La PC queda lenta casi 1 hora completa, proceso sin nombre

Eliminar Malwares
1

Buenas gente! Estoy sospechando de algún virus o malware que usa los recursos de mi PC.

Cuando enciendo la PC, tengo que esperar casi una hora para que la PC regrese a su velocidad normal, ya que cuando arranca es inutilizable.

He podido observar que tanto el disco como el CPU saltan al 100% mientras se inicia, y me he fijado de un proceso que no tiene nombre que consume ambos. Quise tomarle captura pero mi PC como dije está practicamente colgada (solo se puede mover el mouse) en ese estado, y ahora que recien se recuperó y puedo escribir este mensaje, ya no encuentor dicho proceso que les comento.

Mi sistema operativo es Windows 10, estoy en una laptop Lenovo Thinkpad T540 con CPU Intel Core i5 4300M de 2.6Ghz y 4Gb de memoria ram.

Muchas gracias por la ayuda de antemano.

2

De nada @Brayand_Chacaltana

Ok. Primero descartaremos que no tengas algo “muy escurridizo”. Después descartaremos malware en general.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Inicia de nuevo el equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows. Si no funcionasen los métodos que se explican en el anterior post, prueba estos otros. Más concretamente, primero el 3 (Seleccionando Red en lugar de Mínimo) y si no el 2 (también Red).

Una vez iniciado en este modo, empiezas haciendo todos los pasos que te pondré a continuación.

P.D.: Si el quipo no te arrancase en Modo seguro (cosa que puede pasar), me lo dices e intentaremos arreglar el sistema para que arranque en Modo Seguro. Pues hay malwares que ya se encargaran de que no puedas iniciar en Modo Seguro.

  1. Descarga y ejecuta RKill, más concretamente debes de descargar la que está renombrada bajo el nombre de iExplore.exe. Para evitar el bloqueo de posibles malwares que pueda haber en tu equipo. Una vez que esta haya sido ejecutada, es muy importante no reiniciar el sistema hasta que te lo solicite yo o alguno de los programas de desinfección de los que estemos utilizando.

Me explico, por ejemplo: has iniciado la máquina en Modo Seguro con funciones de Red, has ejecutado Rkill y seguidamente realizas un Análisis con Malwarebytes. Este te detecta infecciones y te pide reiniciar la máquina para poder finalizar exitosamente su desinfección. Seguidamente, yo te he indicado que ejecutes por ejemplo el ESET Online Scanner, pues bien como no hemos acabado de desinfectar la máquina y estamos realizando el proceso de desinfección, y has tenido que reiniciar, ya que te lo ha pedido Malwarebytes pues debes de ejecutar nuevamente Rkill y después acto seguido el ESET ONline.

¿Me entiendes?

Si por ejemplo, incluso con Rkill, Malwarebytes AntiMalware o la herramienta que sea que te he pedido que utilices, ves que se bloquea y que al cabo de un buen rato no responde. Pues pasas a la siguiente y me informas de ello. Y así con todas. ¿OK? ¿Se entiende?

  1. Manual Malwarebytes Anti-Rootkit Beta sigues las instrucciones de su manual y me traes sus correspondientes Informes de análisis: Mbar-log.txt y System-log.txt tal como se indica en su manual (Actualizando la Database).

  2. Descarga, instala y ejecuta TDSKiller de acuerdo a su Manual TDSKiller. Marca todas las casillas (Loaded Modules, Verify file digital signatures y Detect TDLFS file system). Sí te pide reiniciar lo haces, ejecutas de nuevo la herramienta y al marcar nuevamente las casillas que te he dicho, ya te dejara analizar.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

EN TU PRÓXIMA RESPUESTA

  • Respondes a las preguntas que te haya realizado.
  • Traes los reportes de Malwarebytes Anti-Rootkit y TDSKiller.
  • Comentas el estado en general del ordenador respecto al problema inicial planteado.

Salu2.

1 me gusta
3

Hola que tal! gracias por la ayuda! Tengo un problema con Rkill. Me bajé el iExplore.exe que me señalaste, y cuando ejecuto el programa, se queda trabado en “Performing Miscelaneous Checks”. Es por esta razón que no puedo continuar con los demás análisis, porquie el programa no termina. ¿Qué debería hacer?

1 me gusta
4

Primero de todo disculpa que haya tardado en responder @Brayand_Chacaltana. Pues últimamente voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.

De nada.

Tengo un problema con Rkill. Me bajé el iExplore.exe que me señalaste, y cuando ejecuto el programa, se queda trabado en “Performing Miscelaneous Checks”. Es por esta razón que no puedo continuar con los demás análisis, porquie el programa no termina.

OK.

Cuando suceda esto y se quede trabado. Prueba a presionar la tecla de ENTER y si no la BARRA ESPACIADORA varias veces seguidas. Primero ENTER varias veces y después BARRA ESPACIADORA varias veces. ¿Se desbloquea? ¿Funciona?

Si es sí, pues sigues con el resto.

Si es no, pues intentas seguir con el resto de programas a ver si te deja.

Salu2.

2 Me gusta
5

Hola @Marr0n como estas? Ahora tu discúlpame a mi, esta PC es del trabajo y se la tuvieron que llevar unos días, por ello ya no respondí tus mensajes.

He hecho todos los análisis solicitados y te dejo los reportes que me pediste:

MALWAREBYTES ANTIROOTKIT

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.789.19041.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4166721536, free: 1507393536

Downloaded database version: v2021.11.25.07
Downloaded database version: v2021.11.25.07
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/25/2021 14:55:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\IntelTA.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\vpci.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\urscx01000.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\ItSas35i.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\megasas35i.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\cht4sx64.sys
\SystemRoot\System32\drivers\iaStorAVC.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\SmartSAMD.sys
\SystemRoot\System32\drivers\nvdimm.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\pmdrvs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\drivers\bttflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\ramdisk.sys
\SystemRoot\System32\drivers\pmem.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\IntelPcc.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\system32\drivers\avgArDisk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys
\SystemRoot\system32\DRIVERS\googledrivefs3525.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\CimFS.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\System32\drivers\ndiscap.sys
\SystemRoot\system32\drivers\avgNetHub.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b04ae4c30c0d829\e1d68x64.sys
\SystemRoot\System32\drivers\Netwbw02.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\drivers\avgKbd.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\ibmpmdrv.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\msquic.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\554565E3.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.11.25.07
  rootkit: v2021.11.25.07

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd7036a92e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd7036a91bbe0, DeviceName: Unknown, DriverName: \Driver\avgArDisk\
DevicePointer: 0xffffd7036a8378d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd7036a92f040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffd7036a92e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffd7036a640d50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd7036a710050, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 958FF0C5

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2738086151
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 646e9438-a4ea-4b3f-bf77-e97ef73f19
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2738086151
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 646e9438-a4ea-4b3f-bf77-e97ef73f19
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 43b6f830-8aaa-4a88-a139-2ff2e2bbc978
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 41109329-dfaa-43ab-be58-97ebccf14ffa
    FirstLBA 923648  Last LBA 1128447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7191c083-dbe9-476c-97c5-a32fb7dfd251
    FirstLBA 1128448  Last LBA 1161215
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2c1ebfc6-a0f2-48e3-b6f9-56c44d2d9423
    FirstLBA 1161216  Last LBA 238312855
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e78112c0-7acc-491d-80fe-63fe23bbf8b
    FirstLBA 238313472  Last LBA 239491071
    Attributes 1
    Partition Name                                     

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 22603118-6849-4c00-8bd4-235d7e7f60ee
    FirstLBA 239493120  Last LBA 976773119
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\sfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.FILEEXPLORER.COMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\HelpPane.exe" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\InputApp\TEXTINPUTHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTSHAPING.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\slc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\oobe\USEROOBEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Acx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afunix.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PktMon.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\portcfg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthMini.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALENROLLMENTMANAGER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidspi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MbbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msquic.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\PERCEPTIONSIMULATION\PERCEPTIONSIMULATIONSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SGRMBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\OpenSSH\SSH-AGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMUCSICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Vid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AarSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DISPBROKER.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.BLUETOOTH.USERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUTOTIMESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GRAPHICSPERFSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psmsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPTURESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CBDHSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vac.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONSENTUXCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.PICKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.GRAPHICS.DISPLAY.DISPLAYENHANCEMENTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LANGUAGEOVERLAYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MIXEDREALITYRUNTIME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTWORKFLOWSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MITIGATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSUDK.SHELLCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usosvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MANAGEMENT.SERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
Infected: C:\Users\b-rch\Downloads\avast_free_antivirus_setup_online.exe --> [Trojan.Dropper]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2021.11.25.07
  rootkit: v2021.11.25.07

Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.789.19041.0
b-rch :: DESKTOP-C692K8O [administrator]

25/11/2021 14:55:26
mbar-log-2021-11-25 (14-55-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 182763
Time elapsed: 22 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\b-rch\Downloads\avast_free_antivirus_setup_online.exe (Trojan.Dropper) -> Delete on reboot. [15a6f21de10692a4cdaee90de31ea858]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
6

