Instalación de firewall y ralentización de pc

Eliminar Malwares
41

Hola, buenas @Kato

Disculpa que haya tardado en responder y que mis respuestas no hayan sido rápidas. Pues por desgracia se me ha complicado la vida otra vez y bueno ahora tendré algo más de tiempo. Pero no tanto como pensaba que sí que tendría.

Ok, tranquilo no pasa nada. Todos tenemos nuestras cosas.

OK.

Ok.

Respecto al fixlog está todo correcto.

Respecto a lo que comentas que sucede con: systemlook veo poco probable de que queden restos en el sistema de ZoneAlarm. De todas formas vamos a cambiar un poco de estrategia/enfoque para realizar esto mismo que íbamos a hacer, pero de una forma un poco diferente.

Inicia de nuevo el equipo desde el :arrow_forward: Modo Seguro – sin funciones de Red, de Windows. Si no funcionasen los métodos que se explican en el anterior post, prueba estos otros. Más concretamente, primero el 3 (Seleccionando Mínimo en lugar de Red) y si no el 2 (también Mínimo).

Una vez iniciado en este modo, empiezas haciendo todos los pasos que te pondré a continuación.

Traes el log.

Salu2.

42

Hola, buenas @Kato

¿Pudiste realizar algún avance?

Salu2.

43

Hola, buenas @Kato

¿Pudiste realizar algún avance?

Salu2.

44

Buenas @MIXU. Perdón por la demora, estoy fuera de casa, el lunes puedo ponerme a ello y te envío todo lo que me pides, un saludo.

1 me gusta
45

OK. Perfecto.

No problema.

Salu2.

46

Buenas @MIXU, he intentado hacer lo que me has dicho esta vez pero se me sigue tildando donde antes, te envío el log hasta la parte en la que se tilda.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:59 on 10/08/2021 by Kato
Administrator - Elevation successful

========== filefind ==========

Searching for "*cpbak*"
C:\FRST\Quarantine\C\Windows\System32\Drivers\cpbak.sys.xBAD	--a---- 83248 bytes	[07:16 03/09/2020]	[07:16 03/09/2020] ED71FE95575F62FDAE2A88A2F709318A

Searching for "*epnetflt*"
C:\FRST\Quarantine\C\Windows\System32\Drivers\epnetflt.sys.xBAD	--a---- 135984 bytes	[13:47 06/12/2020]	[13:47 06/12/2020] 43D6B4B59269EEE64B97BBF7F20BBA62

Searching for "*epregflt*"
C:\FRST\Quarantine\C\Windows\System32\Drivers\epregflt.sys.xBAD	--a---- 133416 bytes	[10:47 02/12/2020]	[10:47 02/12/2020] 650931A36E304DC79396E2CA7925D668

Searching for "*ardrv*"
No files found.

Searching for "*ZoneAlarm*"
C:\FRST\Quarantine\C\$Recycle.Bin\S-1-5-21-1141238596-2014631217-894586651-1001\$R0WIUH3\ZoneAlarm\ZoneAlarm Herramienta de diagnóstico.lnk	--a---- 1343 bytes	[16:53 16/06/2021]	[16:53 16/06/2021] 303BA44263AA112CE05FE6C4E7C59516
C:\FRST\Quarantine\C\$Recycle.Bin\S-1-5-21-1141238596-2014631217-894586651-1001\$R0WIUH3\ZoneAlarm\ZoneAlarm Registros.lnk	--a---- 829 bytes	[16:53 16/06/2021]	[16:53 16/06/2021] 6B13D7140995BA5DCFBCA86AF36B1945
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\nt\img\zonealarm-logo.svg	--a---- 6314 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] 7DB07C3F0A084AC0B9DE179255F62995
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\nt\img\zonealarm.ico	--a---- 1150 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] F28D7BF5B6A24A8F08D32A6FADE5A44C
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\C__ProgramData_CheckPoint_ZoneAlarm_Logs.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 3B6A6056910488C2F2D94B954B66C6F9
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_CheckPoint_ZoneAlarm_diagnostics_DiagnosticsCaptureTool_exe.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] AF1D16A6F6586A09CF2C3349F05DA49B
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_CheckPoint_ZoneAlarm_zatray_exe.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] AF1D16A6F6586A09CF2C3349F05DA49B
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Temp\ZoneAlarm Security.ruel.xBAD	--a---- 29892 bytes	[15:14 17/06/2021]	[15:14 17/06/2021] B51E127FCCF67277EB6B1D3F14264403
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Temp\ZoneAlarm_logs.zip.xBAD	--a---- 80332 bytes	[15:26 18/06/2021]	[15:27 18/06/2021] DCAE8AE73E3C3CEF3BD0A69024916D38

