Compartir a través de

¿Cómo sé si mi sistema esta libre de malware?

Anónimas
2023-05-14T19:23:27+00:00

Hola, hace poco mi computadora fue infectada por un virus que al parecer estaba minando con mi computadora (según leí en foros), me hacía trabajar el CPU al limite, que fue ahí donde supuse que algo andaba mal, incluso me estaban abriendo cuentas de redes sociales que ya protegí, he usado Kaspersky para eliminar el virus, ya que Windows Defender nunca lo detecto, el virus fue detectado por el antivirus Kaspersky y se llamaba "HackTool:Win32/AutoKMS", de inmediato tome acciones y se supone que se elimino, pero tengo dudas, entonces use Farbar para mirar un poco, pero no sé mucho del tema aún y por eso hago esta consulta, acá les dejo les dejo el análisis que hizo Farbar Recovery Scan Tool de mi sistema:

PD: elimine algo de texto de la lista blanca debido al limite de caracteres.

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 12-05-2023 01 Ejecutado por arman (14-05-2023 11:26:41) Ejecutado desde C:\Users\arman\Downloads Microsoft Windows 11 Home Versión 22H2 22621.1702 (X64) (2022-10-06 12:31:55) Modo de Inicio: Normal ========================================================== ==================== Cuentas: ============================= (Si una entrada es incluida en el fixlist, será eliminada.) Administrator (S-1-5-21-1599307558-2198771251-3042622884-500 - Administrator - Disabled) arman (S-1-5-21-1599307558-2198771251-3042622884-1001 - Administrator - Enabled) => C:\Users\arman brand (S-1-5-21-1599307558-2198771251-3042622884-1002 - Limited - Disabled) DefaultAccount (S-1-5-21-1599307558-2198771251-3042622884-503 - Limited - Disabled) Guest (S-1-5-21-1599307558-2198771251-3042622884-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1599307558-2198771251-3042622884-504 - Limited - Disabled) ==================== Centro de Seguridad ======================== (Si una entrada es incluida en el fixlist, será eliminada.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} ==================== Programas instalados ====================== (Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.) Packages: ========= ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.4.10.0_x64__qmba6cd70vzyy [2023-03-09] (ASUSTeK COMPUTER INC.) AURA Creator -> C:\Program Files\WindowsApps\B9ECED6F.AURACreator_3.5.7.0_x64__qmba6cd70vzyy [2023-04-27] (ASUSTeK COMPUTER INC.) Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-07-09] (Microsoft Corporation) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.17.945.0_x64__rz1tebttyb220 [2023-05-09] (Dolby Laboratories) Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.2.294.0_x64__rz1tebttyb220 [2023-04-30] (Dolby Laboratories) Extensión de video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-05] (Microsoft Corporation) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2023-05-07] (Instagram) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-18] (Microsoft Corporation) [MS Ad] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-11] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10126.517.0_x64__8wekyb3d8bbwe [2023-04-30] (Microsoft Corporation) ms-resource:AppDisplayName -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.16.0_x64__qmba6cd70vzyy [2023-04-30] (ASUSTeK COMPUTER INC.) ms-resource:PACKAGE_DISPLAY_NAME -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt [2022-10-08] (INTEL CORP) ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt [2023-04-30] (INTEL CORP) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-11] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2021-12-27] (Realtek Semiconductor Corp) ShellEx Package -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64 [2023-05-08] (0) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-30] (Microsoft Studios) [MS Ad] Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.8.0_x64__cw5n1h2txyewy [2022-11-16] (Microsoft Windows) Speech Pack - Spanish (Mexico) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.es-MX.1_1.0.0.0_x64__cw5n1h2txyewy [2022-11-14] (Microsoft Windows) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0 [2023-05-01] (Spotify AB) [Startup Task] TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-05-07] (Bytedance Pte. Ltd.) ==================== Personalizado CLSID (Lista blanca): ============== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) CustomCLSID: HKU\S-1-5-21-1599307558-2198771251-3042622884-1001_Classes\CLSID{04271989-C4D2-C72F-B5AA-C6B5DB0D7AD3} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.087.0424.0001\FileSyncShell64.dll [2023-05-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_c3ada5fb735825f0\nvshext.dll [2022-11-28] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Lista blanca) ==================== ==================== Accesos directos & WMI ======================== (Las entradas pueden ser listadas para ser restauradas o eliminadas.) ShortcutWithArgument: C:\Users\arman\Desktop\Pomofocus.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=glhjejmflhdjpaimbkdnhfpbbgdgjkoh ShortcutWithArgument: C:\Users\arman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Pomofocus.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=glhjejmflhdjpaimbkdnhfpbbgdgjkoh ShortcutWithArgument: C:\Users\arman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f0eef260792a1ff\YouTube™ for TV.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gmmbpchnelmlmndfnckechknbohhjpge ==================== Módulos cargados (Lista blanca) ============= 2022-08-27 19:27 - 2022-06-20 14:14 - 000520704 _____ () [Archivo no firmado] \?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node 2022-08-27 19:27 - 2022-06-08 09:33 - 000479744 _____ () [Archivo no firmado] \?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node 2022-08-27 19:27 - 2022-06-08 09:33 - 000470016 _____ () [Archivo no firmado] \?