Liam
8 Abril, 2020 21:38
1
Buenas noches, ayer hice un análisis a mi ordenador con ESET y finalizó con los siguientes mensajes:
\Device\HarddiskVolume2\EFI\HP\BIOS\Current\0227D.bin = UEFI = uefi:\\Volume 2\DXE Core {4A538818-5AE0-4EB2-B2EB-488B23657022}\Unnamed partition\Volume 1\ComputraceComponents - una variante de EFI/CompuTrace.A aplicación potencialmente peligrosa - no es posible su desinfección
\Device\HarddiskVolume2\EFI\HP\BIOS\Previous\0227D.bin = UEFI = uefi:\\Volume 2\DXE Core {4A538818-5AE0-4EB2-B2EB-488B23657022}\Unnamed partition\Volume 1\ComputraceComponents - una variante de EFI/CompuTrace.A aplicación potencialmente peligrosa - no es posible su desinfección
\\Uefi Partition = UEFI = uefi:\\Volume 2\DXE Core {4A538818-5AE0-4EB2-B2EB-488B23657022}\Unnamed partition\Volume 1\ComputraceComponents - una variante de EFI/CompuTrace.A aplicación potencialmente peligrosa - no es posible su desinfecciónYa he seguido esta guía , todo con resultados positivos (ninguna amenaza, todo limpio), además de Kaspersky Virus Removal Tool.
He encontrado esta página del propio Eset con información relacionada, pero no tengo los conocimientos suficientes como para entenderla.
Cualquier mensaje de ayuda será bienvenido, gracias de antemano y perdón por las molestias
1 me gusta
Hola @Liam y Bienvenido al nuevo Foro…!!
Que version de windows tienes instalada en esa máquina…??
Y además descarga y descomprime esta herramienta en tu escritorio Manual de Malwarebytes Anti-Rootkits Beta , y sigues los pasos que se indican para revisar el equipo :
Abre la carpeta Mbar , haces doble clic en el archivo Mbar.exe .
En la ventana que saldrá pulsas en Next .
Pulsar en Update , y cuando termine en Next .
Ahora inicias el análisis pulsando en el botón Scan .
Al terminar, si existe infección pulsamos en CleanUp infección pulsamos en Exit .
Al terminar busca en la carpeta Mbar, y abres los archivos mbar-log.txt y system-log.txt , nos copias el contenido en la siguiente respuesta y comentas resultados + la consulta.
Saludos.
Liam
9 Abril, 2020 00:15
3
Gracias por tu respuestas. Tengo Windows 8.1
**mbar-log.txt:**
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2020.04.08.12
rootkit: v2020.04.08.12
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.19650
Daniel :: GIEDO [administrator]
09/04/2020 1:19:41
mbar-log-2020-04-09 (01-19-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 242651
Time elapsed: 53 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
**system-log.txt:**
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.3.9200 Windows 8.1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.19650
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 12811657216, free: 7169257472
Downloaded database version: v2020.04.08.12
Downloaded database version: v2020.04.08.12
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
04/09/2020 01:19:08
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\HalExtIntcLpioDma.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Security\Modules\em000k_64\1018\em000k_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em006_64\1216\em006_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em018k_64\1656\em018k_64.dll
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\tapnordvpn.sys
\SystemRoot\system32\DRIVERS\hmatap.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\WirelessButtonDriver64.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpitime.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\System32\Drivers\INETMON.sys
\SystemRoot\system32\drivers\97290171.sys
\SystemRoot\system32\drivers\C6176393.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\1132549B.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2020.04.08.12
rootkit: v2020.04.08.12
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000449766a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00044975040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000449766a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00044977760, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe00042bfbe50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00042b2b060, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 7B276AF7
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3320422011
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 51450c55-bcf-48ef-9b41-8956b16ea82d
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3320422011
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 51450c55-bcf-48ef-9b41-8956b16ea82d
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 47592196-f725-44d7-8cba-e1f885ee095
FirstLBA 2048 Last LBA 1333247
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 88b9b988-1b3-40c0-a370-82aadc98bc3f
FirstLBA 1333248 Last LBA 1865727
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 1aace620-3d40-43fe-9851-46a121a475c2
FirstLBA 1865728 Last LBA 2127871
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 2165ecd5-cf9a-4fe6-a5fe-1c10db5e8338
FirstLBA 2127872 Last LBA 1906819071
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID d5395171-5314-4798-b06f-16299ea955f
FirstLBA 1906819072 Last LBA 1907740671
Attributes 1
Partition Name
Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 22f8613d-660a-4021-9d5f-8c47a58b8337
FirstLBA 1907740672 Last LBA 1953513471
Attributes 1
Partition Name Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\MsApoFxProxy.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Hola.