TDSSKiller

16:38:49.0022 0x06bc  TDSS rootkit removing tool 3.1.0.28 Apr  9 2019 21:11:46
16:38:49.0037 0x06bc  UEFI system
16:38:53.0381 0x06bc  ============================================================
16:38:53.0381 0x06bc  Current date / time: 2021/11/25 16:38:53.0381
16:38:53.0381 0x06bc  SystemInfo:
16:38:53.0381 0x06bc  
16:38:53.0381 0x06bc  OS Version: 10.0.19042 ServicePack: 0.0
16:38:53.0381 0x06bc  Product type: Workstation
16:38:53.0381 0x06bc  ComputerName: DESKTOP-C692K8O
16:38:53.0381 0x06bc  UserName: b-rch
16:38:53.0381 0x06bc  Windows directory: C:\WINDOWS
16:38:53.0381 0x06bc  System windows directory: C:\WINDOWS
16:38:53.0381 0x06bc  Running under WOW64
16:38:53.0381 0x06bc  Processor architecture: Intel x64
16:38:53.0381 0x06bc  Number of processors: 4
16:38:53.0381 0x06bc  Page size: 0x1000
16:38:53.0381 0x06bc  Boot type: Safe boot with network
16:38:53.0381 0x06bc  CodeIntegrityOptions = 0x00000001
16:38:53.0381 0x06bc  ============================================================
16:38:53.0381 0x06bc  KLMD ARK init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
16:38:53.0397 0x06bc  KLMD BG init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
16:38:53.0397 0x06bc  BG loaded
16:38:53.0459 0x06bc  System UUID: {8135884C-ED2C-1ADB-0309-89BD0A206689}
16:38:53.0662 0x06bc  !crdlk
16:38:53.0834 0x06bc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:38:53.0834 0x06bc  ============================================================
16:38:53.0834 0x06bc  \Device\Harddisk0\DR0:
16:38:53.0850 0x06bc  GPT partitions:
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {43B6F830-8AAA-4A88-A139-2FF2E2BBC978}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {41109329-DFAA-43AB-BE58-97EBCCF14FFA}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {7191C083-DBE9-476C-97C5-A32FB7DFD251}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2C1EBFC6-A0F2-48E3-B6F9-56C44D2D9423}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0xE22A598
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E78112C0-7ACC-491D-80FE-63FE023BBF8B}, Name: , StartLBA 0xE346000, BlocksNum 0x11F800
16:38:53.0850 0x06bc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {22603118-6849-4C00-8BD4-235D7E7F60EE}, Name: Basic data partition, StartLBA 0xE466000, BlocksNum 0x2BF20000
16:38:53.0850 0x06bc  MBR partitions:
16:38:53.0850 0x06bc  ============================================================
16:38:53.0881 0x06bc  C: <-> \Device\Harddisk0\DR0\Partition4
16:38:53.0912 0x06bc  D: <-> \Device\Harddisk0\DR0\Partition6
16:38:53.0912 0x06bc  ============================================================
16:38:53.0912 0x06bc  Initialize success
16:38:53.0912 0x06bc  ============================================================
16:39:13.0364 0x0c0c  ============================================================
16:39:13.0364 0x0c0c  Scan started
16:39:13.0364 0x0c0c  Mode: Manual; SigCheck; TDLFS; 
16:39:13.0364 0x0c0c  ============================================================
16:39:13.0364 0x0c0c  KSN ping started
16:39:13.0879 0x0c0c  KSN ping finished: true
16:39:17.0535 0x0c0c  ================ Scan BIOS =================================
16:39:17.0551 0x0c0c  BIOS info: vendor = LENOVO, version = GMET90WW (2.38 ), releaseDate = 04/13/2020
16:39:17.0551 0x0c0c  Base board info: manufacturer = LENOVO, product = 20BFA16500, version = SDK0E50515 Std
16:39:19.0566 0x0c0c  [ C56F8E6C1C59137C4F7B12BFE1D32B52, 628E4009E90678681BCE4D750F86DE0BD5E212258926D0C6D9E703F876D29E70 ] BIOS
16:39:19.0566 0x0c0c  BIOS - ok
16:39:19.0566 0x0c0c  ================ Scan system memory ========================
16:39:19.0582 0x0c0c  System memory - ok
16:39:19.0582 0x0c0c  ================ Scan services =============================
16:39:19.0738 0x0c0c  1394ohci - ok
16:39:19.0738 0x0c0c  3ware - ok
16:39:19.0754 0x0c0c  AarSvc - ok
16:39:19.0801 0x0c0c  ACPI - ok
16:39:19.0801 0x0c0c  AcpiDev - ok
16:39:19.0801 0x0c0c  acpiex - ok
16:39:19.0801 0x0c0c  acpipagr - ok
16:39:19.0832 0x0c0c  [ 33B5ED555018128792AFFCDC9AF7AFD2, 1E7C5FADA2486EE31289A4BEFB70AEA173190671C64995441651903CF31E5033 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
16:39:20.0113 0x0c0c  AcpiPmi - ok
16:39:20.0129 0x0c0c  acpitime - ok
16:39:20.0129 0x0c0c  Acx01000 - ok
16:39:20.0129 0x0c0c  ADP80XX - ok
16:39:20.0145 0x0c0c  AFD - ok
16:39:20.0160 0x0c0c  afunix - ok
16:39:20.0176 0x0c0c  ahcache - ok
16:39:20.0191 0x0c0c  [ 526FE18DB976D9A1AE19FBC53FA690B1, 4E2623243A9BB61F7211E591C24EDB70B07974A7FA21E3F14C683F27E975777F ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
16:39:20.0473 0x0c0c  AJRouter - ok
16:39:20.0488 0x0c0c  ALG - ok
16:39:20.0488 0x0c0c  amdgpio2 - ok
16:39:20.0488 0x0c0c  amdi2c - ok
16:39:20.0488 0x0c0c  AmdK8 - ok
16:39:20.0504 0x0c0c  AmdPPM - ok
16:39:20.0504 0x0c0c  amdsata - ok
16:39:20.0504 0x0c0c  amdsbs - ok
16:39:20.0504 0x0c0c  amdxata - ok
16:39:20.0504 0x0c0c  AppID - ok
16:39:20.0520 0x0c0c  AppIDSvc - ok
16:39:20.0535 0x0c0c  Appinfo - ok
16:39:20.0566 0x0c0c  [ 4E59668442D1A2479E17F2FB5F819A7B, 0A0F185C9A713B8B3A5E0DA62E489A4D4F6204A13074AD4B56207972A1A783C7 ] AppleKmdfFilter C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys
16:39:20.0598 0x0c0c  AppleKmdfFilter - ok
16:39:20.0629 0x0c0c  [ 0122ECE34AEEC95212A211C016270937, 09272421CEC30D9F732F734161D9FB3968E5A83BAC1F02F0B9D9B927C878D08A ] AppleLowerFilter C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
16:39:20.0645 0x0c0c  AppleLowerFilter - ok
16:39:20.0645 0x0c0c  applockerfltr - ok
16:39:20.0660 0x0c0c  AppReadiness - ok
16:39:20.0676 0x0c0c  AppXSvc - ok
16:39:20.0676 0x0c0c  arcsas - ok
16:39:20.0676 0x0c0c  AsyncMac - ok
16:39:20.0676 0x0c0c  atapi - ok
16:39:20.0691 0x0c0c  AudioEndpointBuilder - ok
16:39:20.0691 0x0c0c  Audiosrv - ok
16:39:20.0707 0x0c0c  autotimesvc - ok
16:39:20.0801 0x0c0c  [ DCCD42C793D425157E8C9149D1B0D116, 20D5A32EDF487CB30DE61242BAE32D11844D1C00E2087A24A1882A1C735F3B13 ] AVG Antivirus   C:\Program Files\AVG\Antivirus\AVGSvc.exe
16:39:20.0848 0x0c0c  AVG Antivirus - ok
16:39:20.0894 0x0c0c  [ F032D38C22F9810DE42E3892E841618C, 113B316FC478AF8DDB4876B70F65BFBE4123C38CC93DBA8C2EA6B95A587B6977 ] AVG Tools       C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
16:39:20.0910 0x0c0c  AVG Tools - ok
16:39:20.0926 0x0c0c  [ 19C3332134E4D0C0A2422244BB3736C9, 830DEA61BC77CFCC67C1D0D64C69FBBD0EC5741A499524A6796B92A952879562 ] avgArDisk       C:\WINDOWS\system32\drivers\avgArDisk.sys
16:39:20.0973 0x0c0c  avgArDisk - ok
16:39:20.0988 0x0c0c  [ C8E2C699D46CA12F469BAC64B940473E, 56A8F6E752D7520D6C88BFF62A7F2049509D96F38A3B1EB9FC996AC29A4237CE ] avgArPot        C:\WINDOWS\system32\drivers\avgArPot.sys
16:39:21.0004 0x0c0c  avgArPot - ok
16:39:21.0207 0x0c0c  [ 41302B2A31FA84A12D35064AB0493DAE, 459BB1EC07D886E6C72008DB402C7333FA0E00E64EB59DA626BC2F9601A4B81F ] avgbIDSAgent    C:\Program Files\AVG\Antivirus\aswidsagent.exe
16:39:21.0488 0x0c0c  avgbIDSAgent - ok
16:39:21.0519 0x0c0c  [ A47EB30EED81FC62A47D76E96842BD5C, EBB23F7CD7A2E0654A3A2E42F69F83B442AD0EDE5D3EA454BEF84FEB50C1889B ] avgbidsdriver   C:\WINDOWS\system32\drivers\avgbidsdriver.sys
16:39:21.0535 0x0c0c  avgbidsdriver - ok
16:39:21.0566 0x0c0c  [ D6B4E3BBFFC5B23D6C936ACAC37A496E, 3CA966EA5B65A6AE6FEC36CCEDC5C105F5E243E857C646E3836D068E7645B843 ] avgbidsh        C:\WINDOWS\system32\drivers\avgbidsh.sys
16:39:21.0582 0x0c0c  avgbidsh - ok
16:39:21.0613 0x0c0c  [ 1C825D72AAEC8660C48EAEF06ED992AB, 4E923CDAC4AF7A1DD220DBD51437A062252EF3802E720A5ECDD3B1B218462D04 ] avgbuniv        C:\WINDOWS\system32\drivers\avgbuniv.sys
16:39:21.0613 0x0c0c  avgbuniv - ok
16:39:21.0629 0x0c0c  [ 6F8ECE4248AB344EB018B7DDCAEEACE3, 871191CF999816108047749E67A35225E2BD271C4B482C7F6E412DDA41C0C458 ] avgElam         C:\WINDOWS\system32\drivers\avgElam.sys
16:39:21.0644 0x0c0c  avgElam - ok
16:39:21.0644 0x0c0c  [ CFE5BCDDECBD0DF75DDBB2C82DC970A1, F7C868B77BA218C07DA69A8B548AE8D27C8F19A4F766268F96E0AAE0D7C6E59A ] avgKbd          C:\WINDOWS\system32\drivers\avgKbd.sys
16:39:21.0644 0x0c0c  avgKbd - ok
16:39:21.0660 0x0c0c  [ 32B098162051084A895C4AD5136235C9, A879E64DF5B5DDF9BE0A36265348237187938558732FF786FBA963DEC7DFA52F ] avgMonFlt       C:\WINDOWS\system32\drivers\avgMonFlt.sys
16:39:21.0676 0x0c0c  avgMonFlt - ok
16:39:21.0707 0x0c0c  [ FEF2D46423477D16E57BDE23E709F37E, 169D8441A5D83CD882789C92213BD5D957BA04B6037C2C2018E637EC8A350AD3 ] avgNetHub       C:\WINDOWS\system32\drivers\avgNetHub.sys
16:39:21.0723 0x0c0c  avgNetHub - ok
16:39:21.0738 0x0c0c  [ 89CD5C7A0400C8E94D43482CF539992D, E30D93DD4DB8980D2A5C795341EE7B135DC57316831599A46AD1F63050D0F9CA ] avgRdr          C:\WINDOWS\system32\drivers\avgRdr2.sys
16:39:21.0754 0x0c0c  avgRdr - ok
16:39:21.0754 0x0c0c  [ A7F7429924935867C87C42B7379AFEBA, A308682ED155B31DBDB853737ACA6CB30A9401EF06D82FAB683F19873F9BFEFB ] avgRvrt         C:\WINDOWS\system32\drivers\avgRvrt.sys
16:39:21.0769 0x0c0c  avgRvrt - ok
16:39:21.0816 0x0c0c  [ 519780793872BC6E1B6BC3F8CA78456D, 6DC8B9C260C06F52956156E41E4246646BCF4E983DEBAD0DBAD05C9B2B10CB88 ] avgSnx          C:\WINDOWS\system32\drivers\avgSnx.sys
16:39:21.0832 0x0c0c  avgSnx - ok
16:39:21.0863 0x0c0c  [ 50A81BFA62EC9F3A6680F1BFA9624D7D, 3154941EF863D8BFD92D96FB7FDE0CFE3EC2BC5199F330BBA3D1ED8EAD26D408 ] avgSP           C:\WINDOWS\system32\drivers\avgSP.sys
16:39:21.0879 0x0c0c  avgSP - ok
16:39:21.0910 0x0c0c  [ EDD21DFEA079A79ED17A8E2938D0A442, 04AC009C31AB46BD54C8A37BAD72FFD211AAC0DA27CC573C588E7B0BBE489690 ] avgStm          C:\WINDOWS\system32\drivers\avgStm.sys
16:39:21.0926 0x0c0c  avgStm - ok
16:39:21.0957 0x0c0c  [ 819AE5D0B5B1680623127A81726C57B0, C9DB31D51038CA0B8DBD25BECC512B42DBFE105BE559B61EFBAB1EA250FBC335 ] avgVmm          C:\WINDOWS\system32\drivers\avgVmm.sys
16:39:21.0973 0x0c0c  avgVmm - ok
16:39:21.0988 0x0c0c  [ 75CA8458D560E6F26A7EE0475E650458, CF9C722DE59B6A7EBBA99620E45693F6F9AFFA8BE26A361FB5D6662E539DAC3A ] AvgWscReporter  C:\Program Files\AVG\Antivirus\wsc_proxy.exe
16:39:22.0019 0x0c0c  AvgWscReporter - ok
16:39:22.0051 0x0c0c  AxInstSV - ok
16:39:22.0051 0x0c0c  b06bdrv - ok
16:39:22.0082 0x0c0c  [ 26E2320D24C66EB72B36EB71EBEF2558, 7D06B6499FE915480DF4DAD658281C8B85F7AD71F49B089A270AE0B45713F2E9 ] bam             C:\WINDOWS\system32\drivers\bam.sys
16:39:22.0098 0x0c0c  bam - ok
16:39:22.0144 0x0c0c  BasicDisplay - ok
16:39:22.0160 0x0c0c  BasicRender - ok
16:39:22.0176 0x0c0c  BcastDVRUserService - ok
16:39:22.0191 0x0c0c  [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
16:39:22.0269 0x0c0c  bcmfn2 - ok
16:39:22.0301 0x0c0c  [ F0C0C875DEEAEDF63305C1FBA6F602A9, 987832A12933B09E2C7EDD527C1986AC03C4E6A9AEF590687FF945E1F47F8357 ] bcmsmbsp        C:\WINDOWS\System32\drivers\bcmsmbsp.sys
16:39:22.0316 0x0c0c  bcmsmbsp - ok
16:39:22.0332 0x0c0c  BDESVC - ok
16:39:22.0363 0x0c0c  [ 4280B427B81EB8C265F3206E2298761E, 121AF03BBE6ECC1622C2540805A30AE9555EB5D5FE25B55939C045ECE7FC37EB ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:39:22.0426 0x0c0c  Beep - ok
16:39:22.0457 0x0c0c  BFE - ok
16:39:22.0473 0x0c0c  bindflt - ok
16:39:22.0488 0x0c0c  BITS - ok
16:39:22.0488 0x0c0c  BluetoothUserService - ok
16:39:22.0519 0x0c0c  bowser - ok
16:39:22.0535 0x0c0c  BrokerInfrastructure - ok
16:39:22.0551 0x0c0c  BTAGService - ok
16:39:22.0566 0x0c0c  [ 7F09708B8C651A0C0E2A2725136BA254, 0442A18BBED4E323265C66561C8F8C171D8E934E9089C12B94D1DFDBB057B737 ] BthA2dp         C:\WINDOWS\System32\drivers\BthA2dp.sys
16:39:22.0613 0x0c0c  BthA2dp - detected UnsignedFile.Multi.Generic ( 1 )
16:39:23.0176 0x0c0c  Detect skipped due to KSN trusted
16:39:23.0176 0x0c0c  BthA2dp - ok
16:39:23.0176 0x0c0c  BthAvctpSvc - ok
16:39:23.0191 0x0c0c  BthEnum - ok
16:39:23.0207 0x0c0c  [ 7AE44E94C6B1DF488AA309824DEAD643, 91C72C54142A0D4E5A5F33268850CEB8315AA30C2F0B74A9FFA962887ABAC797 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
16:39:23.0254 0x0c0c  BthHFEnum - detected UnsignedFile.Multi.Generic ( 1 )
16:39:23.0707 0x0c0c  Detect skipped due to KSN trusted
16:39:23.0707 0x0c0c  BthHFEnum - ok
16:39:23.0707 0x0c0c  BthLEEnum - ok
16:39:23.0707 0x0c0c  BthMini - ok
16:39:23.0738 0x0c0c  [ 11D609CC74F0EB1DF6C0171331CDE9A1, 9412DC92F16C0B8A937D6FB1AD83D7169F4EC0F08FAE0E2B244346428CE99EE1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
16:39:23.0769 0x0c0c  BTHMODEM - ok
16:39:23.0769 0x0c0c  BTHPORT - ok
16:39:23.0801 0x0c0c  [ D293AC628357F2F75B8579087F732970, 1E536D8863D695944214D55E9B0B4BFE04F705DB7ECA18A0CF8B37AAF4893B1E ] bthserv         C:\WINDOWS\system32\bthserv.dll
16:39:24.0300 0x0c0c  bthserv - ok
16:39:24.0300 0x0c0c  BTHUSB - ok
16:39:24.0300 0x0c0c  bttflt - ok
16:39:24.0316 0x0c0c  buttonconverter - ok
16:39:24.0332 0x0c0c  [ E7690568D2A5FA3D4E6D28B42358A122, CDBD820B6D383EC0A8151EA4300435C2BAD085EC55DB185C5E16CAF961443888 ] CAD             C:\WINDOWS\System32\drivers\CAD.sys
16:39:24.0347 0x0c0c  CAD - ok
16:39:24.0347 0x0c0c  camsvc - ok
16:39:24.0347 0x0c0c  CaptureService - ok
16:39:24.0379 0x0c0c  cbdhsvc - ok
16:39:24.0394 0x0c0c  cdfs - ok
16:39:24.0394 0x0c0c  CDPSvc - ok
16:39:24.0394 0x0c0c  CDPUserSvc - ok
16:39:24.0410 0x0c0c  cdrom - ok
16:39:24.0425 0x0c0c  CertPropSvc - ok
16:39:24.0425 0x0c0c  cht4iscsi - ok
16:39:24.0425 0x0c0c  cht4vbd - ok
16:39:24.0425 0x0c0c  CimFS - ok
16:39:24.0457 0x0c0c  [ 115CC1E142CE29C9006D59943108DF47, 564FA08C5BEC6DAF1A83C80C9139A6E1AA7E05D251DB3BA379B57C9FDAE83E1B ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
16:39:24.0488 0x0c0c  circlass - ok
16:39:24.0504 0x0c0c  CldFlt - ok
16:39:24.0504 0x0c0c  CLFS - ok
16:39:24.0504 0x0c0c  ClipSVC - ok
16:39:24.0504 0x0c0c  CmBatt - ok
16:39:24.0519 0x0c0c  CNG - ok
16:39:24.0535 0x0c0c  [ A46B4D1484227900F7615FE2A569D828, A06B8002E7A708890222C777DDF8B67FED7015C0943C1FC4F9036E9F9DC14494 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
16:39:24.0566 0x0c0c  cnghwassist - ok
16:39:24.0582 0x0c0c  [ 99392FDADF3CE5EB47403E5A52866E6F, 63CEF51971EB85D9823CE9A95F1ED9907D20525ED8E32230068CC36E9082A8C3 ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
16:39:24.0613 0x0c0c  CompositeBus - ok
16:39:24.0613 0x0c0c  COMSysApp - ok
16:39:24.0613 0x0c0c  condrv - ok
16:39:24.0613 0x0c0c  ConsentUxUserSvc - ok
16:39:24.0660 0x0c0c  CoreMessagingRegistrar - ok
16:39:24.0722 0x0c0c  [ 008D3431DFA9F1EC2261BC4C0DFA61C3, AC59496A7CEE596A308DF42643B02A95CE7ABA8952AC887CB0029108A93698C7 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
16:39:25.0691 0x0c0c  cphs - ok
16:39:25.0738 0x0c0c  CredentialEnrollmentManagerUserSvc - ok
16:39:25.0738 0x0c0c  CredentialEnrollmentManagerUserSvc_38c22 - ok
16:39:25.0754 0x0c0c  CryptSvc - ok
16:39:25.0785 0x0c0c  dam - ok
16:39:25.0785 0x0c0c  DcomLaunch - ok
16:39:25.0800 0x0c0c  defragsvc - ok
16:39:25.0847 0x0c0c  DeviceAssociationBrokerSvc - ok
16:39:25.0894 0x0c0c  DeviceAssociationService - ok
16:39:25.0910 0x0c0c  DeviceInstall - ok
16:39:25.0910 0x0c0c  DevicePickerUserSvc - ok
16:39:25.0925 0x0c0c  DevicesFlowUserSvc - ok
16:39:25.0957 0x0c0c  [ F8BE99B9EA9B110F7CB3F46BA844C1FF, EABF953864C0AE4FB6426C0B7E92DD81EE4A8852081F9D2EA02B61D4C8DB6188 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
16:39:26.0582 0x0c0c  DevQueryBroker - ok
16:39:26.0582 0x0c0c  Dfsc - ok
16:39:26.0582 0x0c0c  Dhcp - ok
16:39:26.0628 0x0c0c  diagnosticshub.standardcollector.service - ok
16:39:26.0628 0x0c0c  diagsvc - ok
16:39:26.0628 0x0c0c  DiagTrack - ok
16:39:26.0644 0x0c0c  disk - ok
16:39:26.0644 0x0c0c  DispBrokerDesktopSvc - ok
16:39:26.0660 0x0c0c  DisplayEnhancementService - ok
16:39:26.0660 0x0c0c  DmEnrollmentSvc - ok
16:39:26.0675 0x0c0c  dmvsc - ok
16:39:26.0691 0x0c0c  [ 2E8A026D6680C301ADF6D4B301A4CE8B, 2FDB34E2A61457308B0FEC938A2D6351F63D02BB67DC87FE4F2534E0048C8E89 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
16:39:26.0894 0x0c0c  dmwappushservice - ok
16:39:26.0910 0x0c0c  Dnscache - ok
16:39:26.0925 0x0c0c  dot3svc - ok
16:39:26.0957 0x0c0c  [ 9E65C33CB7FB50453F7F4407070EAF53, A8707BD19D584DAECA39990A2E791194140AFCA4FCE31F23CC7E931DF8C17361 ] DPS             C:\WINDOWS\system32\dps.dll
16:39:27.0082 0x0c0c  DPS - ok
16:39:27.0082 0x0c0c  drmkaud - ok
16:39:27.0082 0x0c0c  DsmSvc - ok
16:39:27.0097 0x0c0c  DsSvc - ok
16:39:27.0128 0x0c0c  [ 81DF23EC4009D307479D5C169539CD67, 65AEE1E876CBE801A763F14930D15CF2E6A10697620B5903AA04BA30585A5676 ] DusmSvc         C:\WINDOWS\System32\dusmsvc.dll
