D30-ADC5-8BF0E984D7B0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD16\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A2572AEC-27D7-4593-ACDD-2D5877F87A60}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{8CA5DFD8-93EF-4AFD-A54D-D8F7C7FCB1B3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{2A161FC8-31B1-4E87-92BF-BDA96F152CE5}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{A290B472-E7B4-4528-AD16-EE8FEE175582}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{FCED355B-16B8-4B6C-8EEE-8853953F8856}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{828419B1-23BE-4303-976D-D53E36162ABD}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{9B1967FB-D512-4943-A345-65897374C037}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{57DEA53A-8166-4AB2-9B37-70873F405D60}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe (INTERNATIONAL BUSINESS MACHINES CORPORATION -> IBM Corp.) [File not signed]
FirewallRules: [{B76505C3-636F-4D5B-8809-0E5CF67BE412}] => (Allow) C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{87253C50-8A8F-41E1-9022-2AE8D4BAE4C3}] => (Allow) C:\Program Files (x86)\REALTEK\Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{2E9474AA-6018-4378-8687-475BE4A6FA64}] => (Allow) LPort=1542
FirewallRules: [{637BB9F5-27C1-43C7-BCB2-6BBC64317A72}] => (Allow) LPort=1542
FirewallRules: [{F5C1D88D-7F70-4FF2-A5CE-6B2EE25ECE18}] => (Allow) LPort=53
FirewallRules: [{1A582022-D12A-4F04-8464-CBBCF2D7A688}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{16647364-6F66-44B3-9334-56ABD9F6DA22}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{530FBD3A-9174-4A7C-89BF-A2FE7BFDB63A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
08-03-2019 14:14:54 Punto de control programado
18-03-2019 07:27:36 Punto de control programado
25-03-2019 10:07:30 Punto de control programado
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Realtek PCIe GBE Family Controller
Description: Controladora Realtek PCIe GBE Family
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2019 04:31:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/27/2019 11:59:33 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/27/2019 11:56:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/27/2019 11:56:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
Error: (03/26/2019 06:49:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/26/2019 06:39:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/26/2019 04:38:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (03/26/2019 02:59:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (03/27/2019 11:57:54 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F0VM3U4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario DESKTOP-F0VM3U4\USUARIO con SID (S-1-5-21-1263756674-2307396826-839413971-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/27/2019 11:56:40 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F0VM3U4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
y APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
al usuario DESKTOP-F0VM3U4\USUARIO con SID (S-1-5-21-1263756674-2307396826-839413971-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/27/2019 11:56:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/27/2019 11:56:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/26/2019 09:09:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F0VM3U4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario DESKTOP-F0VM3U4\USUARIO con SID (S-1-5-21-1263756674-2307396826-839413971-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/26/2019 03:08:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F0VM3U4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario DESKTOP-F0VM3U4\USUARIO con SID (S-1-5-21-1263756674-2307396826-839413971-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/26/2019 02:59:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F0VM3U4)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
y APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
al usuario DESKTOP-F0VM3U4\USUARIO con SID (S-1-5-21-1263756674-2307396826-839413971-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Error: (03/26/2019 02:59:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
Windows Defender:
===================================
Date: 2019-03-26 20:14:17.001
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {0047DB6C-0DC0-4D8C-8C06-5E88BED5CFDF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-03-26 19:51:10.973
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {FC63F6D3-C8A2-4F9D-AEBA-3D9319388954}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-03-26 19:24:54.229
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {53CE1961-4C4A-4CB7-AA3E-DE6A1C004B9D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-03-26 19:09:09.348
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {48A7D5DC-2ECF-44F2-A99C-C7C8107F4BB5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-03-26 18:54:04.892
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {8ABE811C-E09B-4DAF-A556-136EF6B786F9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
Date: 2019-03-19 18:34:09.813
Description:
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior: 1.289.1521.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior: 1.1.15700.9
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 66%
Total physical RAM: 4094.49 MB
Available physical RAM: 1360.09 MB
Total Virtual: 9982.49 MB
Available Virtual: 6397.16 MB
==================== Drives ================================
Drive c: (Windows_OS) (Fixed) (Total:223.58 GB) (Free:22.6 GB) NTFS
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:310.03 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5D043805)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: B6D594B0)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :
-
Para hacerlo descarga Delfix en tu escritorio.
-
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
-
Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO
-
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
En el equipo con los demas programas cerrados:
Inicio >>> Ejecutar >>>Escribes notepad.exe.
Ahora copia y pega estos archivos dentro del Notepad:
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1263756674-2307396826-839413971-1001\...\MountPoints2: {7e1f75fb-fb7c-11e8-b22b-001a7dda7111} - "F:\AutoRun.exe"
GroupPolicy: Restriction ? <==== ATTENTION
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll => No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
Toolbar: HKU\S-1-5-21-1263756674-2307396826-839413971-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
HKLM\SYSTEM\CurrentControlSet\Services\4583B317B21D80D6 <==== ATTENTION (Rootkit!)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ShortcutWithArgument: C:\Users\USUARIO\Desktop\Química - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SPARKvue.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=iimbdmgkimpbhimdjnmiffmeefbppijo
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\USUARIO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\[email protected] - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<
Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.
-
Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)
-
Ejecutas Frst.exe.
-
Presionas el botón Fix y aguardas a que termine.
-
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta, comentado como va el problema junto a este otro analisis y su logs