Ahora inicia el símbolo del sistema(CMD), luego copia y pega exactamente lo que te dejo aquí :
systeminfo > listado.txt & start listado.txt
Al finalizar el proceso se abrirá un informe, copia y pega su contenido en tu próxima respuesta.
Liam
9 Abril, 2020 21:54
5
Aquí lo tienes, gracias!
Nombre de host: GIEDO
Nombre del sistema operativo: Microsoft Windows 8.1
Versi¢n del sistema operativo: 6.3.9600 N/D Compilaci¢n 9600
Fabricante del sistema operativo: Microsoft Corporation
Configuraci¢n del sistema operativo: Estaci¢n de trabajo independiente
Tipo de compilaci¢n del sistema operativo: Multiprocessor Free
Propiedad de: HP
Organizaci¢n registrada: Hewlett-Packard
Id. del producto: 00179-68561-27337-AAOEM
Fecha de instalaci¢n original: 25/01/2020, 14:39:18
Tiempo de arranque del sistema: 08/04/2020, 13:33:17
Fabricante del sistema: Hewlett-Packard
Modelo el sistema: HP Pavilion 15 Notebook PC
Tipo de sistema: x64-based PC
Procesador(es): 1 Procesadores instalados.
[01]: Intel64 Family 6 Model 69 Stepping 1 GenuineIntel ~2601 Mhz
Versi¢n del BIOS: Insyde F.51, 20/07/2015
Directorio de Windows: C:\WINDOWS
Directorio de sistema: C:\WINDOWS\system32
Dispositivo de arranque: \Device\HarddiskVolume2
Configuraci¢n regional del sistema: es;Espa¤ol (internacional)
Idioma de entrada: es;Espa¤ol (tradicional)
Zona horaria: (UTC+01:00) Bruselas, Copenhague, Madrid, Par¡s
Cantidad total de memoria f¡sica: 12,218 MB
Memoria f¡sica disponible: 7,085 MB
Memoria virtual: tama¤o m ximo: 19,130 MB
Memoria virtual: disponible: 12,968 MB
Memoria virtual: en uso: 6,162 MB
Ubicaci¢n(es) de archivo de paginaci¢n: C:\pagefile.sys
Dominio: WORKGROUP
Servidor de inicio de sesi¢n: \\MicrosoftAccount
Revisi¢n(es): 190 revisi¢n(es) instaladas.