16:39:27.0285 0x0c0c  DusmSvc - ok
16:39:27.0300 0x0c0c  DXGKrnl - ok
16:39:27.0363 0x0c0c  [ FD6A6E753077D76C0FBF403518B3BD42, 2D7D15B6AA611F2A027143AD54E215CC54863B3B41BA312BBE13DF7CB4E4215A ] e1dexpress      C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b04ae4c30c0d829\e1d68x64.sys
16:39:27.0378 0x0c0c  e1dexpress - ok
16:39:27.0394 0x0c0c  Eaphost - ok
16:39:27.0394 0x0c0c  ebdrv - ok
16:39:27.0472 0x0c0c  [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdate      C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
16:39:27.0488 0x0c0c  edgeupdate - ok
16:39:27.0503 0x0c0c  [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdatem     C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
16:39:27.0519 0x0c0c  edgeupdatem - ok
16:39:27.0535 0x0c0c  EFS - ok
16:39:27.0550 0x0c0c  EhStorClass - ok
16:39:27.0566 0x0c0c  EhStorTcgDrv - ok
16:39:27.0582 0x0c0c  embeddedmode - ok
16:39:27.0597 0x0c0c  EntAppSvc - ok
16:39:27.0613 0x0c0c  [ 0350337887263A518AA03EDB5BA96A04, BF8254C1BCEAD68D8561635330A279C4DBA59F24E96C4A4AA1F3EDCF6403EB76 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
16:39:27.0769 0x0c0c  EpsonScanSvc - ok
16:39:27.0769 0x0c0c  ErrDev - ok
16:39:27.0769 0x0c0c  EventLog - ok
16:39:27.0769 0x0c0c  EventSystem - ok
16:39:27.0831 0x0c0c  [ 21A1A2A5BCDECCDFEC7116D2E5261977, D3982019036DFC256336BF73917F1E138A8D50AC5B38382C571213FA30D32EC4 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:39:27.0847 0x0c0c  EvtEng - ok
16:39:27.0878 0x0c0c  [ 0BF32186C3EC11315C33CC29EA8DD86C, 82B43762A5BC9C0AB7B5D1F96DC47B34700924B598070A7CCB30C92EB5EE1599 ] ew_usbccgpfilter C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys
16:39:27.0988 0x0c0c  ew_usbccgpfilter - ok
16:39:27.0988 0x0c0c  exfat - ok
16:39:27.0988 0x0c0c  fastfat - ok
16:39:28.0019 0x0c0c  Fax - ok
16:39:28.0019 0x0c0c  fdc - ok
16:39:28.0035 0x0c0c  [ 0439B82F6034ADA3E71C0C9F169082BD, 0918728669077235B2F2DB7EE22CE819FA570D8A7A497BA5F11E76774EA75099 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
16:39:28.0160 0x0c0c  fdPHost - ok
16:39:28.0191 0x0c0c  [ AD64C91B3CC71226785DCE688842E5AB, 056E1091468D268E7970045AB329EB3DFF48BB6B22448046A14C309678847B6E ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
16:39:28.0238 0x0c0c  FDResPub - ok
16:39:28.0253 0x0c0c  fhsvc - ok
16:39:28.0285 0x0c0c  [ 8E59D944EE4EFAED65A341A71297C4CD, CFFFD7007AB7FB04ECB44D0079BFE8EEB53AECC988135199C388AF425EBCF2AD ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
16:39:28.0347 0x0c0c  FileCrypt - ok
16:39:28.0347 0x0c0c  FileInfo - ok
16:39:28.0363 0x0c0c  Filetrace - ok
16:39:28.0378 0x0c0c  flpydisk - ok
16:39:28.0378 0x0c0c  FltMgr - ok
16:39:28.0410 0x0c0c  FontCache - ok
16:39:28.0425 0x0c0c  FrameServer - ok
16:39:28.0441 0x0c0c  FsDepends - ok
16:39:28.0441 0x0c0c  Fs_Rec - ok
16:39:28.0456 0x0c0c  fvevol - ok
16:39:28.0472 0x0c0c  [ A1E06E4E8CB863C74DE428D4D6681185, DA46502C009FD4C847A547610DEE2684A5A583467BF76009BD46104AAE2F6B1B ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
16:39:28.0816 0x0c0c  gencounter - ok
16:39:28.0863 0x0c0c  genericusbfn - ok
16:39:28.0910 0x0c0c  [ 058716AC41A50E66810C8663D22839B3, 9E77D6F2F5904100464B7C8DD3C6D5A4A743793D0C83EAF5E7F9E88F0A914659 ] googledrivefs3525 C:\WINDOWS\system32\DRIVERS\googledrivefs3525.sys
16:39:28.0925 0x0c0c  googledrivefs3525 - ok
16:39:28.0941 0x0c0c  GPIOClx0101 - ok
16:39:28.0941 0x0c0c  gpsvc - ok
16:39:28.0972 0x0c0c  [ 8C06046B6A8C1ACDAEA15682058FDFB4, 3E0CC301249B7D8D5BEB932F4DFD1EAB8037679EC153772F63B430713903B0AC ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
16:39:29.0081 0x0c0c  GpuEnergyDrv - ok
16:39:29.0081 0x0c0c  GraphicsPerfSvc - ok
16:39:29.0128 0x0c0c  [ 59EA38ACBCA05610BFEE326DA3F2D96B, CB7F48F36C649BDB12FD09D8FCB60D99EFBFF44729515FA3CC77F4CDB18D99B7 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:29.0144 0x0c0c  gupdate - ok
16:39:29.0144 0x0c0c  [ 59EA38ACBCA05610BFEE326DA3F2D96B, CB7F48F36C649BDB12FD09D8FCB60D99EFBFF44729515FA3CC77F4CDB18D99B7 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:29.0144 0x0c0c  gupdatem - ok
16:39:29.0159 0x0c0c  HdAudAddService - ok
16:39:29.0159 0x0c0c  HDAudBus - ok
16:39:29.0175 0x0c0c  HidBatt - ok
16:39:29.0175 0x0c0c  HidBth - ok
16:39:29.0175 0x0c0c  hidi2c - ok
16:39:29.0175 0x0c0c  hidinterrupt - ok
16:39:29.0191 0x0c0c  [ 6B46E3061EC0523CB46ED28060FCD946, 6089305AF73CC584963865482448CD5CA4252EC9BD3E72AF16D45E4F95C3EBF2 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
16:39:29.0222 0x0c0c  HidIr - ok
16:39:29.0238 0x0c0c  hidserv - ok
16:39:29.0238 0x0c0c  hidspi - ok
16:39:29.0238 0x0c0c  HidUsb - ok
16:39:29.0238 0x0c0c  HpSAMD - ok
16:39:29.0253 0x0c0c  HTTP - ok
16:39:29.0285 0x0c0c  [ 849A66D34BC2DAD0044FAC2FEE1AF956, A5F6858AA556D9180C303EA3ED02EB6D6D8EB55A100B3918654281A01198D8E8 ] hvcrash         C:\WINDOWS\System32\drivers\hvcrash.sys
16:39:29.0285 0x0c0c  hvcrash - ok
16:39:29.0316 0x0c0c  [ 855F55BB462B7D8B6BC31A94A592DF3D, 776C772E69CF9D81D8511201813DD79F2106DC7D2547B4FA700432AE9B73C202 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
16:39:29.0800 0x0c0c  HvHost - ok
16:39:29.0831 0x0c0c  hvservice - ok
16:39:29.0847 0x0c0c  [ 8CF9D085951CF0D6DE2AC4105E440DE0, 300198709982026EF999CE5B341EC2BDB23351D8B4BD03C0190EE21F953CBF85 ] HWHandSet       C:\WINDOWS\System32\drivers\hw_quusbmdm.sys
16:39:29.0925 0x0c0c  HWHandSet - ok
16:39:29.0956 0x0c0c  [ 5DC7DFED5FEDD923B874B51D0C6752BB, 69714A8B74EB02282572B34E156051FFC10693B816905CE18A8C6C8CCB95B846 ] HwNClx0101      C:\WINDOWS\system32\Drivers\mshwnclx.sys
16:39:29.0972 0x0c0c  HwNClx0101 - ok
16:39:29.0988 0x0c0c  hwpolicy - ok
16:39:30.0019 0x0c0c  [ C6FCF40CFF3B8380723BD61158AF111E, 5758A0814CA8AA1E7447E1CBDF94352266EDEEE547AB896FCFF97727D8ECDE53 ] hwusb_cdcacm    C:\WINDOWS\System32\drivers\hw_cdcacm.sys
16:39:30.0066 0x0c0c  hwusb_cdcacm - ok
16:39:30.0081 0x0c0c  [ 7920776AB1C59BD6EC70424952CC5FD4, FF4CFCE77613703BA1F5C58AF366CF96E982F6CB5DBCDA30173F957FD1117A74 ] hw_usbdev       C:\WINDOWS\System32\drivers\hw_usbdev.sys
16:39:30.0159 0x0c0c  hw_usbdev - ok
16:39:30.0206 0x0c0c  hyperkbd - ok
16:39:30.0206 0x0c0c  HyperVideo - ok
16:39:30.0222 0x0c0c  i8042prt - ok
16:39:30.0222 0x0c0c  iagpio - ok
16:39:30.0222 0x0c0c  iai2c - ok
16:39:30.0222 0x0c0c  iaLPSS2i_GPIO2 - ok
16:39:30.0238 0x0c0c  iaLPSS2i_GPIO2_BXT_P - ok
16:39:30.0238 0x0c0c  iaLPSS2i_GPIO2_CNL - ok
16:39:30.0238 0x0c0c  iaLPSS2i_GPIO2_GLK - ok
16:39:30.0253 0x0c0c  iaLPSS2i_I2C - ok
16:39:30.0253 0x0c0c  iaLPSS2i_I2C_BXT_P - ok
16:39:30.0253 0x0c0c  iaLPSS2i_I2C_CNL - ok
16:39:30.0253 0x0c0c  iaLPSS2i_I2C_GLK - ok
16:39:30.0269 0x0c0c  iaLPSSi_GPIO - ok
16:39:30.0269 0x0c0c  iaLPSSi_I2C - ok
16:39:30.0300 0x0c0c  [ 350735A5E5B1EB6C733F8D3E01545E3D, 160541B3DB37EF1BC8BCDDAD95FEEDF973DF5D4DC89E5434412C70A43B1D8CE5 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
16:39:30.0363 0x0c0c  iaStorA - ok
16:39:30.0363 0x0c0c  iaStorAVC - ok
16:39:30.0378 0x0c0c  iaStorV - ok
16:39:30.0378 0x0c0c  ibbus - ok
16:39:30.0409 0x0c0c  [ 4D4E1E92DDCEAD9C26118FFF05677963, DE3C7DB1DC389F04DFA2F02FA8B45E7CFBBDC8EB806E00677848FBA852B1345E ] IBMPMDRV        C:\WINDOWS\System32\drivers\ibmpmdrv.sys
16:39:30.0409 0x0c0c  IBMPMDRV - ok
16:39:30.0441 0x0c0c  [ 8F989C4C0ECD823BCD07FB3D6D04DFC6, 9ED67B9CFCA4D67A2DFAB9890A784C8F3F51EEC32F02FB7327DA77FB64A2DD27 ] IBMPMSVC        C:\WINDOWS\System32\ibmpmsvc.exe
16:39:30.0488 0x0c0c  IBMPMSVC - ok
16:39:30.0488 0x0c0c  ibtsiva - ok
16:39:30.0503 0x0c0c  [ 3501750E1D543A5C6A32D1ED5BBAA125, 95D351DEB154BC4B5A4F4D477D945845218736E35C776264BA549471E37D3CF4 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
16:39:30.0519 0x0c0c  ibtusb - ok
16:39:30.0519 0x0c0c  icssvc - ok
16:39:30.0722 0x0c0c  [ 0B45D9A500A7082278C1F1CB047FBFA9, 697F4163182560C043F5CDFE60C51A8E87D26328AAA474A1F255DEE1BB547D6E ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
16:39:30.0956 0x0c0c  igfx - ok
16:39:30.0988 0x0c0c  [ 858E6773FF3D746A60A6961333F6837F, 2D584AA2187ACE747BE67FDBFF5F822B3C5195490D7DE3D5C0F0AF93CC1655D5 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
16:39:31.0066 0x0c0c  igfxCUIService2.0.0.0 - ok
16:39:31.0066 0x0c0c  IKEEXT - ok
16:39:31.0128 0x0c0c  [ 9ABD06B3279C3E3D2AE5E59113A3B9FF, CC06E04E5B50E9C27E772D9DE06E4FFEA38AA7B90BADC61491EAF20A91BE3692 ] ImControllerService C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
16:39:31.0144 0x0c0c  ImControllerService - ok
16:39:31.0159 0x0c0c  IndirectKmd - ok
16:39:31.0175 0x0c0c  InstallService - ok
16:39:31.0347 0x0c0c  [ 28EC95475FBD1B7D3023E7A408840917, 2460B6D0D74035A2CE049F1D1902B519097F99D3D1CDFC7E2C210B2BC41E2ACA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
16:39:31.0566 0x0c0c  IntcAzAudAddService - ok
16:39:31.0581 0x0c0c  [ EAE20DB9DC1366B9A1C558C58229AD65, 966D79304A766DD38EAB1B7B71DDE0ECB23323C07F29C8CBB21EA94654F75DF1 ] IntcDAud        C:\WINDOWS\System32\drivers\IntcDAud.sys
16:39:31.0597 0x0c0c  IntcDAud - ok
16:39:31.0612 0x0c0c  [ 2159516F6832CE0ABF237DF5B018EE2E, E7022D7F985BB0460CDBD7CF68538E64BCD349CEEE021AEAD6804095BF0E9B12 ] IntelHSWPcc     C:\WINDOWS\system32\drivers\IntelPcc.sys
16:39:31.0612 0x0c0c  IntelHSWPcc - ok
16:39:31.0644 0x0c0c  intelide - ok
16:39:31.0644 0x0c0c  intelpep - ok
16:39:31.0675 0x0c0c  [ AECBF5BE2F9A2A50B978E0BF31041A81, A62F436C66DEFEB438A7891857DFB830995714A7E4FE4BDCA6B4EB1606BD2101 ] intelpmax       C:\WINDOWS\System32\drivers\intelpmax.sys
16:39:31.0706 0x0c0c  intelpmax - ok
16:39:31.0737 0x0c0c  intelppm - ok
16:39:31.0737 0x0c0c  iorate - ok
16:39:31.0753 0x0c0c  IpFilterDriver - ok
16:39:31.0753 0x0c0c  iphlpsvc - ok
16:39:31.0753 0x0c0c  IPMIDRV - ok
16:39:31.0784 0x0c0c  [ F63572DF4295C78B3F7036AEDA878176, B71EB3CC4EC95BC9A3FA217736C6C36C756935714D7E16E34C05D913B829CB9C ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
16:39:31.0816 0x0c0c  IPNAT - ok
16:39:31.0831 0x0c0c  [ B5B6D1F86E40E785D6650DB923DB6BEA, 7A2D92A2274E0379B5FA6351D18E2F0DD55960BB783EA3528FE9E303E1A4256D ] IPT             C:\WINDOWS\System32\drivers\ipt.sys
16:39:31.0847 0x0c0c  IPT - ok
16:39:31.0862 0x0c0c  [ 77494E26B28465D2A09B9455F8A3B34E, B778D4BC71A5F5CF687175CA53AC342E4740156D4B96E6E96D918BD46C2C1459 ] IpxlatCfgSvc    C:\WINDOWS\System32\IpxlatCfg.dll
16:39:31.0987 0x0c0c  IpxlatCfgSvc - ok
16:39:32.0019 0x0c0c  isapnp - ok
16:39:32.0034 0x0c0c  iScsiPrt - ok
16:39:32.0050 0x0c0c  ItSas35i - ok
16:39:32.0050 0x0c0c  kbdclass - ok
16:39:32.0050 0x0c0c  kbdhid - ok
16:39:32.0050 0x0c0c  kdnic - ok
16:39:32.0050 0x0c0c  KeyIso - ok
16:39:32.0066 0x0c0c  KSecDD - ok
16:39:32.0081 0x0c0c  KSecPkg - ok
16:39:32.0081 0x0c0c  ksthunk - ok
16:39:32.0112 0x0c0c  [ DAE67BD7EC6ED569438F5CA38BFBB458, 672CA98525D6DD799A01A3BC3A62AB7B4544D62ECEB3615FAC05BFB97B389D23 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
16:39:32.0800 0x0c0c  KtmRm - ok
16:39:32.0862 0x0c0c  LanmanServer - ok
16:39:32.0862 0x0c0c  LanmanWorkstation - ok
16:39:32.0925 0x0c0c  [ 62B77D1B92300F69A86E055F13600180, 45E3DDFF88DC581AD4D83888474BEBBDC28F97583675D24E077DFEFF7CCE7D87 ] LenovoVantageService C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
16:39:32.0956 0x0c0c  LenovoVantageService - ok
16:39:32.0972 0x0c0c  [ A997488F4EDAAD59C748CF9FB1D9DAC0, A0B145041F984DD4E0A6F8D0E9C8363DA6F2DA7460E140F028C320CEAC03759C ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
16:39:33.0097 0x0c0c  lfsvc - ok
16:39:33.0097 0x0c0c  LicenseManager - ok
16:39:33.0159 0x0c0c  [ 78779BD92081CB27967E77561683AFBE, 05EC91E194336D1BB1EE323E70FAC54F6DC0CEF53FD4925F394399531A37A0DD ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
16:39:33.0222 0x0c0c  lltdio - ok
16:39:33.0222 0x0c0c  lltdsvc - ok
16:39:33.0222 0x0c0c  lmhosts - ok
16:39:33.0284 0x0c0c  [ 0FFC5F9BEF218AE75BEC171992153142, 19DAC047975809EC2580299E2BEB1017545D275BBD33E4314130FAD7BD97FA05 ] LPlatSvc        C:\WINDOWS\System32\LPlatSvc.exe
16:39:33.0315 0x0c0c  LPlatSvc - ok
16:39:33.0347 0x0c0c  LSI_SAS - ok
16:39:33.0347 0x0c0c  LSI_SAS2i - ok
16:39:33.0362 0x0c0c  LSI_SAS3i - ok
16:39:33.0362 0x0c0c  LSI_SSS - ok
16:39:33.0378 0x0c0c  LSM - ok
16:39:33.0378 0x0c0c  luafv - ok
16:39:33.0394 0x0c0c  LxpSvc - ok
16:39:33.0409 0x0c0c  [ AE03D8F1B7863268EAED2FE0105ED75F, F5172A1A3E24FC5271FCB0118861EA0EC33AA8ABB01AE9CAD50E2F032B92486C ] MapsBroker      C:\WINDOWS\System32\moshost.dll
16:39:33.0456 0x0c0c  MapsBroker - ok
16:39:33.0456 0x0c0c  mausbhost - ok
16:39:33.0456 0x0c0c  mausbip - ok
16:39:33.0487 0x0c0c  MbbCx - ok
16:39:33.0487 0x0c0c  megasas - ok
16:39:33.0487 0x0c0c  megasas2i - ok
16:39:33.0487 0x0c0c  megasas35i - ok
16:39:33.0503 0x0c0c  megasr - ok
16:39:33.0534 0x0c0c  [ F1E754DEEB3369BCCE2228D5C10DE101, ECC894FCF4C3F2364883BA55242C432E9E416D93E71B67985DF24ECB39F9BAC4 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
16:39:33.0550 0x0c0c  MEIx64 - ok
16:39:33.0565 0x0c0c  MessagingService - ok
16:39:33.0612 0x0c0c  Microsoft SharePoint Workspace Audit Service - ok
16:39:33.0690 0x0c0c  MicrosoftEdgeElevationService - ok
16:39:33.0722 0x0c0c  [ B74FFC6301B3312A9F59E04E487BC72A, 76F71824E80D10EB71BEDE5EE3A64CAD7CAC3DDFBB6670D1537E6B75FF0217E9 ] Microsoft_Bluetooth_AvrcpTransport C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
16:39:33.0753 0x0c0c  Microsoft_Bluetooth_AvrcpTransport - ok
16:39:33.0769 0x0c0c  MixedRealityOpenXRSvc - ok
16:39:33.0769 0x0c0c  mlx4_bus - ok
16:39:33.0769 0x0c0c  MMCSS - ok
16:39:33.0784 0x0c0c  Modem - ok
16:39:33.0800 0x0c0c  monitor - ok
16:39:33.0800 0x0c0c  mouclass - ok
16:39:33.0800 0x0c0c  mouhid - ok
16:39:33.0800 0x0c0c  mountmgr - ok
16:39:33.0800 0x0c0c  mpsdrv - ok
16:39:33.0815 0x0c0c  mpssvc - ok
16:39:33.0831 0x0c0c  MRxDAV - ok
16:39:33.0847 0x0c0c  mrxsmb - ok
16:39:33.0847 0x0c0c  mrxsmb20 - ok
16:39:33.0878 0x0c0c  [ E587396A4C8151ABBF13A96C4465DE31, A3AA5D51E34657479CFCDC3DBB7821B7255F7CB57D5686B7F709A7953AD537EB ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
16:39:33.0972 0x0c0c  MsBridge - ok
16:39:34.0003 0x0c0c  [ 2EF846AC66E181BE820B513DBC15B5D2, EDFE71025C352D0DABEC7B9506C5945BB0EC11F8DB540DB8CB1116C2EA1648A8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
16:39:34.0112 0x0c0c  MSDTC - ok
16:39:34.0112 0x0c0c  Msfs - ok
16:39:34.0159 0x0c0c  [ 6092FD060EC4132A799BDAD61845DDB7, B45F9D3A71FC8A73AED3C5B8CF6F14A25EBDD3D4D47C9F39FFCD75C7D22F4A9E ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
16:39:34.0175 0x0c0c  msgpiowin32 - ok
16:39:34.0175 0x0c0c  mshidkmdf - ok
16:39:34.0222 0x0c0c  [ 9E90FE6DF363D2427A5C773120E7B27D, 1FDB7E28CCAF757603C4B754E1AC9C470E5E60E85DE067375902F108F5E34608 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
16:39:34.0268 0x0c0c  mshidumdf - ok
16:39:34.0284 0x0c0c  msisadrv - ok
16:39:34.0300 0x0c0c  MSiSCSI - ok
16:39:34.0315 0x0c0c  msiserver - ok
16:39:34.0315 0x0c0c  MSKSSRV - ok
16:39:34.0331 0x0c0c  [ 9FB5040C8CEAE4C32B7884ECBBCAFDAF, 0EC3E53C5B1B202440DE22A5BF7E1EBE9AF5BBB6BA69DB9D018A6D8EC97B477E ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
16:39:34.0425 0x0c0c  MsLldp - ok
16:39:34.0425 0x0c0c  MSPCLOCK - ok
16:39:34.0425 0x0c0c  MSPQM - ok
16:39:34.0440 0x0c0c  MsQuic - ok
16:39:34.0440 0x0c0c  MsRPC - ok
16:39:34.0440 0x0c0c  mssmbios - ok
16:39:34.0456 0x0c0c  MSTEE - ok
16:39:34.0456 0x0c0c  MTConfig - ok
16:39:34.0456 0x0c0c  Mup - ok
16:39:34.0456 0x0c0c  mvumis - ok
16:39:34.0534 0x0c0c  [ B3BDA3044B2C643B28143275FA731C6B, 1F050015B84DBB43106057DBCD25A86E281ECD8098B9C757A27735614B718534 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:39:34.0534 0x0c0c  MyWiFiDHCPDNS - ok
16:39:34.0565 0x0c0c  NativeWifiP - ok
16:39:34.0597 0x0c0c  NaturalAuthentication - ok
16:39:34.0628 0x0c0c  [ D47A20839608B8213065D7AFC8C42195, 7B0187BE9705ED2F925616C13B3744BAC0A9C96B21BE503D96BC9EE7EE125B33 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
16:39:34.0893 0x0c0c  NcaSvc - ok
16:39:34.0940 0x0c0c  NcbService - ok
16:39:34.0956 0x0c0c  [ 8C938E851CDF2CE30BBEA14555B61820, F853F526C811893BD40B1124BAEC543099381E7BF091729B6A6665DF3CE10B94 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
16:39:35.0018 0x0c0c  NcdAutoSetup - ok
16:39:35.0034 0x0c0c  ndfltr - ok
16:39:35.0034 0x0c0c  NDIS - ok