Searching for "*CheckPoint*"
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogoHot.ico	--a---- 9662 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] A7023FB9F43654AC865649C8E3E4E657
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogoNormal.ico	--a---- 9662 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] A7023FB9F43654AC865649C8E3E4E657
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_128.png	--a---- 2358 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 432F9645C97ADF1DC19EE8003685D9C4
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_16.png	--a---- 346 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 0D2BCE97E287A982965EDCDFC1E679D6
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_19.png	--a---- 387 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 16354D0602FFA38C02991A4AA642B134
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_19_black.png	--a---- 1329 bytes	[16:54 16/06/2021]	[20:25 01/06/2020] CE2B8AF4D1DC4CEF99D112B5CC812E7C
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_19_TEX.png	--a---- 387 bytes	[16:54 16/06/2021]	[20:25 01/06/2020] 43AF80ACD49A4412E858C7FCDDFFAD0D
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_24.png	--a---- 387 bytes	[16:54 16/06/2021]	[20:25 01/06/2020] 43AF80ACD49A4412E858C7FCDDFFAD0D
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_32.png	--a---- 1220 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] 9355F47EFA66F5805EC27E118FA45FD4
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_38_.png	--a---- 1617 bytes	[16:54 16/06/2021]	[20:25 01/06/2020] 219BF75ADA966CEF63C46790E1CF561D
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_48.png	--a---- 917 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 83215CAC7DA703A2B6FAFE9592D4748C
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_64.png	--a---- 2563 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] FFF36628014CFAF7233565DEA29CBAAC
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\icons\CheckPointLogo_80.png	--a---- 2001 bytes	[16:54 16/06/2021]	[20:25 01/06/2020] 9AC1216FA15A66E7E917391C1CA07DA6
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\sites\checkpoint.ico	--a---- 579 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] D9F1448E72BBA9EE209515B193783A58
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\sites\checkpoint.jpg	--a---- 138813 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] CFB1B93AA5BC38A7D321334BC611C3BE
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.75.7_0\data\sites\checkpoint_old.ico	--a---- 506 bytes	[16:54 16/06/2021]	[20:13 01/06/2020] 47DD5E4208134F0C90096019F69B6A5D
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\C__ProgramData_CheckPoint_ZoneAlarm_Logs.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] 3B6A6056910488C2F2D94B954B66C6F9
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_CheckPoint_ZoneAlarm_diagnostics_DiagnosticsCaptureTool_exe.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] AF1D16A6F6586A09CF2C3349F05DA49B
C:\FRST\Quarantine\C\Users\Kato\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_CheckPoint_ZoneAlarm_zatray_exe.xBAD	--a---- 37014 bytes	[16:54 16/06/2021]	[16:54 16/06/2021] AF1D16A6F6586A09CF2C3349F05DA49B
C:\Windows\Panther\Rollback\checkpoint.info	--a--c- 512 bytes	[10:42 09/10/2020]	[14:16 11/10/2020] 67033176C4DE4066D4872B9FDC21FB1B
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4F20D3A5-82A5-4D59-8FEC-689E6F247587}.checkpoint	--a---- 1635 bytes	[10:56 10/08/2021]	[10:56 10/08/2021] D3245115F2BF61324AB6286DBB9B96E0
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5664EF62-67E0-4ED0-8D7D-4A1D3472BEE2}.checkpoint	--a---- 1641 bytes	[10:56 10/08/2021]	[10:56 10/08/2021] 0492744961616EE5280206B04ACB183D
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{83CD69E0-E294-483D-9D80-EAD3EC03013D}.checkpoint	--a---- 1613 bytes	[10:56 10/08/2021]	[10:56 10/08/2021] 9A947F6E06DB742784E6AC5BEE482D53