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node 2022-08-27 19:27 - 2022-06-08 09:33 - 000832512 _____ () [Archivo no firmado] \?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node 2022-08-27 19:27 - 2022-06-08 09:33 - 000081920 _____ () [Archivo no firmado] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll 2023-05-14 01:37 - 2022-12-19 18:48 - 003409408 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Archivo no firmado] C:\Program Files\Snap Inc\Snap Camera\libcrypto-1_1-x64.dll 2023-05-14 01:37 - 2022-12-19 18:48 - 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Archivo no firmado] C:\Program Files\Snap Inc\Snap Camera\libssl-1_1-x64.dll ==================== Alternate Data Streams (Lista blanca) ======== (Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.) AlternateDataStreams: C:\ProgramData\06165232062071889718.exe:EA31F41E17 [3442] AlternateDataStreams: C:\ProgramData\1.txt:CFFE82258F [3442] AlternateDataStreams: C:\ProgramData\lock:60136DE2A4 [3442] AlternateDataStreams: C:\ProgramData\lock.dat:B839BDBBBE [3442] AlternateDataStreams: C:\ProgramData\rc.dat:64746D5524 [3442] AlternateDataStreams: C:\ProgramData\ts.dat:447AB85D72 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk:35C0D57199 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk:C47623E859 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3314] ==================== Modo Seguro (Lista blanca) ================== ==================== Asociación (Lista blanca) ================= ==================== Internet Explorer (Lista blanca) ========== HKU\S-1-5-21-1599307558-2198771251-3042622884-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = htttp://www.Compax.com.mx BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-05-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts contenido: ========================= (Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.) 2019-12-07 03:14 - 2022-09-29 18:22 - 000001331 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 activation.easeus.com 127.0.0.1 track.easeus.com 127.0.0.1 66.39.112.91 127.0.0.1 216.92.151.227 127.0.0.1 216.92.61.7 127.0.0.1 www.easeus.com 127.0.0.1 activation.easeus.com 127.0.0.1 track.easeus.com 127.0.0.1 66.39.112.91 127.0.0.1 216.92.151.227 127.0.0.1 216.92.61.7 127.0.0.1 www.easeus.com 127.0.0.1 activation.easeus.com 127.0.0.1 track.easeus.com 127.0.0.1 66.39.112.91 127.0.0.1 216.92.151.227 127.0.0.1 216.92.61.7 127.0.0.1 www.easeus.com ==================== Otras Áreas =========================== (Actualmente no existe una corrección automática para esta sección.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\Java\jdk-19\bin;C:\Program Files\Microsoft SQL Server\150\Tools\Binn;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn;C:\Program Files\dotnet\ HKU\S-1-5-21-1599307558-2198771251-3042622884-1001\Control Panel\Desktop\Wallpaper -> C:\Users\arman\OneDrive\Imágenes\Fondos\ROG Strix 2019_1920x1080.png HKU\S-1-5-80-2318606733-4105731500-2265514868-2382646068-3090068018\Control Panel\Desktop\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall de Windows está habilitado. ==================== MSCONFIG/TASK MANAGER elementos deshabilitados == (Si una entrada es incluida en el fixlist, será eliminada.) HKLM...\StartupApproved\Run: => "Riot Vanguard" HKLM...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-1599307558-2198771251-3042622884-1001...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1599307558-2198771251-3042622884-1001...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1599307558-2198771251-3042622884-1001...\StartupApproved\Run: => "Rave" HKU\S-1-5-21-1599307558-2198771251-3042622884-1001...\StartupApproved\Run: => "Discord" ==================== Reglas de firewall (Lista blanca) ================ (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) FirewallRules: [UDP Query User{99A41CF2-F063-4B8E-AFDE-634B75C483BA}C:\users\arman\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\arman\appdata\local\discord\app-1.0.9006\discord.exe => Ningún archivo FirewallRules: [TCP Query User{6AAE505F-9701-4A30-8EA8-E9C9215079C4}C:\users\arman\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\arman\appdata\local\discord\app-1.0.9006\discord.exe => Ningún archivo FirewallRules: [UDP Query User{625F8239-348D-4CB3-8743-AE006A5BE354}C:\program files (x86)\steam\steamapps\common\galaxy life\cefsharp.browsersubprocess.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\galaxy life\cefsharp.browsersubprocess.exe => Ningún archivo FirewallRules: [TCP Query User{F877D4E9-8707-4C8C-9447-E133115F692E}C:\program files (x86)\steam\steamapps\common\galaxy life\cefsharp.browsersubprocess.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\galaxy life\cefsharp.browsersubprocess.exe => Ningún archivo FirewallRules: [{309212D1-6C71-414B-B43C-219FFDF3112A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Ningún archivo FirewallRules: [{5281D9BB-7BC0-4023-982A-0625DC2C8EE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Ningún archivo FirewallRules: [{1EE4C456-FB3E-4981-8E6E-48F410DA85B8}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS) FirewallRules: [{DBD21EBC-6DCB-4A45-85A4-70184C5A6DCE}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS) FirewallRules: [{E461FF2A-EE65-4E2F-A509-F5FD13D479F1}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [UDP Query User{64332801-6DCD-4E0F-B5C5-5AD7A7EAC4AD}C:\program files\epic games\rainbowsixsiege\rainbowsix.exe] => (Allow) C:\program files\epic games\rainbowsixsiege\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [TCP Query User{10EB7A24-4D73-4F98-8C70-64DDDEB55F45}C:\program files\epic games\rainbowsixsiege\rainbowsix.exe] => (Allow) C:\program files\epic games\rainbowsixsiege\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [UDP Query User{AD2A722D-7525-442E-91D0-63A7C28B4836}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe () [Archivo no firmado] FirewallRules: [TCP Query User{EDB31061-8AFC-4D19-93C2-C4DD0B41EAF2}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) C:\program files\epic games\fallguys\fallguys_client_game.exe () [Archivo no firmado] FirewallRules: [{8EA3FF15-65B1-45F5-95F1-DEA2FC39FCE2}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME) FirewallRules: [{4E546EF0-6268-4501-ACA5-1EC597E28362}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.) FirewallRules: [UDP Query User{648A9D4F-4C9B-4148-AF8F-8546245B85A1}C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe => Ningún archivo FirewallRules: [TCP Query User{4761C852-D188-49A4-B97C-BD182FD512D8}C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) C:\xboxgames\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe => Ningún archivo FirewallRules: [{3063BD9B-5BE9-4258-9B46-4A4B502ACFF2}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [{0B9EE3B0-743D-48B4-BE06-73CFCF37CDFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Archivo no firmado] FirewallRules: [{44E322A0-524D-428E-AB2B-C2EFCD2DB4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Archivo no firmado] FirewallRules: [UDP Query User{09C23587-091D-4789-8C31-ADE3C3F6DD95}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{AA93E8BF-2BAF-4F2A-A487-61E6E11FA4D3}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{89F4DB69-5D15-4F09-B41E-490CE6D6F78F}C:\users\arman\appdata\local\discord\app-1.0.9004\discord.exe] => (Block) C:\users\arman\appdata\local\discord\app-1.0.9004\discord.exe => Ningún archivo FirewallRules: [TCP Query User{2B3C295E-77E3-4C96-A79F-59692F56AD14}C:\users\arman\appdata\local\discord\app-1.0.9004\discord.exe] => (Block) C:\users\arman\appdata\local\discord\app-1.0.9004\discord.exe => Ningún archivo FirewallRules: [UDP Query User{2791FBA7-F7D5-4B70-8E4D-546FCF0628F4}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{8AB65DB4-ED93-4ADB-818A-93745F1592FE}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{37C8D516-3FD1-4A65-9F4C-EB82125A53DD}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [Archivo no firmado] FirewallRules: [TCP Query User{33E57E2C-F96D-42ED-AB8A-3DB0A2690D92}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [Archivo no firmado] FirewallRules: [{5EBB3057-A08D-4734-9E21-026AA0F24BDF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{F856B74B-C0C2-4E07-B36E-3B0F2168E56B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{18D70FC0-9A86-4E8C-84EC-E9D4789DD780}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe => Ningún archivo FirewallRules: [TCP Query User{3692F3F5-8588-48F0-A228-044187B9E1F4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe => Ningún archivo FirewallRules: [UDP Query User{5455E4C1-3E3D-4BB8-92E6-2C6D764C5002}C:\users\arman\appdata\local\programs\rave-desktop\rave.exe] => (Allow) C:\users\arman\appdata\local\programs\rave-desktop\rave.exe (Rave Inc. -> Rave Inc.) FirewallRules: [TCP Query User{DEFA7D2E-75FE-4F40-ADBA-8DDAA877042A}C:\users\arman\appdata\local\programs\rave-desktop\rave.exe] => (Allow) C:\users\arman\appdata\local\programs\rave-desktop\rave.exe (Rave Inc. -> Rave Inc.) FirewallRules: [UDP Query User{E4EB8D09-9409-4FFD-83BC-19233C453790}C:\users\arman\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\arman\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B32475A9-D36C-43C4-B181-93AF09A99E97}C:\users\arman\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\arman\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{FB4B7F66-0C1C-4520-BC07-171398AE2A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{89177C03-CFA1-42DF-B184-6796F75105CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [UDP Query User{FC5C7C07-A8B6-472F-A82D-AF643A5CCA50}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{FFFCABB9-8D8F-4B6C-9B5C-ABD979DD02F6}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{05EF8D49-5303-473E-890A-9AAB871F03FE}C:\program files\windowsapps\spotifyab.spotifymusic_1.176.447.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.176.447.0_x86__zpdnekdrzrea0\spotify.exe => Ningún archivo FirewallRules: [TCP Query User{1EDA7EEB-255E-47E0-A8E6-D3248D81BBA8}C:\program files\windowsapps\spotifyab.spotifymusic_1.176.447.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.176.447.0_x86__zpdnekdrzrea0\spotify.exe => Ningún archivo FirewallRules: [UDP Query User{50AC9364-F7FB-4184-8003-148CBE085974}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [TCP Query User{DA7B6C61-E855-4EEE-8425-42DA760E140C}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) FirewallRules: [UDP Query User{5E3D041B-22E8-4F3D-980E-0A2D7092150A}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> ) FirewallRules: [TCP Query User{47A10736-6950-4AC7-A0F3-74B5ED426BE1}C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> ) FirewallRules: [{55510E1A-14F2-4059-A4D7-69FD17A18F77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [Archivo no firmado] FirewallRules: [{4D900FCD-49FF-44A6-BB9F-7A514F64CF72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [Archivo no firmado] FirewallRules: [{43BE9F09-554B-4CCD-B330-782174D087D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [Archivo no firmado] FirewallRules: [{5B77FDE3-41F3-4BD2-8709-25C4AA915256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [Archivo no firmado] FirewallRules: [{29A34CA1-7E0C-4285-BB81-6BDCCAED6D4F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{68F1F689-8A70-4B1C-AECA-1BFD17F01BD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{492C9088-F2EA-4B3E-A70D-3F68F9F1676F}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CB7FAB49-1662-4D28-8432-31AB4CCB1644}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CE504173-6E78-433E-BC73-2E5F3A66BAF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [Archivo no firmado] FirewallRules: [{5AACB2BF-5408-4128-83A5-AC8BEA486