16:39:35.0065 0x0c0c  [ 6BEC0929C7A7BF2A7C44F585ECC7DAEB, 5F6395268CBD26A4B90960479040C114B2C8A3F24C188C2D5F62D6AB43A637D1 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
16:39:35.0081 0x0c0c  NdisCap - ok
16:39:35.0097 0x0c0c  NdisImPlatform - ok
16:39:35.0097 0x0c0c  NdisTapi - ok
16:39:35.0097 0x0c0c  Ndisuio - ok
16:39:35.0112 0x0c0c  NdisVirtualBus - ok
16:39:35.0112 0x0c0c  NdisWan - ok
16:39:35.0112 0x0c0c  ndiswanlegacy - ok
16:39:35.0128 0x0c0c  [ 33CDAEDC7CBE8339A8324CEC2461BFB4, DAAEACDB4506D2BDDED61957D92FB4983E11D9CE6E7B25119B4CBFB431C945F4 ] NDKPing         C:\WINDOWS\system32\drivers\NDKPing.sys
16:39:35.0143 0x0c0c  NDKPing - ok
16:39:35.0143 0x0c0c  ndproxy - ok
16:39:35.0190 0x0c0c  [ 77621E74FD79B267071A0D12C643A48A, 8228B7D1237A0FFABCCC150B299EA494C8F0CB4CCB51AB0DBFF08CBAA9EFC4BB ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
16:39:35.0222 0x0c0c  Ndu - ok
16:39:35.0237 0x0c0c  NetAdapterCx - ok
16:39:35.0253 0x0c0c  NetBIOS - ok
16:39:35.0253 0x0c0c  NetBT - ok
16:39:35.0253 0x0c0c  Netlogon - ok
16:39:35.0253 0x0c0c  Netman - ok
16:39:35.0268 0x0c0c  netprofm - ok
16:39:35.0268 0x0c0c  NetSetupSvc - ok
16:39:35.0362 0x0c0c  [ B9D455C60292DF5FCB064834CA5802AA, 75DCE4E5FA08CCEAF4D3D30FE8E26903FCDD14CC852E820F63B40F374C706DBD ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:35.0503 0x0c0c  NetTcpPortSharing - ok
16:39:35.0518 0x0c0c  netvsc - ok
16:39:35.0612 0x0c0c  [ 87EA78E543A3F78CB7D928C5ED9FA122, 1C24E9EA2DC3D168212A31C51BE420517784BE9CDF61228AE57BF933DC09AE3D ] NETwNb64        C:\WINDOWS\System32\drivers\Netwbw02.sys
16:39:35.0737 0x0c0c  NETwNb64 - ok
16:39:35.0753 0x0c0c  NgcCtnrSvc - ok
16:39:35.0893 0x0c0c  NgcSvc - ok
16:39:35.0909 0x0c0c  NlaSvc - ok
16:39:35.0909 0x0c0c  Npfs - ok
16:39:35.0925 0x0c0c  npsvctrig - ok
16:39:35.0925 0x0c0c  nsi - ok
16:39:35.0925 0x0c0c  nsiproxy - ok
16:39:35.0925 0x0c0c  Ntfs - ok
16:39:35.0940 0x0c0c  Null - ok
16:39:35.0940 0x0c0c  nvdimm - ok
16:39:35.0940 0x0c0c  nvraid - ok
16:39:35.0940 0x0c0c  nvstor - ok
16:39:35.0987 0x0c0c  [ 2DC49F990DDC302C9608BA0A97FEF58B, 0C950D16F7C6B19851FCFC8B8805BE78824DDFD6D7AEA1EEA865C965824001B2 ] NW1900          C:\WINDOWS\System32\drivers\NW1900.sys
16:39:35.0987 0x0c0c  NW1900 - ok
16:39:36.0003 0x0c0c  [ D12FA6055E4C22C8AF8CE1F2760D2CAC, 1791EC3B535F4D4984361079BC56FE34DB631ECD454BBA5134B3F117F3C25FAB ] NWLowRider      C:\WINDOWS\System32\drivers\NWLowRider.sys
16:39:36.0003 0x0c0c  NWLowRider - ok
16:39:36.0034 0x0c0c  [ A0A870F8CB2C853D599D081A0984012F, D005D7CA6057CB53E878BCF4E1B632577C167F8B98BF91294FE1DCADEAE37916 ] NWVoltron       C:\WINDOWS\System32\drivers\NWVoltron.sys
16:39:36.0034 0x0c0c  NWVoltron - ok
16:39:36.0050 0x0c0c  OneSyncSvc - ok
16:39:36.0096 0x0c0c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:36.0112 0x0c0c  ose - ok
16:39:36.0378 0x0c0c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:39:36.0534 0x0c0c  osppsvc - ok
16:39:36.0550 0x0c0c  p2pimsvc - ok
16:39:36.0581 0x0c0c  [ DA97CD5815EC123BC88382C08D465B9E, 46F5EA2E3D590FB10E14BC811612B6EF87C805B359A652D2C6BFE4840D5D6AA2 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
16:39:36.0987 0x0c0c  p2psvc - ok
16:39:36.0987 0x0c0c  Parport - ok
16:39:37.0018 0x0c0c  partmgr - ok
16:39:37.0018 0x0c0c  PcaSvc - ok
16:39:37.0034 0x0c0c  pci - ok
16:39:37.0034 0x0c0c  pciide - ok
16:39:37.0034 0x0c0c  pcmcia - ok
16:39:37.0050 0x0c0c  pcw - ok
16:39:37.0050 0x0c0c  pdc - ok
16:39:37.0112 0x0c0c  [ 1FABA74CEA705ECB2CDA5398F3477212, 07D8952C60A8D89F249985206746B132596909E8BABC3A0C5B6E33A22FFD65CF ] PDF24           C:\Program Files\PDF24\pdf24.exe
16:39:37.0143 0x0c0c  PDF24 - ok
16:39:37.0159 0x0c0c  PEAUTH - ok
16:39:37.0175 0x0c0c  perceptionsimulation - ok
16:39:37.0190 0x0c0c  percsas2i - ok
16:39:37.0190 0x0c0c  percsas3i - ok
16:39:37.0253 0x0c0c  [ 2FC7CFCEDBF7E038351C7CEB1036D2E1, 41D7DA706F0CF613DF768B6795CD09C5C1035F9F101051FB58F5042EB4352DB6 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
16:39:37.0909 0x0c0c  PerfHost - ok
16:39:37.0924 0x0c0c  PhoneSvc - ok
16:39:37.0940 0x0c0c  PimIndexMaintenanceSvc - ok
16:39:37.0940 0x0c0c  PktMon - ok
16:39:38.0003 0x0c0c  [ 9E431A5D697432DD6F4DB48C9A185104, 44C16E194258C9143A45F4022F9C5DE229E217D6FF7F944F105FE631BE9EF4A7 ] pla             C:\WINDOWS\system32\pla.dll
16:39:38.0268 0x0c0c  pla - ok
16:39:38.0284 0x0c0c  PlugPlay - ok
16:39:38.0299 0x0c0c  [ D257B3A5E243E04867D1ABD2DA13B6F8, 163EF53B0AAFBAD09309E5A1FA2E16B6EEE508496CCD9F3B18B2EAF0B0F5E11B ] PMDRVS          C:\WINDOWS\system32\drivers\pmdrvs.sys
16:39:38.0315 0x0c0c  PMDRVS - ok
16:39:38.0315 0x0c0c  pmem - ok
16:39:38.0331 0x0c0c  [ 2769F200292C0F941A10BD60C33EA4A6, B8345C32585C45E6248D7194B1071F2B8617718E7C9B270AAF44C132D029DB4C ] PNPMEM          C:\WINDOWS\System32\drivers\pnpmem.sys
16:39:38.0362 0x0c0c  PNPMEM - ok
16:39:38.0393 0x0c0c  [ 6AAAC8AD69AEFBE5FE04738B687EE85E, 83427082298E2FC021D5D39A43DB4A5783D95213F2CA8D3A997DB6C815BD9CB2 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
16:39:38.0518 0x0c0c  PNRPAutoReg - ok
16:39:38.0518 0x0c0c  PNRPsvc - ok
16:39:38.0534 0x0c0c  PolicyAgent - ok
16:39:38.0565 0x0c0c  portcfg - ok
16:39:38.0565 0x0c0c  Power - ok
16:39:38.0565 0x0c0c  PptpMiniport - ok
16:39:38.0721 0x0c0c  [ 127682EFCBC718AE83C591CF12EDBE9E, EDA3BBCA39385ECFC53D6726E2E0311F86033F2E29BB2744A92339947D2498BD ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:39:38.0924 0x0c0c  PrintNotify - ok
16:39:38.0940 0x0c0c  PrintWorkflowUserSvc - ok
16:39:38.0971 0x0c0c  Processor - ok
16:39:38.0971 0x0c0c  ProfSvc - ok
16:39:38.0987 0x0c0c  Psched - ok
16:39:38.0987 0x0c0c  PushToInstall - ok
16:39:39.0018 0x0c0c  [ 2F3808790D517E5E5E6ABF7177875C02, BE1A79A6498697EB86FC29638324A853197B49BC06AE3EB1130793F710926998 ] QWAVE           C:\WINDOWS\system32\qwave.dll
16:39:39.0143 0x0c0c  QWAVE - ok
16:39:39.0174 0x0c0c  [ CE51A9A997D2830C6C64A36D7F8D8879, 706D683CAF92C259C121222446D34ED43F6E8872407C3615E2ED118ACD24D21D ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
16:39:39.0190 0x0c0c  QWAVEdrv - ok
16:39:39.0190 0x0c0c  Ramdisk - ok
16:39:39.0206 0x0c0c  RasAcd - ok
16:39:39.0221 0x0c0c  RasAgileVpn - ok
16:39:39.0221 0x0c0c  RasAuto - ok
16:39:39.0221 0x0c0c  Rasl2tp - ok
16:39:39.0237 0x0c0c  RasMan - ok
16:39:39.0237 0x0c0c  RasPppoe - ok
16:39:39.0237 0x0c0c  RasSstp - ok
16:39:39.0237 0x0c0c  rdbss - ok
16:39:39.0268 0x0c0c  [ B7BAD23CA994EFF8EA11261626326004, 056495FB4A54984CE9D28D7B45550990D4A4B0736669F0F69138BEF51A695EFA ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
16:39:39.0284 0x0c0c  rdpbus - ok
16:39:39.0299 0x0c0c  RDPDR - ok
16:39:39.0315 0x0c0c  RdpVideoMiniport - ok
16:39:39.0331 0x0c0c  [ B4A6F3BFB5A07DAF4E18C14A6337A226, F906865E349390D24A3DCBC563154BBB9F307B97361832BE93BC9D44A9F3B486 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
16:39:39.0346 0x0c0c  rdyboost - ok
16:39:39.0362 0x0c0c  ReFS - ok
16:39:39.0362 0x0c0c  ReFSv1 - ok
16:39:39.0393 0x0c0c  [ 3E53D61A9E0C41D3370197FF4D2D38C3, 21C49489A64931EEB3E1CF8E3F02AD4B9A20B4B21FAE91CFD24EDB574F33801D ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:39:39.0409 0x0c0c  RegSrvc - ok
16:39:39.0440 0x0c0c  RemoteAccess - ok
16:39:39.0487 0x0c0c  [ 58B3C0A2B0C130838588EF519ADCE495, 60360DD8EA1802C8F95EB93531FF9666BE1148253E6A1BD706D4CA98955C0F6E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:39:39.0659 0x0c0c  RemoteRegistry - ok
16:39:39.0659 0x0c0c  RetailDemo - ok
16:39:39.0706 0x0c0c  [ D2EE9CCE0187C616E50D61EB30ECA262, 825C918D22FC8DBF3EE9BDB41D121A0AC3CCBFFBA147E2B26F0197552E0675DE ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
16:39:39.0721 0x0c0c  RFCOMM - ok
16:39:39.0752 0x0c0c  [ 4DD0EFE49F0C020DAFEAE6F5F231362C, DF04978AF6CD34C8251B3DDE381CD77518684DCB1D2B16BD2DAFEE63AC9D5858 ] rhproxy         C:\WINDOWS\System32\drivers\rhproxy.sys
16:39:39.0768 0x0c0c  rhproxy - ok
16:39:39.0768 0x0c0c  RmSvc - ok
16:39:39.0784 0x0c0c  RpcEptMapper - ok
16:39:39.0815 0x0c0c  [ D45676C47616B9ABBFAEC97DD3B240A8, E13985D667F66B7A0082356F23270F61A57B8C2DD211B1E09D66D7970D7B4D6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:39:39.0909 0x0c0c  RpcLocator - ok
16:39:39.0909 0x0c0c  RpcSs - ok
16:39:39.0956 0x0c0c  [ EABD30C39742A79913B595A5B6F809D4, 9067160F566220A2B21FEEE181729A796A3F3EECF75FFB75815BE5CCC7BBA64F ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
16:39:39.0971 0x0c0c  rspndr - ok
16:39:40.0018 0x0c0c  [ 88C3A100D2F37B9D122023EA1FBE7D9A, 504190ACD4585D717FA3204FFA11FC8CB69B70440A19E0C83984F3257B3734EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:39:40.0018 0x0c0c  RtkAudioService - ok
16:39:40.0065 0x0c0c  [ 739880D90D6EDE2EDCF7E030665A2D4F, DC8B7EEE04AF59BEEF171011D9433559476FED67EED87FE165AF31144D236C65 ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
16:39:40.0096 0x0c0c  RTSPER - ok
16:39:40.0112 0x0c0c  [ 5914CC0C1E99A3C1711BDB1E224526D1, 54BB8636F27282B396D487B3FEA8BD73F2F6FE6DA4DE8D718EE498F75A6A5DCE ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
16:39:40.0112 0x0c0c  s3cap - ok
16:39:40.0127 0x0c0c  SamSs - ok
16:39:40.0159 0x0c0c  sbp2port - ok
16:39:40.0159 0x0c0c  SCardSvr - ok
16:39:40.0159 0x0c0c  ScDeviceEnum - ok
16:39:40.0159 0x0c0c  scfilter - ok
16:39:40.0174 0x0c0c  Schedule - ok
16:39:40.0174 0x0c0c  scmbus - ok
16:39:40.0174 0x0c0c  SCPolicySvc - ok
16:39:40.0190 0x0c0c  sdbus - ok
16:39:40.0206 0x0c0c  [ 3200667DB433F0A2032FAF4DC02E2089, 5E940CA63AD21CEA08C334AC61D985BAFDBA7DCB2D388F355B5C72EFA3E23E0A ] SDFRd           C:\WINDOWS\System32\drivers\SDFRd.sys
16:39:40.0221 0x0c0c  SDFRd - ok
16:39:40.0237 0x0c0c  SDRSVC - ok
16:39:40.0237 0x0c0c  sdstor - ok
16:39:40.0252 0x0c0c  [ 016706A76857F914C99D2472B1E79BF9, 39A114EB591E243E0429DA7279413F046626DE7B52E057DDBCD26A0A1BF327FB ] seclogon        C:\WINDOWS\system32\seclogon.dll
16:39:40.0409 0x0c0c  seclogon - ok
16:39:40.0424 0x0c0c  SecurityHealthService - ok
16:39:40.0440 0x0c0c  SEMgrSvc - ok
16:39:40.0456 0x0c0c  [ 1EA7972A4C7163FF1D3EFE9988404D4E, 56A94B1617815C1E8A79D832B0F0CBA683C3080105CC4C87DBB9B8EAB4CD2690 ] SENS            C:\WINDOWS\System32\sens.dll
16:39:40.0487 0x0c0c  SENS - ok
16:39:40.0487 0x0c0c  SensorDataService - ok
16:39:40.0502 0x0c0c  SensorService - ok
16:39:40.0518 0x0c0c  [ 0BCFFAD6F3B180DD60C941B01768F733, A0B73C1BF636F14504B69606999287B6FE148C958A4F6E31E9022FF129A048E0 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
16:39:40.0565 0x0c0c  SensrSvc - ok
16:39:40.0565 0x0c0c  SerCx - ok
16:39:40.0565 0x0c0c  SerCx2 - ok
16:39:40.0581 0x0c0c  Serenum - ok
16:39:40.0581 0x0c0c  Serial - ok
16:39:40.0581 0x0c0c  sermouse - ok
16:39:40.0596 0x0c0c  SessionEnv - ok
16:39:40.0612 0x0c0c  sfloppy - ok
16:39:40.0627 0x0c0c  [ C05648C2BE6176BE557D9C7F02916388, C65D8FEDDCD9A52B04F42C64DAD2A499BF51246D36042E8DC09DD04C4C0B7BEE ] SgrmAgent       C:\WINDOWS\system32\drivers\SgrmAgent.sys
16:39:40.0643 0x0c0c  SgrmAgent - ok
16:39:40.0643 0x0c0c  SgrmBroker - ok
16:39:40.0659 0x0c0c  SharedAccess - ok
16:39:40.0674 0x0c0c  SharedRealitySvc - ok
16:39:40.0690 0x0c0c  [ BE44F2B19C4F61FED874C7FE26DF92AA, 07888C7575A1D7D46AE375B1CE6C13665CCEE0F0672EA8FDE71B955B5BC0EA70 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:39:40.0956 0x0c0c  ShellHWDetection - ok
16:39:41.0002 0x0c0c  [ D1AC677E7066D3278356C875628B16D4, FBB0E872FBF4EF179204787AC1C4D8008A407FD8E91B8CCA3FCDAC691D7593BC ] Shockprf        C:\WINDOWS\system32\DRIVERS\Apsx64.sys
16:39:41.0018 0x0c0c  Shockprf - ok
16:39:41.0018 0x0c0c  shpamsvc - ok
16:39:41.0018 0x0c0c  SiSRaid2 - ok
16:39:41.0018 0x0c0c  SiSRaid4 - ok
16:39:41.0049 0x0c0c  [ BCE703FE67976C57B789F19A77C4C7D1, 6D249386924AA443B3237BF71D9EFDB8C6D2CEE6E40823519694554224FB1538 ] SMARTMouseFilterx64 C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys
16:39:41.0112 0x0c0c  SMARTMouseFilterx64 - ok
16:39:41.0112 0x0c0c  SmartSAMD - ok
16:39:41.0127 0x0c0c  [ C02C2D6EBC48A52C0C2922BD86CCEEDE, 07FB67B4EFEF315E071671884FFCCE5B39B486C8901BF9C8D62AEBF3CACF6937 ] SMARTVHidMiniVistaAmd64 C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys
16:39:41.0190 0x0c0c  SMARTVHidMiniVistaAmd64 - ok
16:39:41.0221 0x0c0c  [ CB4765B055D922E3A8F9C0C47CD82AA7, 3C830E82D46E8C835FEF3E7E5CD8EE1252F3A0B72CCF7FA50D185F764B31E602 ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
16:39:41.0237 0x0c0c  SmbDrv - ok
16:39:41.0252 0x0c0c  [ 38F010FA1E511C28E5A4FF511085F4C1, C8766723B0710F6CD85F0C17D235210160A7D846F284874CBAE076467B6ED011 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
16:39:41.0268 0x0c0c  SmbDrvI - ok
16:39:41.0299 0x0c0c  [ 94A36F00D894E4558D0243D4D9844323, E3BEB854587049DE54E0E3ACD8F739AACBEAA43113D825542424A2A7B3FA18DD ] SMIDriverGen    C:\WINDOWS\system32\DRIVERS\smi.sys
16:39:41.0299 0x0c0c  SMIDriverGen - ok
16:39:41.0299 0x0c0c  smphost - ok
16:39:41.0315 0x0c0c  SmsRouter - ok
16:39:41.0346 0x0c0c  [ 1971BBC71602B928CF9257759E3C05E8, 9D665698FF26ED333AD385B4B7A6C0F2B6806371D278E281FA4188002A5317E8 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
16:39:41.0377 0x0c0c  SNMPTRAP - ok
16:39:41.0424 0x0c0c  [ 27B7D9E872939EBB34C30343F991893D, 879AFDC8C50487ED0D3CB58C70A206E185F94BE75C25C31C387F3F08740771F9 ] spaceparser     C:\WINDOWS\system32\drivers\spaceparser.sys
16:39:41.0455 0x0c0c  spaceparser - ok
16:39:41.0455 0x0c0c  spaceport - ok
16:39:41.0502 0x0c0c  [ AB3BDEC793187CEDF1229AC98BB7DEDF, D2EA0C5FC534C89310207AA26A8816B30FEEF3F2708A067D8BB93D3CFF9C3936 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
16:39:41.0502 0x0c0c  SpatialGraphFilter - ok
16:39:41.0518 0x0c0c  SpbCx - ok
16:39:41.0534 0x0c0c  spectrum - ok
16:39:41.0534 0x0c0c  Spooler - ok
16:39:41.0549 0x0c0c  sppsvc - ok
16:39:41.0549 0x0c0c  srv2 - ok
16:39:41.0565 0x0c0c  srvnet - ok
16:39:41.0580 0x0c0c  SSDPSRV - ok
16:39:41.0612 0x0c0c  ssh-agent - ok
16:39:41.0627 0x0c0c  SstpSvc - ok
16:39:41.0627 0x0c0c  StateRepository - ok
16:39:41.0752 0x0c0c  [ 58E7B7ADAA4680E5FB09D1477071EF42, 706613A017C5650AEEED94C77BF61B3FA2C0D2874AE15A7F3D7B9EC5534F5EA2 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\steamservice.exe
16:39:41.0877 0x0c0c  Steam Client Service - ok
16:39:41.0893 0x0c0c  stexstor - ok
16:39:41.0924 0x0c0c  stisvc - ok
16:39:41.0940 0x0c0c  storahci - ok
16:39:41.0971 0x0c0c  storflt - ok
16:39:41.0971 0x0c0c  stornvme - ok
16:39:41.0971 0x0c0c  storqosflt - ok
16:39:41.0971 0x0c0c  StorSvc - ok
16:39:41.0987 0x0c0c  storufs - ok
16:39:42.0002 0x0c0c  storvsc - ok
16:39:42.0049 0x0c0c  [ 2AA42DECBBC92848B2C72B0A8EF3C4A2, D716C8C611FF2FBC7B5B9CE319823DB459C0B1AD2D98898CD4A9B3BA1F5E0619 ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
16:39:42.0049 0x0c0c  SUService - ok
16:39:42.0049 0x0c0c  svsvc - ok
16:39:42.0080 0x0c0c  swenum - ok
16:39:42.0096 0x0c0c  swprv - ok
16:39:42.0112 0x0c0c  Synth3dVsc - ok
16:39:42.0159 0x0c0c  [ 5286F9B8FCFD0FC43A3836F55BC3F3AD, 5DAAEEE6C10D372F6E3C3ED3075A85DE785368B223D2F720BE39FFDE0562117A ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:39:42.0190 0x0c0c  SynTP - ok
16:39:42.0221 0x0c0c  [ DB9E3F6217CBAAE2F749D3E90A57A545, FB43B3A7353EFE558CE283CFBE6DB055109BCE6D5208F75184882752F9888AAC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
16:39:42.0237 0x0c0c  SynTPEnhService - ok
16:39:42.0284 0x0c0c  SysMain - ok
16:39:42.0315 0x0c0c  SystemEventsBroker - ok
16:39:42.0330 0x0c0c  TabletInputService - ok
16:39:42.0330 0x0c0c  TapiSrv - ok
16:39:42.0346 0x0c0c  Tcpip - ok
16:39:42.0346 0x0c0c  Tcpip6 - ok
16:39:42.0377 0x0c0c  [ 57BE670CF1D93717B628271B404D658A, EDD4C58EDAB985C87D6101D9CA5620146EE2BB8A1B899C635DD4CD36541DD46E ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
16:39:42.0393 0x0c0c  tcpipreg - ok
16:39:42.0424 0x0c0c  tdx - ok
16:39:42.0424 0x0c0c  Telemetry - ok
16:39:42.0455 0x0c0c  [ C225B94F2B27AC97C3E66C0550AEA249, 6F88375DD12A648B77BB6EB4BE527FF6678EE76A2059DB5B4CC971CDB31D0DB8 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
16:39:42.0455 0x0c0c  terminpt - ok
16:39:42.0487 0x0c0c  TermService - ok
16:39:42.0502 0x0c0c  [ 8EC4197962A0349DFFBDC11586099DB8, 8DD5348A4983C376F63E6B209227D4D02300555F8C80A0E0DB2EA16074ABC334 ] Themes          C:\WINDOWS\system32\themeservice.dll
16:39:42.0799 0x0c0c  Themes - ok
16:39:42.0799 0x0c0c  TieringEngineService - ok
16:39:42.0799 0x0c0c  TimeBrokerSvc - ok
16:39:42.0799 0x0c0c  TokenBroker - ok
