Hola que tal! gracias por la ayuda! Tengo un problema con Rkill. Me bajé el iExplore.exe que me señalaste, y cuando ejecuto el programa, se queda trabado en “Performing Miscelaneous Checks”. Es por esta razón que no puedo continuar con los demás análisis, porquie el programa no termina. ¿Qué debería hacer?
1 me gusta
Primero de todo disculpa que haya tardado en responder @Brayand_Chacaltana. Pues últimamente voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.
De nada.
Tengo un problema con Rkill. Me bajé el iExplore.exe que me señalaste, y cuando ejecuto el programa, se queda trabado en “Performing Miscelaneous Checks”. Es por esta razón que no puedo continuar con los demás análisis, porquie el programa no termina.
OK.
Cuando suceda esto y se quede trabado. Prueba a presionar la tecla de ENTER y si no la BARRA ESPACIADORA varias veces seguidas. Primero ENTER varias veces y después BARRA ESPACIADORA varias veces. ¿Se desbloquea? ¿Funciona?
Si es sí, pues sigues con el resto.
Si es no, pues intentas seguir con el resto de programas a ver si te deja.
Salu2.
2 Me gusta
Hola @Marr0n como estas? Ahora tu discúlpame a mi, esta PC es del trabajo y se la tuvieron que llevar unos días, por ello ya no respondí tus mensajes.
He hecho todos los análisis solicitados y te dejo los reportes que me pediste:
MALWAREBYTES ANTIROOTKIT
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 11.789.19041.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4166721536, free: 1507393536
Downloaded database version: v2021.11.25.07
Downloaded database version: v2021.11.25.07
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
11/25/2021 14:55:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\IntelTA.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\vpci.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\urscx01000.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\ItSas35i.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\megasas35i.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\cht4sx64.sys
\SystemRoot\System32\drivers\iaStorAVC.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\SmartSAMD.sys
\SystemRoot\System32\drivers\nvdimm.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\pmdrvs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\drivers\bttflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\ramdisk.sys
\SystemRoot\System32\drivers\pmem.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\IntelPcc.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\system32\drivers\avgArDisk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys
\SystemRoot\system32\DRIVERS\googledrivefs3525.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\CimFS.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\System32\drivers\ndiscap.sys
\SystemRoot\system32\drivers\avgNetHub.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b04ae4c30c0d829\e1d68x64.sys
\SystemRoot\System32\drivers\Netwbw02.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\drivers\avgKbd.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\ibmpmdrv.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\msquic.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\554565E3.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2021.11.25.07
rootkit: v2021.11.25.07
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd7036a92e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd7036a91bbe0, DeviceName: Unknown, DriverName: \Driver\avgArDisk\
DevicePointer: 0xffffd7036a8378d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd7036a92f040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffd7036a92e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffd7036a640d50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd7036a710050, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 958FF0C5
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2738086151
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 646e9438-a4ea-4b3f-bf77-e97ef73f19
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2738086151
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 646e9438-a4ea-4b3f-bf77-e97ef73f19
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 43b6f830-8aaa-4a88-a139-2ff2e2bbc978
FirstLBA 2048 Last LBA 923647
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 41109329-dfaa-43ab-be58-97ebccf14ffa
FirstLBA 923648 Last LBA 1128447
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 7191c083-dbe9-476c-97c5-a32fb7dfd251
FirstLBA 1128448 Last LBA 1161215
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 2c1ebfc6-a0f2-48e3-b6f9-56c44d2d9423
FirstLBA 1161216 Last LBA 238312855
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e78112c0-7acc-491d-80fe-63fe23bbf8b
FirstLBA 238313472 Last LBA 239491071
Attributes 1
Partition Name
Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 22603118-6849-4c00-8bd4-235d7e7f60ee
FirstLBA 239493120 Last LBA 976773119
Attributes 0
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\sfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.FILEEXPLORER.COMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\HelpPane.exe" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\InputApp\TEXTINPUTHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTSHAPING.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\slc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\oobe\USEROOBEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Acx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afunix.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PktMon.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\portcfg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthMini.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALENROLLMENTMANAGER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidspi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MbbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msquic.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\PERCEPTIONSIMULATION\PERCEPTIONSIMULATIONSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SGRMBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\OpenSSH\SSH-AGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMUCSICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Vid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AarSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DISPBROKER.