Windows para el hogar | Windows 10 | Seguridad y privacidad

Pregunta bloqueada. Esta pregunta se migró desde la Comunidad de Soporte técnico de Microsoft. Puede votar si es útil, pero no puede agregar comentarios o respuestas ni seguir la pregunta.

0 comentarios
Respuesta aceptada por el autor de la pregunta
  1. Anónimas
    2023-05-14T20:36:06+00:00

    Saludos ARMANDO PACHECO básicamente tu equipo esta en riesgo total; El virus que mencionas autokms se usa como activador de productos principalmente Microsoft asi que tu mismo infectaste el sistema, ahora, entre otras cosas que hace es deshabilitar toda la protección del sistema y eso lo refleja el informe de farbar, que entre otras cosas muestra deshabilitado Windows defender y las protecciones de sistema, tienes excepciones de firewall, que permiten la intrusion desde y por la activación de office 2016, hay excepciones de complementos para navegador, y otras cosas que habría que analizar muy a fondo, pero básicamente necesitaras reinstalar el sistema y no usar ningún tipo de activador ni software cuestionable, ya que en este punto es cuestión de tiempo para que tengas una nueva infección y puede ser mas grave

    5 personas han encontrado útil esta respuesta.
    0 comentarios

0 respuestas adicionales

Ordenar por: Muy útil
Muy útil Más reciente Más antiguo