16:39:42.0830 0x0c0c  [ D43EB8666214C14AB97080D4B11F5CAF, 3EF108E16627FFD7E4578E7A6DEE23D076C9A11524EF8FCCCC45A6B930CFBEE1 ] TPDIGIMN        C:\WINDOWS\system32\DRIVERS\ApsHM64.sys
16:39:42.0830 0x0c0c  TPDIGIMN - ok
16:39:42.0877 0x0c0c  [ EAB5AF16EE4D864A548C367D15BFABAF, 7BC3C22933F997BCC98696B7618466DCCA3C64F1A03CBC700E3DA8B8415F4C5E ] TPHKLOAD        C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe
16:39:42.0924 0x0c0c  TPHKLOAD - ok
16:39:42.0924 0x0c0c  TPM - ok
16:39:42.0940 0x0c0c  [ 78A238084E9DCE6DEEC24AC9A3C5BFB1, 12069823B0B852DAB7A2E8609EACBDF18F28005113A812D474314C994534E7B8 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwr64v.sys
16:39:42.0955 0x0c0c  TPPWRIF - ok
16:39:42.0987 0x0c0c  [ 62636F77E0C51D59F043D9197C897AD4, F121E79E0A15ED6E362D7DEF72F9C1D2D5CC50BBEC3541DFAB91691BC3AFB191 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
16:39:43.0049 0x0c0c  TrkWks - ok
16:39:43.0065 0x0c0c  TroubleshootingSvc - ok
16:39:43.0096 0x0c0c  TrustedInstaller - ok
16:39:43.0127 0x0c0c  [ F613A8618CC19DD96D1E0C81C5DCB7D1, AD6DE675AC033BE6BF75FF6303EAED4B5C672689D3AEC6DB94816D60E19B7030 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
16:39:43.0143 0x0c0c  TsUsbFlt - ok
16:39:43.0158 0x0c0c  TsUsbGD - ok
16:39:43.0174 0x0c0c  [ 6244FD1056BF170E38245B4B9042BFDF, C32908B3C5800CD52EF9BDD26C77B8162831CFD19DBF1D399941B17FB909AD94 ] tunnel          C:\WINDOWS\system32\drivers\tunnel.sys
16:39:43.0205 0x0c0c  tunnel - ok
16:39:43.0205 0x0c0c  tzautoupdate - ok
16:39:43.0221 0x0c0c  UASPStor - ok
16:39:43.0221 0x0c0c  UcmCx0101 - ok
16:39:43.0252 0x0c0c  [ 229B33B8499F4F2AAB1F3B590423611F, E70A2D9EEEF0C6894A0DB7990CFF6ECE3B8F389FD30B7B1949FCBDD3300B6148 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
16:39:43.0268 0x0c0c  UcmTcpciCx0101 - ok
16:39:43.0299 0x0c0c  [ 7FDC3A6FD8547468CE554C8821640103, 3626760AEE42EE36E047DA6899A81E0646DFBA344A234270EAE5D635F049BE37 ] UcmUcsiAcpiClient C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys
16:39:43.0330 0x0c0c  UcmUcsiAcpiClient - ok
16:39:43.0330 0x0c0c  UcmUcsiCx0101 - ok
16:39:43.0346 0x0c0c  Ucx01000 - ok
16:39:43.0346 0x0c0c  UdeCx - ok
16:39:43.0346 0x0c0c  udfs - ok
16:39:43.0362 0x0c0c  UdkUserSvc - ok
16:39:43.0362 0x0c0c  UEFI - ok
16:39:43.0377 0x0c0c  Ufx01000 - ok
16:39:43.0393 0x0c0c  UfxChipidea - ok
16:39:43.0393 0x0c0c  ufxsynopsys - ok
16:39:43.0471 0x0c0c  [ 3CE7ADECE2CDAD638CFC04A685D132D3, CFC126A7F129D8D24511B500411FDDB07D0608F5DE838424CDF6C35AEBAF7ABE ] uhssvc          C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
16:39:43.0487 0x0c0c  uhssvc - ok
16:39:43.0487 0x0c0c  umbus - ok
16:39:43.0487 0x0c0c  UmPass - ok
16:39:43.0502 0x0c0c  UmRdpService - ok
16:39:43.0518 0x0c0c  UnistoreSvc - ok
16:39:43.0518 0x0c0c  upnphost - ok
16:39:43.0533 0x0c0c  [ 5C33B91675BE0C9693358C1AAA723D20, A5BB54ABBB0F7B13ACCA0997F567A81395688C6D68EB87F67F688737DC16918F ] UrsChipidea     C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
16:39:43.0549 0x0c0c  UrsChipidea - ok
16:39:43.0565 0x0c0c  [ ADFAB87405AE22290E24D0E8E6141AF1, BC0982BEFE4CABEA1E260C8A3266EA18A4CA158A07D1C5176890A04CC3B6A84A ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
16:39:43.0580 0x0c0c  UrsCx01000 - ok
16:39:43.0612 0x0c0c  [ BBDE7BF496327115DD744E7D4105C7BC, 5A8CC47603A1C9D58A30A5E897F1BCDC56199B08317B9FF319D469D6DD6CAAF0 ] UrsSynopsys     C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys
16:39:43.0627 0x0c0c  UrsSynopsys - ok
16:39:43.0643 0x0c0c  usbaudio - ok
16:39:43.0674 0x0c0c  [ FB9F25ACEBCBAEABFE30CACCB17D4EE6, 7D38FA294DA179E5535E3E481746F07E2AE47CE57192C2D1C5B780B583FD9C6D ] usbaudio2       C:\WINDOWS\System32\drivers\usbaudio2.sys
16:39:43.0690 0x0c0c  usbaudio2 - ok
16:39:43.0690 0x0c0c  usbccgp - ok
16:39:43.0721 0x0c0c  [ 11561FC5BAA2DEB5AC8B179B591A882E, 2AD595BF4ABC146D8F533981848FF8271E983038566937BEB48A6A8F09BC60FB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
16:39:43.0752 0x0c0c  usbcir - ok
16:39:43.0752 0x0c0c  usbehci - ok
16:39:43.0752 0x0c0c  usbhub - ok
16:39:43.0768 0x0c0c  USBHUB3 - ok
16:39:43.0768 0x0c0c  usbohci - ok
16:39:43.0783 0x0c0c  usbprint - ok
16:39:43.0799 0x0c0c  [ 4D073745FA6C40483A3EF02225D20B19, 3FE72BE1BD429697DB8142A582455CD3341DE798D32EA780ACFA01904437A0D7 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:39:43.0830 0x0c0c  usbscan - ok
16:39:43.0830 0x0c0c  usbser - ok
16:39:43.0830 0x0c0c  USBSTOR - ok
16:39:43.0830 0x0c0c  usbuhci - ok
16:39:43.0846 0x0c0c  usbvideo - ok
16:39:43.0846 0x0c0c  USBXHCI - ok
16:39:43.0846 0x0c0c  UserDataSvc - ok
16:39:43.0862 0x0c0c  UserManager - ok
16:39:43.0877 0x0c0c  UsoSvc - ok
16:39:43.0893 0x0c0c  VacSvc - ok
16:39:43.0924 0x0c0c  [ 580C1E4BBDB0163DB40A6F06BD6036C8, B4767BDAB1C589663F55DDF74993A132BC8A77E4F2D1B227ACBC59AE7B3326E2 ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
16:39:44.0049 0x0c0c  valWBFPolicyService - ok
16:39:44.0080 0x0c0c  [ 61C571043A09ACF399934EC8B66F6CB5, A954603A35499C7EACC20DF71A4F40A15DBD6C504AA8598CC2178C16FC62F6BF ] valWbioSyncSvc  C:\WINDOWS\system32\valWbioSyncSvc.exe
16:39:44.0096 0x0c0c  valWbioSyncSvc - ok
16:39:44.0112 0x0c0c  VaultSvc - ok
16:39:44.0112 0x0c0c  vdrvroot - ok
16:39:44.0127 0x0c0c  vds - ok
16:39:44.0143 0x0c0c  VerifierExt - ok
16:39:44.0143 0x0c0c  vhdmp - ok
16:39:44.0143 0x0c0c  vhf - ok
16:39:44.0143 0x0c0c  Vid - ok
16:39:44.0174 0x0c0c  [ B37F0BF662BB504F0A9C247F24C281AD, 6281D573D9AD9AA204778C3823737726E882B17657B23CF5458C012FF7990E52 ] VirtualRender   C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys
16:39:44.0268 0x0c0c  VirtualRender - ok
16:39:44.0268 0x0c0c  vmbus - ok
16:39:44.0283 0x0c0c  VMBusHID - ok
16:39:44.0299 0x0c0c  [ E5BB075B6B5A1DA3C3F48CA5DFF54E77, E13E8F9523F51F976084561C9D0A843CAF550FA233521FF13FFE1C5634CA6472 ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
16:39:44.0315 0x0c0c  vmgid - ok
16:39:44.0315 0x0c0c  vmicguestinterface - ok
16:39:44.0330 0x0c0c  vmicheartbeat - ok
16:39:44.0330 0x0c0c  vmickvpexchange - ok
16:39:44.0330 0x0c0c  vmicrdv - ok
16:39:44.0330 0x0c0c  vmicshutdown - ok
16:39:44.0346 0x0c0c  vmictimesync - ok
16:39:44.0346 0x0c0c  vmicvmsession - ok
16:39:44.0346 0x0c0c  vmicvss - ok
16:39:44.0362 0x0c0c  volmgr - ok
16:39:44.0362 0x0c0c  volmgrx - ok
16:39:44.0377 0x0c0c  volsnap - ok
16:39:44.0377 0x0c0c  volume - ok
16:39:44.0408 0x0c0c  [ A37A7788DABE4FF6E33FE50D7A33D8E8, 9E99D9D27BA3DFA6F89C77B9AD91BE495F15E4F612BB63B209157DFA13BCD7E0 ] vpci            C:\WINDOWS\system32\drivers\vpci.sys
16:39:44.0424 0x0c0c  vpci - ok
16:39:44.0424 0x0c0c  vsmraid - ok
16:39:44.0440 0x0c0c  VSS - ok
16:39:44.0440 0x0c0c  VSTXRAID - ok
16:39:44.0455 0x0c0c  vwifibus - ok
16:39:44.0455 0x0c0c  vwififlt - ok
16:39:44.0455 0x0c0c  vwifimp - ok
16:39:44.0471 0x0c0c  W32Time - ok
16:39:44.0486 0x0c0c  WaaSMedicSvc - ok
16:39:44.0486 0x0c0c  WacomPen - ok
16:39:44.0502 0x0c0c  WalletService - ok
16:39:44.0502 0x0c0c  wanarp - ok
16:39:44.0502 0x0c0c  wanarpv6 - ok
16:39:44.0533 0x0c0c  [ 8449398F11D49864117105679B539816, 8FD3B9C72066D6A983D062DE72EEF9769339EACBF4E0D303B9E12343C9D5DE6C ] WarpJITSvc      C:\WINDOWS\System32\Windows.WARP.JITService.dll
16:39:45.0205 0x0c0c  WarpJITSvc - ok
16:39:45.0236 0x0c0c  wbengine - ok
16:39:45.0252 0x0c0c  WbioSrvc - ok
16:39:45.0252 0x0c0c  wcifs - ok
16:39:45.0252 0x0c0c  Wcmsvc - ok
16:39:45.0268 0x0c0c  wcncsvc - ok
16:39:45.0268 0x0c0c  wcnfs - ok
16:39:45.0283 0x0c0c  [ 5925250BDDB94B0A5FA0E7FEED36C520, 0845344F7BFAA94AF90920A5346078E6261EEA3A1A77795DDA5B70B38609348B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
16:39:45.0299 0x0c0c  WdBoot - ok
16:39:45.0315 0x0c0c  Wdf01000 - ok
16:39:45.0346 0x0c0c  [ C150CD7072592B0BCBB7DACFFC6904CD, 0F4D31410401CC564A5D1FCEF5ED2898DAFB7418C1B39D746E88451CC3518ACA ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
16:39:45.0377 0x0c0c  WdFilter - ok
16:39:45.0393 0x0c0c  [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
16:39:45.0424 0x0c0c  WdiServiceHost - ok
16:39:45.0440 0x0c0c  [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
16:39:45.0455 0x0c0c  WdiSystemHost - ok
16:39:45.0471 0x0c0c  wdiwifi - ok
16:39:45.0486 0x0c0c  [ A6C92A5F2982EBB8788E0690C19048C4, 85C54A99DD43DC1FAC7FD2A31288CEC7501F795DE8FA86857790F4CCD5AF7C18 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
16:39:45.0486 0x0c0c  WdmCompanionFilter - ok
16:39:45.0518 0x0c0c  [ C5552A3A54408AB9A0DC341E21F5EF67, 67838896B7E04EBBE2AA089F09913789A5E8C4B7E7436397135F1F68BB86F03A ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
16:39:45.0533 0x0c0c  WdNisDrv - ok
16:39:45.0565 0x0c0c  WdNisSvc - ok
16:39:45.0580 0x0c0c  WebClient - ok
16:39:45.0580 0x0c0c  Wecsvc - ok
16:39:45.0596 0x0c0c  [ CBA85827716DE89106F8E4AD7430620C, EF2FEAD68FE003DAC52BC2098962F397DF80B7DCD79A8F45012A050C7C0E2DB1 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
16:39:45.0611 0x0c0c  WEPHOSTSVC - ok
16:39:45.0643 0x0c0c  wercplsupport - ok
16:39:45.0643 0x0c0c  WerSvc - ok
16:39:45.0643 0x0c0c  WFDSConMgrSvc - ok
16:39:45.0658 0x0c0c  WFPLWFS - ok
16:39:45.0658 0x0c0c  WiaRpc - ok
16:39:45.0658 0x0c0c  WIMMount - ok
16:39:45.0658 0x0c0c  WinDefend - ok
16:39:45.0690 0x0c0c  [ B434A84F46C70F4E67B70ED70F024B7F, 64EEB8093BA2590E83D83C5AF7C2A025B88AF5681143BCA83671104266FEEA99 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
16:39:45.0721 0x0c0c  WindowsTrustedRT - ok
16:39:45.0752 0x0c0c  [ 982774B74EE1419D641CEB66E394A4BA, 090C4CE6B76B3904B5AE73E4F1EEBCE619194C358874D7584537012F954C54BE ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
16:39:45.0752 0x0c0c  WindowsTrustedRTProxy - ok
16:39:45.0768 0x0c0c  WinHttpAutoProxySvc - ok
16:39:45.0768 0x0c0c  WinMad - ok
16:39:45.0783 0x0c0c  Winmgmt - ok
16:39:45.0783 0x0c0c  WinNat - ok
16:39:45.0799 0x0c0c  WinRM - ok
16:39:45.0815 0x0c0c  [ 91D3DC62C6EDDB6554CE14C0E0B4290F, 6F8F89B350FC6BC0D23A50C593F02514854AB7D6CD234D8C8AD4B5DDDD586BA0 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
16:39:45.0846 0x0c0c  WINUSB - ok
16:39:45.0846 0x0c0c  WinVerbs - ok
16:39:45.0861 0x0c0c  wisvc - ok
16:39:45.0877 0x0c0c  WlanSvc - ok
16:39:45.0877 0x0c0c  wlidsvc - ok
16:39:45.0893 0x0c0c  wlpasvc - ok
16:39:45.0893 0x0c0c  WManSvc - ok
16:39:45.0893 0x0c0c  WmiAcpi - ok
16:39:45.0893 0x0c0c  wmiApSrv - ok
16:39:45.0924 0x0c0c  WMPNetworkSvc - ok
16:39:45.0924 0x0c0c  Wof - ok
16:39:45.0940 0x0c0c  workfolderssvc - ok
16:39:45.0971 0x0c0c  WpcMonSvc - ok
16:39:45.0971 0x0c0c  WPDBusEnum - ok
16:39:46.0002 0x0c0c  [ 024924C9E79F51560B9133EEAB866BBF, F4D464BC02C7B96EF72AA9229A99A1AD32F56390F97972C33525EF0D85304261 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
16:39:46.0018 0x0c0c  WpdUpFltr - ok
16:39:46.0018 0x0c0c  WpnService - ok
16:39:46.0018 0x0c0c  WpnUserService - ok
16:39:46.0018 0x0c0c  ws2ifsl - ok
16:39:46.0111 0x0c0c  [ B94CB55612DB205B75014B7CFC084DC6, 441BABD94D992E83D254D6C914F57F470D7B8B6ACFA7F6BC260AA26B75A8EA18 ] WsAppService    C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe
16:39:46.0127 0x0c0c  WsAppService - ok
16:39:46.0174 0x0c0c  wscsvc - ok
16:39:46.0174 0x0c0c  WSearch - ok
16:39:46.0174 0x0c0c  wuauserv - ok
16:39:46.0205 0x0c0c  [ 7FC0072ECE3F5F860990EF4E10D3F8F4, 15444A3E540EAD214A674FF0EB99CD42899D6A1139E59D69DE1C2B6BA364A9E0 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
16:39:46.0268 0x0c0c  WudfPf - ok
16:39:46.0299 0x0c0c  [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
16:39:46.0330 0x0c0c  WUDFRd - ok
16:39:46.0346 0x0c0c  [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:39:46.0361 0x0c0c  WUDFWpdFs - ok
16:39:46.0377 0x0c0c  [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:39:46.0408 0x0c0c  WUDFWpdMtp - ok
16:39:46.0424 0x0c0c  WwanSvc - ok
16:39:46.0424 0x0c0c  XblAuthManager - ok
16:39:46.0424 0x0c0c  XblGameSave - ok
16:39:46.0439 0x0c0c  xboxgip - ok
16:39:46.0439 0x0c0c  XboxGipSvc - ok
16:39:46.0455 0x0c0c  XboxNetApiSvc - ok
16:39:46.0455 0x0c0c  xinputhid - ok
16:39:46.0627 0x0c0c  [ 092C26E1609FA800321B89690FA5CA39, 5473C424412D0904E41D448DFD0D58D70564AAD570D113D31085688DF115CB78 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:39:46.0752 0x0c0c  ZeroConfigService - ok
16:39:46.0752 0x0c0c  ================ Scan global ===============================
16:39:46.0799 0x0c0c  [ Global ] - ok
16:39:46.0799 0x0c0c  ================ Scan MBR ==================================
16:39:46.0814 0x0c0c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:39:46.0908 0x0c0c  \Device\Harddisk0\DR0 - ok
16:39:46.0908 0x0c0c  ================ Scan VBR ==================================
16:39:46.0939 0x0c0c  [ 3F2E593247565022B4E74F3C2961A5AD ] \Device\Harddisk0\DR0\Partition1
16:39:46.0939 0x0c0c  \Device\Harddisk0\DR0\Partition1 - ok
16:39:46.0955 0x0c0c  [ A31A07303B2A927C5EFD7A96A54CCDD4 ] \Device\Harddisk0\DR0\Partition2
16:39:46.0955 0x0c0c  \Device\Harddisk0\DR0\Partition2 - ok
16:39:46.0955 0x0c0c  [ 548FFF8CD3643B30FDD1D369DD53A631 ] \Device\Harddisk0\DR0\Partition3
16:39:46.0955 0x0c0c  \Device\Harddisk0\DR0\Partition3 - ok
16:39:46.0955 0x0c0c  [ E09178F37CA2FE637A31A17E1F1D6092 ] \Device\Harddisk0\DR0\Partition4
16:39:46.0971 0x0c0c  \Device\Harddisk0\DR0\Partition4 - ok
16:39:46.0971 0x0c0c  [ 44EA2705CB521174C93DC6393C039D48 ] \Device\Harddisk0\DR0\Partition5
16:39:46.0986 0x0c0c  \Device\Harddisk0\DR0\Partition5 - ok
16:39:46.0986 0x0c0c  [ FADC8C6032A55EBC745B57BFAF653D60 ] \Device\Harddisk0\DR0\Partition6
16:39:46.0986 0x0c0c  \Device\Harddisk0\DR0\Partition6 - ok
16:39:46.0986 0x0c0c  ================ Scan active images ========================
16:39:46.0986 0x0c0c  ================ Scan generic autorun ======================
16:39:47.0033 0x0c0c  [ 783C99AFD4C2AE6950FA5694389D2CFA, 570B37A7A3FFDAFCCECCC33CBC1968FEB857B73CA3CB4DFFEDC2E67E9ABD0878 ] C:\WINDOWS\system32\SecurityHealthSystray.exe
16:39:47.0080 0x0c0c  SecurityHealth - ok
16:39:47.0127 0x0c0c  [ 1FABA74CEA705ECB2CDA5398F3477212, 07D8952C60A8D89F249985206746B132596909E8BABC3A0C5B6E33A22FFD65CF ] C:\Program Files\PDF24\pdf24.exe
16:39:47.0158 0x0c0c  PDF24 - ok
16:39:47.0205 0x0c0c  [ E66724F3B2E3AE7882A4B4A398E911A3, ABC91EC2EC25068D2A884ACB7B89930184B0E85144AED044EC53FCF1875F0A25 ] C:\Program Files\AVG\Antivirus\AvLaunch.exe
16:39:47.0221 0x0c0c  AVGUI.exe - ok
16:39:47.0221 0x0c0c  WindowsDefender - ok
16:39:47.0252 0x0c0c  [ 03C21928B3B0C76D36EF663C7C3832A3, 7773C44CF15111E49E3A5815388FC14E39C1BFEF217DA35EEBCF7502A4992B96 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
16:39:47.0252 0x0c0c  Adobe CCXProcess - ok
16:39:47.0252 0x0c0c  {A55E6E49-BC4A-4BD3-8785-D19F9FB87474} - ok
16:39:47.0299 0x0c0c  OneDriveSetup - ok
16:39:47.0361 0x0c0c  GoogleDriveFS - ok
16:39:47.0361 0x0c0c  OneDriveSetup - ok
16:39:47.0361 0x0c0c  GoogleDriveFS - ok
16:39:47.0533 0x0c0c  [ 28A21AFB4BDC543B4B0309BB78B8BA4A, 672AEB85A07EC1A25DBCF48B64D3BDE24DD0691C2BB27ED74A536776F63B5D27 ] C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
16:39:47.0643 0x0c0c  Opera GX Browser Assistant - ok
16:39:47.0721 0x0c0c  [ 6C8960319F05FB5E1513E3BF95BA1719, B23EFD13439CF0A9FD5F64E3C0C0FCB419E879078BDCC52DA02BC5C2A1EEC342 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE
16:39:47.0736 0x0c0c  EPLTarget\P0000000000000001 - ok
16:39:48.0174 0x0c0c  [ 10FBAA7454807A54DA780CCD50FA9D11, 13FD99C0B22984D2601714A4F9D6E82E908371072758EE289416F209410F03C9 ] C:\Users\b-rch\AppData\Roaming\Spotify\Spotify.exe
16:39:48.0799 0x0c0c  Spotify - ok
16:39:48.0814 0x0c0c  GoogleDriveFS - ok
16:39:48.0814 0x0c0c  Waiting for KSN requests completion. In queue: 187
16:39:50.0408 0x0c0c  AV detected via SS2: Windows Defender, windowsdefender:// (  ), 0x60100 ( disabled : updated )
16:39:50.0408 0x0c0c  AV detected via SS2: AVG Antivirus, C:\Program Files\AVG\Antivirus\wsc_proxy.exe ( 21.4.6162.0 ), 0x41000 ( enabled : updated )
16:39:50.0408 0x0c0c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (  ), 0x60010 ( disabled : outofdate )
16:39:50.0470 0x0c0c  Win FW state via NFP2: enabled ( trusted )
16:39:50.0877 0x0c0c  ============================================================
16:39:50.0877 0x0c0c  Scan finished
16:39:50.0877 0x0c0c  ============================================================
16:39:50.0877 0x085c  Detected object count: 0
16:39:50.0877 0x085c  Actual detected object count: 0
7