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{900E0AB0-F7F2-4582-8F5A-687B79EFCA3B}.checkpoint	--a---- 1631 bytes	[15:36 14/07/2021]	[15:36 14/07/2021] 8841BA044681D84AD4593F800E24581B
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9A011F35-C45D-43A8-AE04-F9E0D2E026AD}.checkpoint	--a---- 1667 bytes	[19:01 25/05/2021]	[19:01 25/05/2021] 25BDBD21C10F1E8A78DF604E0ACED539
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A0264CBF-8B12-403B-8BAA-E9D62F35FDF8}.checkpoint	--a---- 1631 bytes	[20:38 12/07/2021]	[20:38 12/07/2021] DED6730A76E04F0F4FB3B0B4B6706C30
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A0C2994E-5C67-489B-9C99-147BAB96CCA3}.checkpoint	--a---- 1621 bytes	[10:56 10/08/2021]	[10:56 10/08/2021] 11DA6AA4857CE5DE8D32477B0A5B78FB
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A3223EFC-BFF5-4241-9D12-62A460093C21}.checkpoint	--a---- 1639 bytes	[09:22 17/04/2021]	[09:22 17/04/2021] CB9331C4B5E7BAB192B1DC2A9FB11FA5
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A6D4B6C3-A1C6-4AB8-8455-44DE91A6B2FB}.checkpoint	--a---- 1647 bytes	[18:58 20/01/2021]	[18:58 20/01/2021] F8DBACD3968F056358655ECDE39F30CF
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C622443F-6105-4A1B-9728-6E8610E70CB0}.checkpoint	--a---- 1603 bytes	[15:11 12/12/2020]	[15:11 12/12/2020] EFB859EFC6A94FA794493A1CCE27F16E
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C8F756EF-78AA-473D-A840-A68BE044F4F0}.checkpoint	--a---- 1615 bytes	[15:47 22/06/2021]	[17:57 23/06/2021] 1885C43793A5061CA8E9FEC33113837D
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{CD7DFBE1-AC68-4B36-9E73-B554740DB069}.checkpoint	--a---- 1642 bytes	[15:32 19/11/2020]	[15:32 19/11/2020] 3F1A7D84D984CAA1C8726EC7281D666D
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D0ACAC62-B77D-4C95-B106-B6329635A043}.checkpoint	--a---- 1685 bytes	[16:12 09/08/2021]	[16:12 09/08/2021] 68EB31C9A73B288D612F226708EF5467
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D6C87440-7B9D-47E1-A53E-0F662AECA680}.checkpoint	--a---- 1601 bytes	[14:51 10/06/2021]	[14:51 10/06/2021] 955A9B5C2CE5BFCE63E6CB7B4D7084BD
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D82247B2-3289-4309-8127-19CD454C9AD3}.checkpoint	--a---- 1609 bytes	[10:56 10/08/2021]	[10:56 10/08/2021] 1A6133B908EE53599E7FB87ECDC1C8D0
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D9710EFA-02A3-4E74-B520-8BF19E8AEBB7}.checkpoint	--a---- 1613 bytes	[12:28 06/03/2021]	[12:28 06/03/2021] 897AC6DC381301CE38575C0C9BD2AD37
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E1C31A53-9FE1-4100-8E82-C96BA5EBB463}.checkpoint	--a---- 1603 bytes	[12:28 06/03/2021]	[12:28 06/03/2021] 958D4E5C83691BF141E9CAFBA1E585C4
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{EF2FCE83-E9A5-43B5-B4E1-6FF926A57374}.checkpoint	--a---- 1613 bytes	[16:17 15/03/2021]	[16:17 15/03/2021] B673C296BB7AEE89E0C73B5136066ABE
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F0474DA3-D7EA-436F-AE50-DA503EB8AA03}.checkpoint	--a---- 1635 bytes	[12:28 06/03/2021]	[12:28 06/03/2021] 073F85B03971D89F562497ACD4E7C61D
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F357D94E-CA15-415F-A4EF-10E6CB7FE9FA}.checkpoint	--a---- 1603 bytes	[14:09 16/05/2021]	[14:09 16/05/2021] B5D740A4C80A9C40ACB0AD6140CEB81F
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F3B866EA-4F87-417C-82BF-AC3AA9C6966A}.checkpoint	--a---- 1653 bytes	[15:32 19/11/2020]	[15:32 19/11/2020] 4D9EFB20610E2B9613AB1A8E557E73A7
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F8551DD6-FFD0-4F46-BBB3-BC42458A4CDD}.checkpoint	--a---- 1636 bytes	[14:43 22/07/2021]	[17:51 22/07/2021] 33AC2A32CEE0C9A65C8DA3A134A96413
C:\Windows\System32\winevt\Logs\CheckPoint.evtx	--a--c- 69632 bytes	[17:06 16/06/2021]	[17:08 17/06/2021] DB32EE4FE704A85F0065ABB152C7C789