[01]: KB2899189_Microsoft-Windows-CameraCodec-Package
[02]: KB2769299
[03]: KB2885706
[04]: KB2894852
[05]: KB2894856
[06]: KB2919355
[07]: KB2919442
[08]: KB2920189
[09]: KB2937220
[10]: KB2937295
[11]: KB2938772
[12]: KB2939153
[13]: KB2939576
[14]: KB2941455
[15]: KB2949621
[16]: KB2950153
[17]: KB2950166
[18]: KB2954879
[19]: KB2955164
[20]: KB2956575
[21]: KB2957189
[22]: KB2957689
[23]: KB2958262
[24]: KB2961132
[25]: KB2962140
[26]: KB2962409
[27]: KB2964718
[28]: KB2964736
[29]: KB2965142
[30]: KB2965500
[31]: KB2965699
[32]: KB2965788
[33]: KB2966072
[34]: KB2966804
[35]: KB2966826
[36]: KB2966828
[37]: KB2967917
[38]: KB2968296
[39]: KB2968599
[40]: KB2969339
[41]: KB2972103
[42]: KB2972213
[43]: KB2973114
[44]: KB2973448
[45]: KB2976978
[46]: KB2978002
[47]: KB2978122
[48]: KB2989930
[49]: KB2990967
[50]: KB2994290
[51]: KB2999226
[52]: KB3000850
[53]: KB3003057
[54]: KB3003667
[55]: KB3004545
[56]: KB3012235
[57]: KB3012702
[58]: KB3013172
[59]: KB3013531
[60]: KB3013538
[61]: KB3013769
[62]: KB3013791
[63]: KB3013816
[64]: KB3014442
[65]: KB3015696
[66]: KB3018133
[67]: KB3019978
[68]: KB3020370
[69]: KB3023219
[70]: KB3024751
[71]: KB3024755
[72]: KB3029606
[73]: KB3030947
[74]: KB3033446
[75]: KB3035126
[76]: KB3036612
[77]: KB3037576
[78]: KB3038002
[79]: KB3038936
[80]: KB3042085
[81]: KB3044374
[82]: KB3044673
[83]: KB3045634
[84]: KB3045685
[85]: KB3045717
[86]: KB3045719
[87]: KB3045755
[88]: KB3045999
[89]: KB3046017
[90]: KB3046480
[91]: KB3046737
[92]: KB3047254
[93]: KB3053863
[94]: KB3053946
[95]: KB3054169
[96]: KB3054256
[97]: KB3054464
[98]: KB3055323
[99]: KB3055343
[100]: KB3056347
[101]: KB3059317
[102]: KB3060793
[103]: KB3061493
[104]: KB3061512
[105]: KB3062760
[106]: KB3063843
[107]: KB3064059
[108]: KB3071756
[109]: KB3072307
[110]: KB3074545
[111]: KB3076949
[112]: KB3077715
[113]: KB3078405
[114]: KB3080149
[115]: KB3080800
[116]: KB3082089
[117]: KB3084135
[118]: KB3084905
[119]: KB3086255
[120]: KB3087137
[121]: KB3091297
[122]: KB3095701
[123]: KB3097992
[124]: KB3099834
[125]: KB3100473
[126]: KB3102429
[127]: KB3103616
[128]: KB3103696
[129]: KB3103709
[130]: KB3109103
[131]: KB3109560
[132]: KB3109976
[133]: KB3110329
[134]: KB3115224
[135]: KB3118401
[136]: KB3121261
[137]: KB3122651
[138]: KB3126030
[139]: KB3126434
[140]: KB3126587
[141]: KB3127222
[142]: KB3133690
[143]: KB3134815
[144]: KB3137728
[145]: KB3138378
[146]: KB3138602
[147]: KB3138910
[148]: KB3138962
[149]: KB3139398
[150]: KB3139914
[151]: KB3140185
[152]: KB3140219
[153]: KB3140222
[154]: KB3140234
[155]: KB3145384
[156]: KB3146604
[157]: KB3146723
[158]: KB3146751
[159]: KB3147071
[160]: KB3150513
[161]: KB3155784
[162]: KB3156059
[163]: KB3159398
[164]: KB3161102
[165]: KB3161949
[166]: KB3162835
[167]: KB3172614
[168]: KB3172729
[169]: KB3173424
[170]: KB3175024
[171]: KB3178539
[172]: KB3179574
[173]: KB3184143
[174]: KB3185319
[175]: KB3187754
[176]: KB4040981
[177]: KB4462930
[178]: KB4486105
[179]: KB4486113
[180]: KB4502496
[181]: KB4516115
[182]: KB4524445
[183]: KB4532940
[184]: KB4532946
[185]: KB4534134
[186]: KB4537482
[187]: KB4537503
[188]: KB4537759
[189]: KB4540725
[190]: KB4541334
Tarjeta(s) de red: 4 Tarjetas de interfaz de red instaladas.