Y de dejo además el reporte del Rkill que se generó en mi escritorio, por si acaso.

RKILL

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2021 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/25/2021 04:35:36 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Home Single Language 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

Te comento que en Modo Seguro, la PC me anda de maravilla, sin embargo he notado en los reinicios que he hecho, que incluso en modo seguro, el Explorador de Windows se cuelga apenas inicia en modo seguro, me sale la ventana que me dice que el proceso no responde y le doy a “Terminar Proceso”; luego de ello la pantalla parpadea y luego inicia el explorador de Windows de manera normal. Me pareció un poco raro por eso te lo comento. Gracias por la ayuda!

1 me gusta
8

OK.

OK.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas y discos duros externos si también tienes.

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.

Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.

1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.

  • Realizas un Análisis Personalizado, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:

1. Analizar objetos en memoria

2. Analizar configuracion de inicio y registro

3. Analizar dentro de los archivos

  • Pulsar en “Eliminar Seleccionados” para enviar las infecciones a la cuarentena y Reinicias el ordenador.
  • Para acceder posteriormente al informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el informe en tu próxima respuesta.

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se termine el análisis. Inmediatamente pulsa sobre el botón Iniciar Reparación.
  • Espera a que termine y sigue las instrucciones que te aparezcan. Si te pidiera Reiniciar, pues reinicias el ordenador pulsando en Aceptar.
  • Si no encuentra nada, pulsa en Omitir Reparación.
  • El log lo encontrarás en la pestaña Informes, volviendo a abrir el programa, si es necesario o en la siguiente ubicación: C:\AdwCleaner\Logs\AdwCleaner[C0].txt.
  • Para más información aquí te dejo su manual: Manual de Adwcleaner.
  • Activa de nuevo tu antivirus y cualquier programa de seguridad que tengas activado.

3) Utiliza nuevamente CCleaner tal como te dije en el punto 0.

Pegas los reportes de Malwarebytes y AdwCleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

1 me gusta
9

Buenas @Marr0n aqui te dejo los reportes solicitados

MALWAREBYTES ANTIMALWARE

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 30/11/21
Hora del análisis: 16:24
Archivo de registro: e0c6c5fc-5223-11ec-ad0a-54ee751a2b76.json

-Información del software-
Versión: 4.4.11.149
Versión de los componentes: 1.0.1513
Versión del paquete de actualización: 1.0.47932
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 19042.1348)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-C692K8O\b-rch

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 529679
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 2 hr, 9 min, 26 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 4
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\PENAL ESPECIAL\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\POSTULACION\ONPE\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\POSTULACION\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
RiskWare.KMS, C:\USERS\B-RCH\DOWNLOADS\KMSAUTO.NET.2016.V1.5.3.PORTABLE-RATIBORUS.ZIP, En cuarentena, 901, 632069, 1.0.47932, , ame, , AA9AF9E42B046B88C64590BDC7B0C02D, C1058F703E65DD2295320154125EBE63797B5CC9EE20545349E7EF3F5B51BB5C

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-11-18.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-01-2021
# Duration: 00:00:10
# OS:       Windows 10 Home Single Language
# Scanned:  32011
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoHotkeyManager   Folder   C:\Program Files\LENOVO\HOTKEY 
Preinstalled.LenovoHotkeyManager   Registry   HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E} 
Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\b-rch\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 
Preinstalled.LenovoPowerManager   Folder   C:\Windows\SysWOW64\LENOVO\POWERMGR 
Preinstalled.LenovoPowerManager   Folder   C:\Windows\System32\LENOVO\POWERMGR 
Preinstalled.LenovoServiceBridge   Folder   C:\Users\b-rch\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE 
Preinstalled.LenovoServiceBridge   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1 
Preinstalled.LenovoUpdate   Folder   C:\Program Files (x86)\LENOVO\SYSTEM UPDATE 
Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08} 
Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1 


AdwCleaner[S00].txt - [2817 octets] - [30/06/2021 16:46:31]
AdwCleaner[S01].txt - [2878 octets] - [01/12/2021 11:02:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Sobre mi problema, he notado que la PC sigue lenta como cuando empezamos, pero esta vez es por muchísmimo menos tiempo (unos 4 a 5 minutos) a comparación de la hora y pico que tomaba,es una mejoría grande pero aun tengo el problema de arranque, sin embargo en comparación, está muchísimo mejor la verdad :smiley:

1 me gusta
10

Ok @Brayand_Chacaltana

Vamos por el buen camino.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, USB, etc).

0) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.

1) Descarga Kasperky Virus Removal Tool Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y lo realizas tal y como se indica en su manual. En este caso no da reporte alguno, cuando finalice, presionas en la pestaña Report tal y como se indica en su manual y haces una captura de pantalla y la subes.

¿Como subir imágenes al Foro?

:two: PRÓXIMA RESPUESTA

Pegas los reportes de Eset Online Scaner y Kasperky Virus Removal Tool (captura de pantalla) y comentas como va el PC.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

2 Me gusta
11

Hola Marr0n! Nuevamente disculpa la demora, pero como vas a poder ver, los analisis duraron más de un dia. Te dejo los reportes

Eset Online Scanner

07/12/2021 15:05:57
Archivos analizados: 415882
Archivos detectados: 0
Archivos desinfectados: 0
Tiempo total de análisis: 03:34:11
Estado del análisis: Finalizado

Karpersky

821×609 73.9 KB

Las unidades G: y H: son unidades virtuales de Google Drive, supongo que por eso muestran un error.

Te comento lo que sucedió. Mientras realizaba el escaneo en ESET Online, ví que se detectaron 3 amenazas; pero como estaba tomando mucho tiempo, lo dejé allí y me fui a hacer otras cosas. Cuando regresé luego de algunas horas, me di con la sorpresa que ESET Online se había cerrado y no estaba realizando ya ningún análisis. Luego, he vuelto a iniciar el ESET y ya no detectó nada y terminó más rápido.

Mi PC ya está muchísimo mejor que antes, igual sufre un poco para iniciar pero luego ya la tengo en buenas condiciones, nada que ver con lo que estaba antes :smiley:

1 me gusta
14

Hola buenas @Brayand_Chacaltana

Tranquilo no pasa nada, perdonado estas.

Ok, correcto así es.

OK. Hubiese sido interesante de todas formas ver que es lo que había detectado.

OK bien me alegro.

Vamos a hacer alguna cosilla más, más que nada para descartar que no quede infección alguna y también a ver si le podemos dar un poco más de “forma física a la máquina y va de este modo un poco más rápido”.

0) Descarga, instala y ejecuta ZHP Cleaner siguiendo su manual, lo descargas de aquí, instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Pegas el reporte de ZHP Cleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

1 me gusta
15

Dejo el reporte solicitado :smiley:

~ ZHPCleaner v2021.12.12.343 by Nicolas Coolman (2021/12/12)
~ Run by b-rch (Administrator)  (14/12/2021 11:41:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\b-rch\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\b-rch\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 19042)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (5)
MOVIDO carpeta: C:\Users\b-rch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk  [Bad : C:\Users\b-rch\AppData\Local\Discord\app-0.0.309\Discord.exe](.Discord Inc..)  =>.SUP.Discord
MOVIDO carpeta: C:\Users\b-rch\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore]  =>SUP.Optional.SweetLabs
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib]  =>SUP.Optional.SweetLabs
MOVIDO archivo: C:\Users\b-rch\AppData\Local\MSfree Inc  =>HackTool.WinActivator


---\\  Registro ( Claves, Valores, Datos) (8)
BORRADOS clave*: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox [AdditionalScan 573]  =>.SUP.FirefoxRestriction
BORRADOS clave*: HKEY_USERS\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Discord []  =>.SUP.Discord
BORRADOS clave*: HKEY_USERS\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol]  =>.SUP.Discord
BORRADOS clave**: HKCU\Software\Discord []  =>.SUP.Discord
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.]  =>.SUP.Discord
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_RASAPI32 []  =>Toolbar.Agent
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_RASMANCS []  =>Toolbar.Agent
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask


---\\  Resumen de elementos en su estación de trabajo (7)
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/  =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>SUP.Optional.SweetLabs
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/  =>.SUP.FirefoxRestriction
https://nicolascoolman.eu/2017/09/23/barres-doutils-de-navigateur-toolbars/  =>Toolbar.Agent
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask


---\\ Limpieza adicional. (33)
~ Clave de registro Tracing borrados (33)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Internet Explorer OK
~ Opera Stable OK


---\\ STATISTIQUES
~ Items escaneado : 1147
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas





~ End of clean in 00h00mn29s

---\\  Reporte (2)
ZHPCleaner-[S]-14122021-11_36_15.txt
ZHPCleaner-[R]-14122021-11_42_15.txt

Luego de hacer el análisis, he notado una mejoría en mi sistema, ahora se comporta como lo hacia hace algunos años, creo que esta mejor aun que antes :smiley:

1 me gusta
16

Primero de todo disculpa que haya tardado en responder @Brayand_Chacaltana. Pues últimamente voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.