Searching for "            "
No files found.

========== regfind ==========

Searching for "ZoneAlarm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}]
"DISPLAYNAME"="ZoneAlarm Firewall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}]
"PRODUCTEXE"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZA_WSC_Remediation.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}]
"REPORTINGEXE"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EBB55EBAC7FBF94BBF41A4B5C823906]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsruledb_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16EAF3E24A5009A499C7EEE5A337A65E]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\VSMonEventLogProvider.man"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB8127DB6A700A4782AEEC23939A90D]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F79C687F2926084F86D18EC212A458B]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsutil_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\421572EAB5F08254186DC4927B03F7DB]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\scheduler_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5055CC8B7B2F7894FA4E8F2CE88EB453]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsvault_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\832C20B1262356642BA36B31A9C7100D]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsdb_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A65AE63EB4FA01A469FEA89477FD48AA]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\dltel.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6D9A8D4509AC25449616A03430BCABA]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlcomm_loc0405.dll"

Searching for "CheckPoint"
[HKEY_CURRENT_USER\SOFTWARE\Epic Games\Unreal Engine\Game Session Summary\1_4\E9D51256-4596-7DDD-6BC8-168C2859E24B]
"Plugins"="ACLPlugin,AESGCMHandlerComponent,AGM_BattleRoyale,AISupport,AmbientAudio,AndroidDeviceProfileSelector,AndroidPermission,AnimationBudgetAllocator,AnimationSharing,AssetManagerEditor,AssetTags,AthenaAIFunctionalTest,AudioSynesthesia,AutomationUtils,AvfMedia,AwfulDuck,BattlePassBase,BattlePassPermanentQuests,BattlepassS16,BattleRoyale,BlueprintContext,BlueprintMaterialTextureNodes,Bodyguard,Bounties,Buddy,CableComponent,CameraShakePreviewer,CascadeToNiagaraConverter,ChaosCloth,ChaosClothEditor,ChaosEditor,ChaosNiagara,ChaosSolverPlugin,ChunkDownloader,CommonConversation,CommonUI,CommonUILegacy,ControlFlows,ControlRig,Crafting,CRD_Clapboard,CRD_Crashpad,CRD_FishingZone,CRD_GameEnd,CRD_HealPowerup,CRD_HoagieSpawner,CRD_Mannequin,CRD_PhoneBooth,CRD_PlayerCheckpointProp,CRD_PlayerRef,CRD_PlayerSpawn,CRD_RacingCheckpoint,CRD_SavePoint,CRD_Store,CRD_VehicleSpawners,CRD_VolumetricRegion,CRG_La
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00FACAAE-5213-42C7-9B65-123AE71013A9}]
@="CheckPointAmsiProvider64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00FACAAE-5213-42C7-9B65-123AE71013A9}\InProcServer32]
@="C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CC99A2D-79B6-48D5-A74D-72EA96D04BE1}]
@="CheckPointAmsiProvider32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CC99A2D-79B6-48D5-A74D-72EA96D04BE1}\InProcServer32]
@="C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1D8C0084-DFA1-40F9-93EA-C13A2428C36B}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1D8C0084-DFA1-40F9-93EA-C13A2428C36B}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{528A27B2-DEED-42F9-99C5-EA8DF0974B44}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{528A27B2-DEED-42F9-99C5-EA8DF0974B44}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5344777D-A7C9-484D-9EEE-5B43B54DF464}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5344777D-A7C9-484D-9EEE-5B43B54DF464}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6C89D148-0718-4AC8-8BAC-631C1D1FC19C}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6C89D148-0718-4AC8-8BAC-631C1D1FC19C}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{751DA4CB-BFCE-474C-978E-6474160FCDC2}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{751DA4CB-BFCE-474C-978E-6474160FCDC2}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AAEC02E4-51F9-44B1-8957-022A23567FCB}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AAEC02E4-51F9-44B1-8957-022A23567FCB}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F391148E-9A66-47C0-A907-A33D59D3D64C}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F391148E-9A66-47C0-A907-A33D59D3D64C}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\Providers\{00FACAAE-5213-42C7-9B65-123AE71013A9}]
@="CheckPointAmsiProvider64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0E8AE32-0758-4C8D-AB71-23B361FE8964}]
"AppPath"="C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}]
"PRODUCTEXE"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZA_WSC_Remediation.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}]
"REPORTINGEXE"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Endpoint Security\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Endpoint Security\Threat Emulation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Endpoint Security\Remediation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\NetFilterDriver\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\RegFilterDriver\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\status\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\procs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\attacks\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\wow64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Endpoint Security\Antex\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\Assemblies\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Reputation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\Scanner\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\section\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\menu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\remediation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\Assemblies\SA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\Updater\data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Endpoint