[01]: Realtek PCIe FE Family Controller
Nombre de conexi¢n: Ethernet
DHCP habilitado: S¡
Servidor DHCP: 192.168.1.1
Direcciones IP
[01]: 192.168.1.104
[02]: fe80::c8ec:c44d:5d94:16f0
[02]: Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
Nombre de conexi¢n: Wi-Fi
Estado: Medios desconectados
[03]: TAP-NordVPN Windows Adapter V9
Nombre de conexi¢n: Ethernet 2
Estado: Medios desconectados
[04]: HMA TAP-Windows Adapter V9
Nombre de conexi¢n: HMA! Pro VPN
Estado: Medios desconectados
Requisitos Hyper-V: Extensiones de modo de monitor de VM: S¡
Se habilit¢ la virtualizaci¢n en el firmware: No
Traducci¢n de direcciones de segundo nivel: S¡
La prevenci¢n de ejecuci¢n de datos est disponible: S¡
Bien… tu equipo HP Pavilion 15 Notebook PC incorpora una BIOS de version “Insyde F.51 y de fecha 20/07/2015” debes verificar en la pagina de HP si ésta BIOS cuenta con alguna version mas reciente o actualizada.
Debes entrar en esta página https://support.hp.com/es-es/drivers/laptops , y pulsas en “Deje que HP detecte su producto” o bien indicas el numero de serie del equipo en la casilla correspondiente.
Una vez realizados esos pasos te apareceran los distintos drivers que existen para tu dispositivo, despliega el apartado que indique BIOS y compruebas cuales salen y que numero de version indican, descargate la ultima que veas en tu escritorio.
Nos comentas.
Saludos.
Liam
9 Abril, 2020 22:34
7
Casualmente eso lo hice ayer, pero no sabía cómo comprobar mi versión actual de BIOS.
Actualización del BIOS del sistema de notebooks HP (procesadores Intel)
F.57 Rev.A 26.3 MB 6 de dic. de 2018
Veo que no está actualizada, ¿hay alguna manera de hacerlo automáticamente? Algo similar a Windows Update me refiero
Hola.
Lo que debes hacer es descargar el fichero ejecutable que te tiene que permitir hacerlo desde el botón “Descargar” para guardarlo en tu escritorio debería ser un fichero que empiece por SP y un número.
Luego se ejecuta con botón derecho y seleccionas “Ejecutar como Administrador” y seguir los pasos que te vaya indicando, debes tener el portátil conectado a corriente y al acabar deberá REINICIAR o sino lo haces TU.
Nos comentas.
Saludos.
Liam
10 Abril, 2020 00:37
9
De acuerdo, posteriormente, ¿qué debo hacer?
Una vez que hayas REINICIADO puedes volver a realizar el proceso :
systeminfo > listado.txt & start listado.txt
Y simplemente compruebas que en la línea donde aparece que BIOS tiene el equipo instalada te figure la nueva version :
Versi¢n del BIOS : . . . . . . . . . . . . . Insyde F.51, 20/07/2015
Ahi deberias tener F.57 y con fecha 06/12/2018, no hace falta que pongas todo el análisis de nuevo, simplemente verificalo TU y luego lo comentas.
Si es correcto vuelves a realizar un análisis con ESET y verifica SI YA no salen esas incidencias que tenías inicialmente.
Saludos.