OK. :+1: perfecto. Vamos a mirar que todo este OK y que no quede ningún resto de nada que no deba de quedar.

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:warning: Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

  3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.

  4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

P.D.: Si tardo en responder que no te extrañe, voy con muy poco tiempo y es normal. Pero seguiremos el caso hasta el final.

17

Que tla @Marr0n te dejo los reportes solicitados

FRST.txt

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 11-12-2021
Ejecutado por b-rch (administrador) sobre DESKTOP-C692K8O (LENOVO 20BFA16500) (21-12-2021 15:09:10)
Ejecutado desde C:\Users\b-rch\Desktop
Perfiles cargados: b-rch
Plataforma: Microsoft Windows 10 Home Single Language Versión 20H2 19042.1415 (X64) Idioma: Español (México)
Navegador predeterminado: Opera
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <5>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <6>
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\b-rch\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch\AppData\Local\Programs\Opera GX\81.0.4196.61\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch\AppData\Local\Programs\Opera GX\opera.exe <19>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUPE.EXE
(ShareX Team) [Archivo no firmado] C:\Program Files\ShareX\ShareX.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> )
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [Spotify] => C:\Users\b-rch\AppData\Roaming\Spotify\Spotify.exe [18654336 2021-10-20] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\EPSON L3110 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBUPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\WINDOWS\system32\NxPrinterMonitor13.dll [359936 2021-06-01] (Nitro Software, Inc. -> Nitro Software, Inc.)
Startup: C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-04-01]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [Archivo no firmado]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {0B5A0E7F-4C64-49E0-8FCD-88C0BB0DC2BC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2250469887-891261404-2791495626-1001 => C:\Users\b-rch\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-10-30] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0C22436A-2214-4B44-B7C7-6712D512DD47} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f52c04f-4063-46ed-8191-03eb1dddc90d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {10A8A50E-E861-4CFA-80DD-DDE66158BDD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {1204267D-C2A4-4C46-9B97-09542D26EC7C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5002680 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {3116161E-A4E1-4547-BD67-7ECB6B44850C} - System32\Tasks\Opera GX scheduled Autoupdate 1617329887 => C:\Users\b-rch\AppData\Local\Programs\Opera GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software)
Task: {4654BBEC-47F8-4776-8C68-62D3B9726589} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {47F3E8A2-D681-4E68-9695-B9B425E3487C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d7c97629-3d28-441d-962f-901346f301e3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {4FC2FCA8-CE8B-41E4-A6B4-2B2EFA4FFA41} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {55A87FC2-3123-4E07-8637-449B9DCED9F9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\890e49d9-c62f-49ba-8bce-3a10df75111b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
Task: {5A654764-E629-437C-82AA-F8CC8DC98D97} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-07-05] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {618689A3-6B5C-4691-BB40-A14D60C6F7FE} - System32\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {69929424-F93D-4500-B917-098689E9B662} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {786DBA86-7BE1-4DE6-97C5-4080286D339A} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {8129F606-F265-41F7-9E70-78DA3B26FFAD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {904EE1F4-848D-4E32-B3EC-F6B979DEE05B} - System32\Tasks\Lenovo Active Protection System => C:\Windows\System32\TpShocks.exe [582616 2017-10-05] (Lenovo -> Lenovo.)
Task: {91964718-9B60-4D6B-AC0F-68570CCC212B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {92FBAB39-E50E-4DA2-A35B-0CD9FCB24336} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1618239358 => C:\Users\b-rch\AppData\Local\Programs\Opera GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {9C739FA9-2A6C-4793-86AB-C611293262FD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {A31023D8-9B26-41C7-88A8-1B61CB39C9F9} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {B4829376-2EF8-4AD0-9041-01E96082D965} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BAE5D1F1-5BDB-4984-83C5-48AA75D7A9C4} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {C2CFCCCA-69D7-4AE5-B462-CB3DE2EBDE8B} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {CCDE35FF-C3E0-4B44-954A-7F2DEEF7A803} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {DAABC766-6585-40AD-B632-A7D1BB61360C} - System32\Tasks\CCleanerSkipUAC - b-rch => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB01C101-4ED1-4065-B11D-58F9673BDE04} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {F2275DF2-CAD1-4C9E-85D7-AE04EC78CD41} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {F88A8A10-972A-47CB-8B7D-0C719DEDCCBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {FD3E18C5-2296-4A8A-8BD1-8782366B711B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE:/EXE:{FAEF8794-4DBD-4311-9FBF-16140C05B3C3} /F:UpdateWORKGROUP\DESKTOP-C692K8O$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 192.168.183.198
Tcpip\..\Interfaces\{37363d65-1651-4834-85bd-b4547191c05e}: [DhcpNameServer] 192.168.183.198

Edge: 
=======
Edge Profile: C:\Users\b-rch\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-14]

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-2250469887-891261404-2791495626-1001) Opera GXStable - "C:\Users\b-rch\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [485816 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [485816 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8517744 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-07-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-30] (Malwarebytes Inc -> Malwarebytes)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35848 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [222232 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [368240 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [252000 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99424 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41496 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [185360 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [539128 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107992 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83056 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852880 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [544248 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [214512 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317840 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 NW1900; C:\WINDOWS\System32\drivers\NW1900.sys [130232 2015-07-16] (NextWindow -> SMART Technologies)
S3 NWLowRider; C:\WINDOWS\System32\drivers\NWLowRider.sys [25456 2015-07-16] (SMART Technologies ULC -> )
S3 NWVoltron; C:\WINDOWS\System32\drivers\NWVoltron.sys [27832 2015-07-16] (NextWindow -> )
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [10240 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-12-21 15:09 - 2021-12-21 15:11 - 000026456 _____ C:\Users\b-rch\Desktop\FRST.txt
2021-12-21 15:04 - 2021-12-21 15:05 - 002311168 _____ (Farbar) C:\Users\b-rch\Desktop\FRST64.exe
2021-12-16 10:58 - 2021-12-16 10:58 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-15 19:44 - 2021-12-15 19:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-15 19:44 - 2021-12-15 19:44 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-15 19:42 - 2021-12-15 19:42 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-15 19:42 - 2021-12-15 19:42 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
2021-12-15 12:08 - 2021-12-15 12:08 - 000050831 _____ C:\Users\b-rch\Downloads\constancia (36).pdf
2021-12-15 10:16 - 2021-12-15 10:17 - 000043883 _____ C:\Users\b-rch\Downloads\liquidacion pago V-1578673.pdf
2021-12-14 11:42 - 2021-12-14 11:42 - 000011238 _____ C:\Users\b-rch\Desktop\ZHPCleaner (R).html
2021-12-14 11:42 - 2021-12-14 11:42 - 000004320 _____ C:\Users\b-rch\Desktop\ZHPCleaner (R).txt
2021-12-14 11:36 - 2021-12-14 11:36 - 000011509 _____ C:\Users\b-rch\Desktop\ZHPCleaner (S).html
2021-12-14 11:36 - 2021-12-14 11:36 - 000004551 _____ C:\Users\b-rch\Desktop\ZHPCleaner (S).txt
2021-12-14 11:18 - 2021-12-14 11:42 - 000000000 ____D C:\Users\b-rch\AppData\Roaming\ZHP
2021-12-14 11:18 - 2021-12-14 11:18 - 000000875 _____ C:\Users\b-rch\Desktop\ZHPCleaner.lnk
2021-12-14 11:18 - 2021-12-14 11:18 - 000000000 ____D C:\Users\b-rch\AppData\Local\ZHP
2021-12-14 11:17 - 2021-12-14 11:17 - 003291800 _____ (Nicolas Coolman) C:\Users\b-rch\Desktop\ZHPCleaner.exe
2021-12-13 16:07 - 2021-12-13 16:07 - 000030063 _____ C:\Users\b-rch\Downloads\Hoja_Envio_205402-2021.pdf
2021-12-13 14:31 - 2021-12-13 14:31 - 000220144 _____ C:\Users\b-rch\Downloads\DE YBARRA MURGUIA 01-45966.pdf
2021-12-13 14:31 - 2021-12-13 14:31 - 000220144 _____ C:\Users\b-rch\Downloads\DE YBARRA MURGUIA 01-45966 (1).pdf
2021-12-13 13:58 - 2021-12-13 13:58 - 000203450 _____ C:\Users\b-rch\Downloads\Exp. 03323-2021-0-0401-JR-LA-04 - Consolidado - 184672-2021.pdf
2021-12-13 12:42 - 2021-12-13 12:42 - 000112898 _____ C:\Users\b-rch\Downloads\res_2014006120124250000072946.pdf
2021-12-13 12:42 - 2021-12-13 12:42 - 000091448 _____ C:\Users\b-rch\Downloads\res_2014006120124252000258413.pdf
2021-12-13 12:37 - 2021-12-13 12:37 - 000092036 _____ C:\Users\b-rch\Downloads\res_2014006120123726000486751.pdf
2021-12-13 12:37 - 2021-12-13 12:37 - 000091378 _____ C:\Users\b-rch\Downloads\res_2014006120123713000545950.pdf
2021-12-13 12:35 - 2021-12-13 12:35 - 000076472 _____ C:\Users\b-rch\Downloads\res_20140061294123518000991977.pdf
2021-12-13 10:45 - 2021-12-13 10:45 - 000050187 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.43.12 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000081810 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.41.59 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000067412 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.42.49 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000064192 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.42.18 PM.jpeg
2021-12-13 10:35 - 2021-12-13 10:35 - 000215193 _____ C:\Users\b-rch\Downloads\88062-2021.pdf
2021-12-10 17:19 - 2021-12-10 17:19 - 003497476 _____ C:\Users\b-rch\Documents\QR vacuna.psd
2021-12-10 12:09 - 2021-12-10 12:09 - 001772006 _____ C:\Users\b-rch\Downloads\RJ 78-2020-ANA.pdf
2021-12-10 10:36 - 2021-12-10 10:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-10 10:19 - 2021-12-10 10:19 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-12-10 10:19 - 2021-12-10 10:19 - 000214512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-12-09 13:02 - 2021-12-09 13:02 - 000096801 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-09 at 1.02.02 PM.jpeg
2021-12-09 13:02 - 2021-12-09 13:02 - 000078216 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-09 at 1.02.33 PM.jpeg
2021-12-09 12:53 - 2021-12-09 12:53 - 000442570 _____ C:\Users\b-rch\Downloads\X5B722_CONSORCIO VALLE LA CONVENCION R Y L MAQUINARIAS S.A.C..pdf
2021-12-09 12:53 - 2021-12-09 12:53 - 000217478 _____ C:\Users\b-rch\Downloads\X5B-722.pdf
2021-12-07 17:07 - 2021-12-07 17:08 - 000000000 ____D C:\KVRT2020_Data
2021-12-07 15:42 - 2021-12-07 15:49 - 110543872 _____ (AO Kaspersky Lab) C:\Users\b-rch\Desktop\KVRT.exe
2021-12-07 15:28 - 2021-12-07 15:28 - 000452333 _____ C:\Users\b-rch\Downloads\v8i610_TIVE.pdf
2021-12-07 15:05 - 2021-12-07 15:05 - 000000340 _____ C:\Users\b-rch\Documents\reporte.txt
2021-12-07 10:46 - 2021-12-07 10:46 - 000192147 _____ C:\Users\b-rch\Downloads\DC-EECC-NOV-2021.pdf
2021-12-06 16:34 - 2021-12-07 11:24 - 000001378 _____ C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-12-06 16:34 - 2021-12-07 11:23 - 000001272 _____ C:\Users\b-rch\Desktop\ESET Online Scanner.lnk
2021-12-06 16:33 - 2021-12-06 16:33 - 000000000 ____D C:\Users\b-rch\AppData\Local\ESET
2021-12-06 16:27 - 2021-12-06 16:30 - 013311448 _____ (ESET) C:\Users\b-rch\Desktop\esetonlinescanner.exe
2021-12-02 15:22 - 2021-12-02 15:22 - 000129780 _____ C:\Users\b-rch\Downloads\Exp. 00171-2021-0-0401-JR-DC-01 - Consolidado - 41614-2021.pdf
2021-12-02 15:16 - 2021-12-02 15:16 - 000191708 _____ C:\Users\b-rch\Downloads\Exp. 00937-2021-30-2301-JR-PE-06 - Consolidado - 15761-2021.pdf
2021-12-02 15:16 - 2021-12-02 15:16 - 000081378 _____ C:\Users\b-rch\Downloads\Exp. 00937-2021-30-2301-JR-PE-06 - Consolidado - 15099-2021.pdf
2021-12-01 11:19 - 2021-12-01 11:19 - 000004496 _____ C:\Users\b-rch\Documents\cc_20211201_111908.reg
2021-12-01 10:56 - 2021-12-01 10:56 - 008540344 _____ (Malwarebytes) C:\Users\b-rch\Desktop\adwcleaner_8.3.1.exe
2021-11-30 19:02 - 2021-11-30 19:02 - 000002529 _____ C:\Users\b-rch\Desktop\reporte.txt
2021-11-30 16:20 - 2021-11-30 16:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-30 16:20 - 2021-11-30 16:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-30 16:20 - 2021-11-30 16:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-30 16:18 - 2021-11-30 16:16 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-11-30 16:18 - 2021-11-30 16:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-11-30 16:14 - 2021-11-30 16:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-30 16:13 - 2021-11-30 16:13 - 002101944 _____ (Malwarebytes) C:\Users\b-rch\Downloads\MBSetup (1).exe
2021-11-30 16:11 - 2021-11-30 16:11 - 000144890 _____ C:\Users\b-rch\Documents\cc_20211130_161132.reg
2021-11-30 16:06 - 2021-12-16 17:01 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-11-30 16:06 - 2021-12-16 17:01 - 000002252 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - b-rch
2021-11-30 16:06 - 2021-11-30 16:06 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-11-30 16:05 - 2021-12-21 11:51 - 000000000 ____D C:\Program Files\CCleaner
2021-11-30 11:59 - 2021-11-30 11:59 - 000050882 _____ C:\Users\b-rch\Downloads\constancia (35).pdf
2021-11-30 11:59 - 2021-11-30 11:59 - 000050858 _____ C:\Users\b-rch\Downloads\constancia (34).pdf
2021-11-30 11:15 - 2021-11-30 11:17 - 036501456 _____ (Piriform Software Ltd) C:\Users\b-rch\Downloads\ccsetup587.exe
2021-11-29 16:48 - 2021-11-29 16:48 - 000275615 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-11-29 at 4.47.44 PM.jpeg
2021-11-29 16:48 - 2021-11-29 16:48 - 000273122 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-11-29 at 4.47.56 PM.jpeg
2021-11-29 15:53 - 2021-11-29 15:53 - 000184279 _____ C:\Users\b-rch\Downloads\documento (3).pdf
2021-11-26 11:12 - 2021-11-26 11:37 - 000007072 _____ C:\TDSSKiller.3.1.0.28_26.11.2021_11.12.37_log.txt
2021-11-25 16:38 - 2021-11-25 16:51 - 000137678 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.38.49_log.txt
2021-11-25 16:35 - 2021-11-25 16:36 - 000007260 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.35.55_log.txt
2021-11-25 16:35 - 2021-11-25 16:35 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-24751.exe
2021-11-25 16:34 - 2021-11-25 16:34 - 000000562 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.34.48_log.txt
2021-11-25 16:30 - 2021-11-25 16:30 - 000007192 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.30.21_log.txt
2021-11-25 16:26 - 2021-11-25 16:27 - 000007260 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.26.07_log.txt
2021-11-25 16:25 - 2021-11-25 16:26 - 000000562 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.25.58_log.txt
2021-11-25 16:25 - 2021-11-25 16:25 - 005054744 _____ (AO Kaspersky Lab) C:\Users\b-rch\Desktop\tdsskiller.exe
2021-11-25 16:23 - 2021-11-25 16:23 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-22462.exe
2021-11-25 14:55 - 2021-11-30 16:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-25 14:55 - 2021-11-25 14:55 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\554565E3.sys
2021-11-25 14:54 - 2021-11-25 15:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-11-25 14:54 - 2021-11-25 15:18 - 000000000 ____D C:\Users\b-rch\Desktop\mbar
2021-11-25 14:52 - 2021-11-25 14:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\b-rch\Desktop\mbar-1.10.3.1001.exe
2021-11-25 14:48 - 2021-11-25 16:35 - 000001434 _____ C:\Users\b-rch\Desktop\Rkill.txt
2021-11-25 14:48 - 2021-11-25 14:48 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-3701.exe
2021-11-25 11:20 - 2021-11-25 11:20 - 000083608 _____ C:\Users\b-rch\Downloads\res_2013043060112010000497703.pdf
2021-11-24 17:18 - 2021-11-24 17:18 - 000494032 _____ C:\Users\b-rch\Downloads\Directiva 01-2008-SNCP-CNC - Tolerancias Catastrales y Registrales (2).pdf
2021-11-24 16:06 - 2021-11-24 16:06 - 000215870 _____ C:\Users\b-rch\Downloads\83519-2021.pdf
2021-11-23 11:15 - 2021-11-23 11:15 - 000021184 _____ C:\Users\b-rch\Downloads\ticket-949748-24.pdf
2021-11-22 17:41 - 2021-11-22 17:42 - 000094446 _____ C:\Users\b-rch\Downloads\e4aa1ebb-9c0f-4dcf-869a-62c89f387876.pdf
2021-11-22 12:27 - 2021-11-22 12:27 - 000035656 _____ C:\Users\b-rch\Downloads\pdf-95-disolucion-y-liquidacion_compress.pdf