Security\TemplateFiles\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\abort\images\menu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\abort\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\abort\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\abort\css\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\overview\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\css\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\js\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\BackupDriver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\wow64\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\dmg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\severity\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\js\ext\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\nav\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\dbgcore\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\dbghlp\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\mode\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\cpinfo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\Log_cfg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\EntityFramework\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\Replace\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\fails\images\menu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\fails\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\fails\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\ReportTemplates\fails\css\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\confidence\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SharpZipLib\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\lightgbmnet\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\log4net\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Json_Net\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\images\reputation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\DBStore\Events\graph\fonts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\UIFramework\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\CheckPoint\Endpoint Security\UIFramework\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EBB55EBAC7FBF94BBF41A4B5C823906]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsruledb_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16EAF3E24A5009A499C7EEE5A337A65E]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\VSMonEventLogProvider.man"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB8127DB6A700A4782AEEC23939A90D]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F79C687F2926084F86D18EC212A458B]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsutil_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\421572EAB5F08254186DC4927B03F7DB]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\scheduler_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5055CC8B7B2F7894FA4E8F2CE88EB453]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsvault_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\832C20B1262356642BA36B31A9C7100D]
"466F64B752459D5478165E605F7DD121"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsdb_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A65AE63EB4FA01A469FEA89477FD48AA]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\dltel.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6D9A8D4509AC25449616A03430BCABA]
"50B2F4DDA5B067C4EAEFC3581E60E475"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlcomm_loc0405.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointSignature"="73545271-be94-4969-9b3b-3cacd054037f"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPointRW]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\AMSI\Providers\{0CC99A2D-79B6-48D5-A74D-72EA96D04BE1}]
@="CheckPointAmsiProvider32"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0E8AE32-0758-4C8D-AB71-23B361FE8964}]
"AppPath"="C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12D8A4EF-2014-454F-85A1-BFBC52FF4C21}]
"UninstallString"="C:\Program Files (x86)\CheckPoint\ICM\uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointSignature"="73545271-be94-4969-9b3b-3cacd054037f"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{0CC99A2D-79B6-48D5-A74D-72EA96D04BE1}]
@="CheckPointAmsiProvider32"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{0CC99A2D-79B6-48D5-A74D-72EA96D04BE1}\InProcServer32]
@="C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{1D8C0084-DFA1-40F9-93EA-C13A2428C36B}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{1D8C0084-DFA1-40F9-93EA-C13A2428C36B}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{528A27B2-DEED-42F9-99C5-EA8DF0974B44}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{528A27B2-DEED-42F9-99C5-EA8DF0974B44}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5344777D-A7C9-484D-9EEE-5B43B54DF464}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5344777D-A7C9-484D-9EEE-5B43B54DF464}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{6C89D148-0718-4AC8-8BAC-631C1D1FC19C}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{6C89D148-0718-4AC8-8BAC-631C1D1FC19C}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{751DA4CB-BFCE-474C-978E-6474160FCDC2}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{751DA4CB-BFCE-474C-978E-6474160FCDC2}\InprocServer32\1.0.0.0]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\NGAV.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{AAEC02E4-51F9-44B1-8957-022A23567FCB}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{AAEC02E4-51F9-44B1-8957-022A23567FCB}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\BackupAndRestoration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{F391148E-9A66-47C0-A907-A33D59D3D64C}\InprocServer32]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{F391148E-9A66-47C0-A907-A33D59D3D64C}\InprocServer32\8.60.6.8529]
"CodeBase"="file:///C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\DataCollection.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\CheckPoint]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\CheckPoint\Antex]
"EventMessageFile"="C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\antex_event.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\CheckPoint]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\CheckPoint\Antex]
"EventMessageFile"="C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\antex_event.dll"
[HKEY_USERS\S-1-5-21-1141238596-2014631217-894586651-1001\SOFTWARE\Epic Games\Unreal Engine\Game Session Summary\1_4\E9D51256-4596-7DDD-6BC8-168C2859E24B]
"Plugins"="ACLPlugin,AESGCMHandlerComponent,AGM_BattleRoyale,AISupport,AmbientAudio,AndroidDeviceProfileSelector,AndroidPermission,AnimationBudgetAllocator,AnimationSharing,AssetManagerEditor,AssetTags,AthenaAIFunctionalTest,AudioSynesthesia,AutomationUtils,AvfMedia,AwfulDuck,BattlePassBase,BattlePassPermanentQuests,BattlepassS16,BattleRoyale,BlueprintContext,BlueprintMaterialTextureNodes,Bodyguard,Bounties,Buddy,CableComponent,CameraShakePreviewer,CascadeToNiagaraConverter,ChaosCloth,ChaosClothEditor,ChaosEditor,ChaosNiagara,ChaosSolverPlugin,ChunkDownloader,CommonConversation,CommonUI,CommonUILegacy,ControlFlows,ControlRig,Crafting,CRD_Clapboard,CRD_Crashpad,CRD_FishingZone,CRD_GameEnd,CRD_HealPowerup,CRD_HoagieSpawner,CRD_Mannequin,CRD_PhoneBooth,CRD_PlayerCheckpointProp,CRD_PlayerRef,CRD_PlayerSpawn,CRD_RacingCheckpoint,CRD_SavePoint,CRD_Store,CRD_Vehi