Liam
10 Abril, 2020 17:27
11
El problema persiste. He actualizado la BIOS, he reiniciado, he comprobado que se ha actualizado correctamente y he iniciado otro análisis de ESET, de nuevo el mismo problema. Nada más iniciarse el escáner lo detecta, por lo que debe de ser lo primero que analiza
Hola.
Entendido.
Veamos… te pedi que relazaras la acutalziacion de tu BIOS-UEFI por las indicaciones que se dan en el tema que tu referenciaste de ESET [KB6567] Aparece una detección UEFI por parte de ESET
Donde se indica claramente que se proceda a realizar la actualización en caso de existir :
Actualice el firmware de UEFI en su equipo
Recomendamos que realice la actualización del firmware de UEFI aun si el equipo no se encuentra infectado. Como medida preventiva, le ayudará a minimizar las posibilidades de que se desarrolle este tipo de infección.
Lo que te esta detectando ESET es el fallo/agujero que puede existir en el Chip de UEFI-BIOS de tu equipo o en el propio hardware de la máquina.
Lógicamente SI la actualización que has instalado NO resuelve el problema que analiza ESET, NO podrás repararlo de ninguna manera, siempre que Hewlett-Packard NO saque la corrección en caso de que pueda hacerse por Software, si el problema deriva de un fallo/agujero de hardware evidentemente la única solución sería cambiar de máquina.
¿Cómo resolver las detecciones de ESET UEFI?
Debido a que las infecciones UEFI son específicas al firmware del hardware, ESET no puede remover una detección UEFI. Vea debajo posibles pasos para remediar este escenario.
Actualice el firmware provisto por el fabricante de su computadora y realice una exploración con el producto ESET. Si la detección UEFI permanece, sugerimos solicitar al fabricante que actualice el firmware para remover la detección en cuestión.
Excluya la detección de esta amenaza en su producto ESET. Si ha activado la detección de aplicaciones potencialmente no seguras y el fabricante de su equipo no remueve la aplicación de su firmware, puede excluir la detección en futuras exploraciones.
Usuarios hogareños : Excluir de la exploración una aplicación por su nombre en los productos ESET para Windows .
En ese último apartado tendrías la alternativa para hacer que ESET NO te detecte ese fallo.
Por nuestra parte poco mas queda por hacer, nos comentas si queda alguna duda para dar el tema por resuelto.
Saludos.
Liam
10 Abril, 2020 20:57
13
Me surge una duda, para confirmar que entiendo yo el problema.
No se trata de ningún virus sino un fallo/agujero como has dicho y no es un problema problema que haya originado yo.
Muchísimas gracias por toda tu ayuda, haces un gran trabajo ayudando de manera voluntaria.
Hola.
Liam:
Me surge una duda, para confirmar que entiendo yo el problema.
No se trata de ningún virus sino un fallo/agujero como has dicho y no es un problema problema que haya originado yo.
Efectivamente, de momento NO es una infección por algo que se haya “incrustado” en el fallo/agujero y se esté aprovechando de él, lo que incorporan en el software de ESET es el análisis y/o detección de ese tipo de fallos de hardware para poder tenerlos controlados.
Si tu quieres que NO te aparezca este aviso… la solución es desactivar la búsqueda detención de este tipo de fallos :
De manera predeterminada, la detección de aplicaciones potencialmente no deseadas o no seguras se encuentra deshabilitada en los productos ESET. Debido a que las infecciones UEFI son muy específicas al firmware del hardware que infectan , ESET solo puede detectar y notificarlo acerca de la infección en cuestión. UEFI solo es explorado durante el análisis inicial o durante una Exploración bajo demanda cuando se encuentra seleccionada “Sectores de inicio/UEFI”.
Dinos si esto queda más claro…
Saludos.
1 me gusta
Liam
11 Abril, 2020 10:53
15
Me ha quedado queda, muchas gracias por todo!!!
Perfecto @Liam , gracias a ti por confiar en nosotros.
Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos.
Tema Solucionado.
Saludos, Javier.