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-12-21 15:10 - 2021-07-01 11:21 - 000000000 ____D C:\FRST
2021-12-21 15:06 - 2021-04-02 03:08 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-21 15:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-21 12:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-21 12:54 - 2021-04-28 12:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-21 11:28 - 2021-04-01 22:27 - 000000000 ____D C:\WINDOWS\TempInst
2021-12-21 11:24 - 2021-04-06 16:59 - 000006931 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-12-21 11:19 - 2021-07-05 10:44 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-12-20 15:11 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-20 14:46 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-20 13:23 - 2021-04-01 18:07 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-17 10:27 - 2021-09-25 12:52 - 000000000 ___RD C:\Users\b-rch\Mi unidad ([email protected])
2021-12-17 10:04 - 2021-04-01 19:56 - 000000000 __SHD C:\Users\b-rch\IntelGraphicsProfiles
2021-12-17 10:04 - 2021-04-01 17:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-12-16 17:01 - 2021-06-30 12:53 - 000003314 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73c591b73e056
2021-12-16 17:01 - 2021-04-28 13:28 - 000003784 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1618239358
2021-12-16 17:01 - 2021-04-28 13:28 - 000003532 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1617329887
2021-12-16 17:01 - 2021-04-28 13:28 - 000003508 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-16 17:01 - 2021-04-28 13:28 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}
2021-12-16 17:01 - 2021-04-28 13:28 - 000003486 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-16 17:01 - 2021-04-28 13:28 - 000003284 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-16 17:01 - 2021-04-28 13:28 - 000003262 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-16 17:01 - 2021-04-28 13:28 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2021-12-16 17:01 - 2021-04-28 13:28 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-12-16 17:01 - 2021-04-28 13:28 - 000002274 _____ C:\WINDOWS\system32\Tasks\DolbySelectorTask
2021-12-16 17:01 - 2021-04-28 13:28 - 000001878 _____ C:\WINDOWS\system32\Tasks\Lenovo Active Protection System
2021-12-16 17:01 - 2021-04-28 13:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-12-16 17:01 - 2021-04-12 11:33 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}.job
2021-12-16 11:10 - 2021-04-28 13:11 - 001683676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-16 11:10 - 2019-12-07 10:03 - 000751292 _____ C:\WINDOWS\system32\perfh00A.dat
2021-12-16 11:10 - 2019-12-07 10:03 - 000147478 _____ C:\WINDOWS\system32\perfc00A.dat
2021-12-16 11:10 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-16 11:04 - 2021-07-05 10:41 - 000000000 ____D C:\ProgramData\AVG
2021-12-16 11:03 - 2021-04-28 13:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-16 11:03 - 2021-04-28 12:54 - 000453080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-16 11:03 - 2021-04-01 17:56 - 000000000 ____D C:\ProgramData\Synaptics
2021-12-16 11:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-16 11:02 - 2021-04-28 12:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-16 11:02 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-15 18:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-15 15:15 - 2021-04-03 01:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-15 15:04 - 2021-04-03 01:36 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 11:02 - 2021-07-05 12:59 - 000000000 ____D C:\Users\b-rch\AppData\LocalLow\IGDump
2021-12-15 09:59 - 2021-08-25 09:11 - 000000000 ____D C:\Users\b-rch\AppData\Local\CrashDumps
2021-12-13 10:25 - 2021-04-26 12:10 - 000000000 ____D C:\Users\b-rch\Desktop\Escaneos
2021-12-10 17:52 - 2021-04-28 13:01 - 000000000 ____D C:\Users\b-rch
2021-12-10 17:20 - 2021-04-01 21:47 - 000000000 ____D C:\Users\b-rch\Documents\ShareX
2021-12-10 17:02 - 2021-04-02 11:39 - 000000000 ____D C:\Users\b-rch\AppData\Local\Adobe
2021-12-10 10:19 - 2021-07-05 10:44 - 000852880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000544248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000539128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000368240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000317840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000252000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000222232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000185360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000107992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000099424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000083056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000041496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000035848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-12-10 10:19 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-06 17:06 - 2021-06-01 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2021-12-06 17:05 - 2021-06-01 16:36 - 000000000 ____D C:\Program Files (x86)\AIMP
2021-11-30 16:10 - 2021-06-17 17:17 - 000000000 ____D C:\Users\b-rch\AppData\Roaming\FileZilla
2021-11-30 16:10 - 2021-04-29 10:17 - 000000000 ____D C:\WINDOWS\Minidump
2021-11-30 16:10 - 2021-04-27 10:14 - 000000000 ___DC C:\WINDOWS\Panther
2021-11-29 12:41 - 2021-04-01 21:18 - 000001434 _____ C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera GX.lnk
2021-11-26 11:20 - 2021-04-01 19:57 - 000000000 ____D C:\ProgramData\Packages
2021-11-25 16:37 - 2021-11-17 17:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== Archivos en la raíz de algunos directorios ========

2021-04-02 21:20 - 2021-07-05 12:56 - 000007613 _____ () C:\Users\b-rch\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)

==================== Final de FRST.txt ========================
1 me gusta
18

Adittion.txt

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 11-12-2021
Ejecutado por b-rch (21-12-2021 15:13:07)
Ejecutado desde C:\Users\b-rch\Desktop
Microsoft Windows 10 Home Single Language Versión 20H2 19042.1415 (X64) (2021-04-28 18:29:07)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-2250469887-891261404-2791495626-500 - Administrator - Disabled)
b-rch (S-1-5-21-2250469887-891261404-2791495626-1001 - Administrator - Enabled) => C:\Users\b-rch
DefaultAccount (S-1-5-21-2250469887-891261404-2791495626-503 - Limited - Disabled)
Invitado (S-1-5-21-2250469887-891261404-2791495626-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2250469887-891261404-2791495626-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.10.3213 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
cdrtfe 1.5.8 (HKLM-x32\...\cdrtools Frontend_is1) (Version:  - Oliver Valencia)
Comprobación de estado de PC Windows (HKLM\...\{75741B4B-FC87-494A-A380-0EBA06DB89F9}) (Version: 3.2.2110.14001 - Microsoft Corporation)
CrystalDiskInfo 8.12.2 Shizuku Edition (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.2 - Crystal Dew World)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON L3110 Series Printer Uninstall (HKLM\...\EPSON L3110 Series) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
File Converter (64 bit) (HKLM\...\{43774DE9-8122-46C4-BD03-F59CA4410E82}) (Version: 1.2.3 - Adrien Allard)
FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.8 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0131 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.10.26.0 - Lenovo Group Ltd.)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Nitro Pro (HKLM\...\{CDDE4E45-DFDD-4F97-BE66-64B5E77C999D}) (Version: 13.42.3.855 - Nitro)
Opera GX Stable 81.0.4196.61 (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Opera GX 81.0.4196.61) (Version: 81.0.4196.61 - Opera Software)
PDF24 Creator (HKLM\...\{0DF7C4E4-3941-42FD-8707-6EBD5B8032A8}) (Version: 10.0.12 - geek software GmbH)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.6.1 - ShareX Team)
Software Intel® PROSet/Wireless (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Spotify) (Version: 1.1.70.610.g4585142b - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wondershare Recoverit(Build 8.0.4.12) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 8.0.4.12 - Wondershare Software Co.,Ltd.)
yEd Graph Editor 3.21.1 (HKLM\...\3309-7404-0599-8908) (Version: 3.21.1 - yWorks GmbH)

Packages:
=========
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-17] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-15] (Microsoft Studios) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-2250469887-891261404-2791495626-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Users\b-rch\AppData\Local\SumatraPDF\PdfPreview.dll () [Archivo no firmado]
CustomCLSID: HKU\S-1-5-21-2250469887-891261404-2791495626-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Users\b-rch\AppData\Local\SumatraPDF\PdfFilter.dll () [Archivo no firmado]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-01] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FileConverterExtension] -> {af9b72b5-f4e4-44b0-a3d9-b55b748efe90} => C:\Program Files\File Converter\FileConverterExtension.DLL [2017-04-28] () [Archivo no firmado] [El archivo está en uso]
ContextMenuHandlers1: [Nitro.Pro.ShellExtension.Shim] -> {211B6F25-950C-49CD-AB86-A448EF85686A} => C:\Program Files\Common Files\Nitro\Nitro.Pro.ShellExtension.Shim.dll [2021-06-01] (Nitro Software, Inc. -> Nitro Software, Inc.)
ContextMenuHandlers1-x32: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE2}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE2} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers1: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE3}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE3} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx64.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-01] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE2}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE2} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers6: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE3}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE3} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx64.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )

==================== Codecs (Lista blanca) ====================

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

Shortcut: C:\Users\b-rch\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()

==================== Módulos cargados (Lista blanca) =============

2021-04-01 21:46 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll
2020-05-30 16:04 - 2020-05-30 16:04 - 001638912 _____ (Robert Simpson, et al.) [Archivo no firmado] C:\ProgramData\Lenovo\Vantage\Addins\GenericTelemetryAddin\1.0.0.34\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2021-04-01 15:36 - 2021-04-01 15:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKU\S-1-5-21-2250469887-891261404-2791495626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [UDP Query User{A5DB219A-8F30-4C1E-98C3-3476399BEEEC}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{3813B550-A441-46AD-B96C-DFED9D2614FA}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B97DFC3A-3F54-4948-AFF0-C9B7FB28656F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{1CC887F9-58FD-46CB-B6C0-E6E086F3A55F}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FC1646B3-5F78-48C3-80C6-ADC9CDD2B5F8}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F45D078-2CD5-483B-A26F-42B41D5CDA8B}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{9DA2677F-CD88-4A17-A099-3B160FDC875C}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{D9003989-3272-4117-BE9E-A8864721BF54}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{1176E688-74A1-4E27-99F7-B551D2455BA9}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{3B97435E-4503-4473-8916-CF3758E1D514}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{8F0E7CEE-3828-43A0-9DF9-7EE410C0F866}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{9A979637-FCAA-4E50-9AA3-1F9B393FB4D6}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{3538CDCF-7767-4445-A5AF-D63BE5A835C7}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{19A3751E-4715-4D21-8136-272861EBE5EE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{644AFBB7-C522-4770-8AA5-237EC72E2F06}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [TCP Query User{6749E76F-E48B-43C7-8665-B53FB1141BE6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{23167D2E-D0DB-4252-8C55-C016DAFEB219}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7B4A9DE2-BEF4-447E-8F49-3E64AC356A24}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{3BCE562D-21CE-412C-9062-2C0072DA6303}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{D6CDB8FF-DD92-40EB-BFBF-8E91F9D33159}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2BADAC4E-C637-4B51-8F6B-CF0E660FDC4E}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{83AA3F8B-C4E4-4569-AD89-B53D9FD0524B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C58219BC-2F1A-4586-B4AF-A6FF45E4F38B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72D21D17-A879-4B3C-8F6F-ECA946421DED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36DD587C-B98D-45D4-9F27-3C03E4A814C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Puntos de Restauración =========================

17-12-2021 12:57:51 Punto de control programado
20-12-2021 15:08:23 Eliminación del paquete de idioma

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (12/21/2021 12:14:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (12/21/2021 11:20:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ShellExperienceHost.exe (versión 10.0.19041.1320) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 1a30

Hora de Inicio: 01d7f36acf184889

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Id. de informe: a8d21cf3-00de-4501-8a95-360c352ae95c

Nombre completo del paquete con errores: Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: App

Tipo de bloqueo: Quiesce

Error: (12/21/2021 11:17:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 30d8

Hora de Inicio: 01d7f35777514060

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Id. de informe: 2bd76e71-369f-44fe-b026-f89018f9987f

Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: App

Tipo de bloqueo: Quiesce

Error: (12/21/2021 11:17:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 2974

Hora de Inicio: 01d7f68624b2dee9

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Id. de informe: 

Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: App

Tipo de bloqueo: Activation

Error: (12/17/2021 12:57:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (D:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (12/17/2021 12:57:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (C:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)

Error: (12/17/2021 12:05:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (12/16/2021 05:01:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: 1e34

Hora de Inicio: 01d7f29711c1636f

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Id. de informe: 02d61b21-3021-4d7a-8b0b-d0bc9adc21ca

Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy

Id. de la aplicación relativa al paquete con errores: App

Tipo de bloqueo: Quiesce


Errores del sistema:
=============
Error: (12/21/2021 12:58:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/21/2021 12:28:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/21/2021 12:25:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/21/2021 11:24:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio LenovoVantageService ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (12/21/2021 11:24:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio LenovoVantageService se terminó de manera inesperada. Esto ha sucedido 2 veces.

Error: (12/21/2021 11:15:47 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C692K8O)
Description: El servidor microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (12/20/2021 03:15:24 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/20/2021 12:12:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


CodeIntegrity:
===============
Date: 2021-12-21 12:14:18
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-12-21 11:15:53
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-12-16 14:45:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-12-16 12:04:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Información de la memoria =========================== 

BIOS: LENOVO GMET90WW (2.38 ) 04/13/2020
Placa base: LENOVO 20BFA16500
Procesador: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz
Porcentaje de memoria en uso: 82%
RAM física total: 3973.7 MB
RAM física disponible: 685.78 MB
Virtual total: 6661.7 MB
Virtual disponible: 2311.97 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:113.08 GB) (Free:44.47 GB) NTFS
Drive d: () (Fixed) (Total:351.56 GB) (Free:350.7 GB) NTFS
Drive g: ([email protected] - ...) (Fixed) (Total:15 GB) (Free:7.2 GB) FAT32
Drive h: ([email protected] - ...) (Fixed) (Total:15 GB) (Free:10.24 GB) FAT32

\\?\Volume{43b6f830-8aaa-4a88-a139-2ff2e2bbc978}\ (Recuperación) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{e78112c0-7acc-491d-80fe-63fe023bbf8b}\ () (Fixed) (Total:0.56 GB) (Free:0.03 GB) NTFS
\\?\Volume{41109329-dfaa-43ab-be58-97ebccf14ffa}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 958FF0C5)

Partition: GPT.

==================== Final de Addition.txt =======================
1 me gusta
19

Hola, buenas @Brayand_Chacaltana disculpa que haya tardado en responder. Pues estoy teniendo unos días muy ajetreados, con bastante poco tiempo.

:zero: PREGUNTAS

¿Qué antivirus utilizas actualmente en tu ordenador? Pues he detectado que tienes instalados o hay rastro de los siguientes: Avast, AVG y Windows Defender. Pero por lo que veo actualmente parece ser que utilizas él: AVG. ¿Correcto? El Avast y Windows Defender no los vas a usar nunca más. ¿Correcto?

:one: DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con los nombres de: Wondershare

Pues serían los siguientes:

Wondershare Recoverit(Build 8.0.4.12) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 8.0.4.12 - Wondershare Software Co.,Ltd.)

O bien:

Wondershare (Todos los que sean **Wondershare** + **Lo que sea de Nombre**).

Estos deben de quedar completamente desinstalados.

:one: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Reinicias el ordenador en Modo Normal.

  • Descargas DelFix en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
U1 avgbdisk; no ImagePath
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

report
report703×272 3.73 KB

Salu2.

20

Como estás @Marr0n espero que hayas pasado unas bonitas fiestas :smiley:

Realmente, estoy pensando en desinstalar AVG y cambiarlo por Karpesrky Cloud Free, lo que me sucede con AVG es que ralentiza el inicio de mi PC con todos los servicios que inicia, en cambio he leido que Karspersky Cloud Free anda mucho mejor (y no me pide cada 3 dias que instale el AVG Browser hahah).

Aun no lo he hecho porque estamos en medio de un análisis y reparación, por lo que no quería cambiar de antivirus en medio proceso.

He desinstalado todos los programas que me has pedido.

Aquí tienes el registro solicitado

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 27-12-2021
Ejecutado por b-rch (28-12-2021 15:19:17) Run:2
Ejecutado desde C:\Users\b-rch\Desktop
Perfiles cargados: b-rch
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
U1 avgbdisk; no ImagePath
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

SystemRestore: On => completado
El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} => eliminado correctamente
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58EDB5DF-5E93-4033-9BD8-06B6ECB68D05}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58EDB5DF-5E93-4033-9BD8-06B6ECB68D05}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\DolbySelectorTask => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DolbySelectorTask" => eliminado correctamente
HKLM\System\CurrentControlSet\Services\avgbdisk => no pudo ser eliminado, clave podría estar protegida
C:\$WinREAgent => movido correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => eliminado correctamente

========================= File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat ========================

C:\WINDOWS\system32\DrtmAuthTxt.wim
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-IsolatedUserMode-Package~31bf3856ad364e35~amd64~~10.0.19041.1415.cat
El archivo está firmado digitalmente
MD5: E8EBBAF8F40AC2C871A2E11E87A47679
Fecha de creación y modificación: 2021-12-15 19:44 - 2021-12-15 19:44
Tamaño: 000011979
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: https://www.virustotal.com/gui/file/7c5eb6feb55f8f0f6e198e670e400315dcd12e3f84605909d49811292406da8f/detection/f-7c5eb6feb55f8f0f6e198e670e400315dcd12e3f84605909d49811292406da8f-1639780481

C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Archivo no firmado
MD5: 5C5A797761421CF9B72087F3BC8A5259
Fecha de creación y modificación: 2021-04-01 17:56 - 2021-12-28 11:13
Tamaño: 000000180
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: https://www.virustotal.com/gui/file/3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e/detection/f-3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e-1640179356

C:\Program Files\Google\Drive File Stream\launch.bat
Archivo no firmado
MD5: BAE0B80B54C4791BEDBFB44B5C064F17
Fecha de creación y modificación: 2021-09-23 15:22 - 1980-01-01 00:00
Tamaño: 000001544
Atributos: ----A
Nombre de la compañía: Microsoft Windows -> 
Interno Nombre: 
Original Nombre: 
Producto: 
Descripción: 
Archivo Versión: 
Producto Versión: 
Copyright: 
VirusTotal: https://www.virustotal.com/gui/file/57b8ad14ae6a2e4c830c13fe799353242a7a288d516c734c894988d707963c3c/detection/f-57b8ad14ae6a2e4c830c13fe799353242a7a288d516c734c894988d707963c3c-1639253560

====== Final de File: ======

VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim => (3) Error
VirusTotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => (3) Error
VirusTotal: C:\Program Files\Google\Drive File Stream\launch.bat => (3) Error

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::e9c1:cbeb:af8a:78d5%7
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.183.64
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.183.198

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{FCAE872C-9A27-4765-B86E-BAD74DB024E5} canceled.
Unable to cancel {BE323520-4592-4639-BA81-9FD5446E65A5}.
1 out of 2 jobs canceled.

========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152550032 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6224094 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18584 B
NetworkService => 18584 B
b-rch => 54692897 B

RecycleBin => 11022970 B
EmptyTemp: => 214.1 MB datos temporales eliminados.

================================

Resultado de los archivos programados para mover (Modo de Inicio: Normal) (Fecha y Hora: 28-12-2021 15:26:35)


Resultado de las claves programadas para eliminar después de reiniciar:

HKLM\System\CurrentControlSet\Services\avgbdisk => no pudo ser eliminado, clave podría estar protegida

==== Final  Fixlog 15:26:35 ====

La PC sigue andando muy bien, siempre el inicio es lento (quiero comprarle una SSD para mejorar eso), pero sigue sin pegarse como lo hacía hace unas semanas :smiley:

Quedo atento a la siguiente respuesta

1 me gusta
21

Hola buenas @Brayand_Chacaltana.

Muchas gracias e igualmente @Brayand_Chacaltana.

Todo eso que dices es verdad y quería enfocarlo un poco más adelante, pero te me has avanzado. Jejeje…

Ok. muy bien visto.

Perfecto.

Perfecto. Si con un SSD mejoraría mucho. Notarás el cambio de un HDD a un SSD. Seguro que irá mucho más rápido.

:+1:, vamos a seguir.

Salu2.

22

Hola, buenas @Brayand_Chacaltana.

:zero: DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Quitas todos los programas que encuentre Revo con los nombres de: AVG

Pues serían los siguientes:

AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.10.3213 - AVG Technologies)

O bien:

AVG (Todos los que sean **AVG** + **Lo que sea de Nombre**).

Estos deben de quedar completamente desinstalados.

Seguidamente, volveremos a ejecutar FRST, para ello:

Salu2.

1 me gusta