Searching for " "
47

Hola, buenas @Kato disculpa que haya tardado en responder. Pues estoy teniendo unos días muy ajetreados, con bastante poco tiempo.

Bien, por lo que veo quedan algunos pequeños restos del programa. Sobre todo en el registro de Windows, pero como me temía el SystemLook no acaba de funcionar y se cuelga.

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

  3. Pones el siguiente código en el recuadro blanco de FARBAR. Este recuadro, se llamará Search/Buscar:

SearchAll: *cpbak*;*epnetflt*;*epregflt*;*ardrv*;*ZoneAlarm*;*CheckPoint*

  1. Presionas sobre Search Files y esperas a que finalice la búsqueda.

  2. Aparecerá un log/reporte que se llamará: Search.txt o algo como Search[Lo_Que_Sea].txt, este quedará guardado en el escritorio.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas el reporte solicitado. Debes de poner el reporte todo entero con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 caracteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

P.D.: Si tardo en responder que no te extrañe, voy con muy poco tiempo y es normal. Pero seguiremos el caso hasta el final. YA FALTA SUPERPOCO PARA ACABAR.

48

Hola, buenas @Kato

He visto que muy recientemente te has conectado al foro.

¿Pudiste realizar algún avance?

Salu2.

49

Hola buenas @Kato

Comentaste que querías retomar este tema.

¿Has podido hacer algún avance @Kato?

Salu2.