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.BLUETOOTH.USERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUTOTIMESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GRAPHICSPERFSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psmsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPTURESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CBDHSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vac.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONSENTUXCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.PICKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.GRAPHICS.DISPLAY.DISPLAYENHANCEMENTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LANGUAGEOVERLAYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MIXEDREALITYRUNTIME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTWORKFLOWSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MITIGATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSUDK.SHELLCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usosvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MANAGEMENT.SERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
Infected: C:\Users\b-rch\Downloads\avast_free_antivirus_setup_online.exe --> [Trojan.Dropper]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2021.11.25.07
rootkit: v2021.11.25.07
Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.789.19041.0
b-rch :: DESKTOP-C692K8O [administrator]
25/11/2021 14:55:26
mbar-log-2021-11-25 (14-55-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 182763
Time elapsed: 22 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\b-rch\Downloads\avast_free_antivirus_setup_online.exe (Trojan.Dropper) -> Delete on reboot. [15a6f21de10692a4cdaee90de31ea858]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSSKiller
16:38:49.0022 0x06bc TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
16:38:49.0037 0x06bc UEFI system
16:38:53.0381 0x06bc ============================================================
16:38:53.0381 0x06bc Current date / time: 2021/11/25 16:38:53.0381
16:38:53.0381 0x06bc SystemInfo:
16:38:53.0381 0x06bc
16:38:53.0381 0x06bc OS Version: 10.0.19042 ServicePack: 0.0
16:38:53.0381 0x06bc Product type: Workstation
16:38:53.0381 0x06bc ComputerName: DESKTOP-C692K8O
16:38:53.0381 0x06bc UserName: b-rch
16:38:53.0381 0x06bc Windows directory: C:\WINDOWS
16:38:53.0381 0x06bc System windows directory: C:\WINDOWS
16:38:53.0381 0x06bc Running under WOW64
16:38:53.0381 0x06bc Processor architecture: Intel x64
16:38:53.0381 0x06bc Number of processors: 4
16:38:53.0381 0x06bc Page size: 0x1000
16:38:53.0381 0x06bc Boot type: Safe boot with network
16:38:53.0381 0x06bc CodeIntegrityOptions = 0x00000001
16:38:53.0381 0x06bc ============================================================
16:38:53.0381 0x06bc KLMD ARK init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
16:38:53.0397 0x06bc KLMD BG init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D
16:38:53.0397 0x06bc BG loaded
16:38:53.0459 0x06bc System UUID: {8135884C-ED2C-1ADB-0309-89BD0A206689}
16:38:53.0662 0x06bc !crdlk
16:38:53.0834 0x06bc Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:38:53.0834 0x06bc ============================================================
16:38:53.0834 0x06bc \Device\Harddisk0\DR0:
16:38:53.0850 0x06bc GPT partitions:
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {43B6F830-8AAA-4A88-A139-2FF2E2BBC978}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {41109329-DFAA-43AB-BE58-97EBCCF14FFA}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {7191C083-DBE9-476C-97C5-A32FB7DFD251}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2C1EBFC6-A0F2-48E3-B6F9-56C44D2D9423}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0xE22A598
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E78112C0-7ACC-491D-80FE-63FE023BBF8B}, Name: , StartLBA 0xE346000, BlocksNum 0x11F800
16:38:53.0850 0x06bc \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {22603118-6849-4C00-8BD4-235D7E7F60EE}, Name: Basic data partition, StartLBA 0xE466000, BlocksNum 0x2BF20000
16:38:53.0850 0x06bc MBR partitions:
16:38:53.0850 0x06bc ============================================================
16:38:53.0881 0x06bc C: <-> \Device\Harddisk0\DR0\Partition4
16:38:53.0912 0x06bc D: <-> \Device\Harddisk0\DR0\Partition6
16:38:53.0912 0x06bc ============================================================
16:38:53.0912 0x06bc Initialize success
16:38:53.0912 0x06bc ============================================================
16:39:13.0364 0x0c0c ============================================================
16:39:13.0364 0x0c0c Scan started
16:39:13.0364 0x0c0c Mode: Manual; SigCheck; TDLFS;
16:39:13.0364 0x0c0c ============================================================
16:39:13.0364 0x0c0c KSN ping started
16:39:13.0879 0x0c0c KSN ping finished: true
16:39:17.0535 0x0c0c ================ Scan BIOS =================================
16:39:17.0551 0x0c0c BIOS info: vendor = LENOVO, version = GMET90WW (2.38 ), releaseDate = 04/13/2020
16:39:17.0551 0x0c0c Base board info: manufacturer = LENOVO, product = 20BFA16500, version = SDK0E50515 Std
16:39:19.0566 0x0c0c [ C56F8E6C1C59137C4F7B12BFE1D32B52, 628E4009E90678681BCE4D750F86DE0BD5E212258926D0C6D9E703F876D29E70 ] BIOS
16:39:19.0566 0x0c0c BIOS - ok
16:39:19.0566 0x0c0c ================ Scan system memory ========================
16:39:19.0582 0x0c0c System memory - ok
16:39:19.0582 0x0c0c ================ Scan services =============================
16:39:19.0738 0x0c0c 1394ohci - ok
16:39:19.0738 0x0c0c 3ware - ok
16:39:19.0754 0x0c0c AarSvc - ok
16:39:19.0801 0x0c0c ACPI - ok
16:39:19.0801 0x0c0c AcpiDev - ok
16:39:19.0801 0x0c0c acpiex - ok
16:39:19.0801 0x0c0c acpipagr - ok
16:39:19.0832 0x0c0c [ 33B5ED555018128792AFFCDC9AF7AFD2, 1E7C5FADA2486EE31289A4BEFB70AEA173190671C64995441651903CF31E5033 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
16:39:20.0113 0x0c0c AcpiPmi - ok
16:39:20.0129 0x0c0c acpitime - ok
16:39:20.0129 0x0c0c Acx01000 - ok
16:39:20.0129 0x0c0c ADP80XX - ok
16:39:20.0145 0x0c0c AFD - ok
16:39:20.0160 0x0c0c afunix - ok
16:39:20.0176 0x0c0c ahcache - ok
16:39:20.0191 0x0c0c [ 526FE18DB976D9A1AE19FBC53FA690B1, 4E2623243A9BB61F7211E591C24EDB70B07974A7FA21E3F14C683F27E975777F ] AJRouter C:\WINDOWS\System32\AJRouter.dll
16:39:20.0473 0x0c0c AJRouter - ok
16:39:20.0488 0x0c0c ALG - ok
16:39:20.0488 0x0c0c amdgpio2 - ok
16:39:20.0488 0x0c0c amdi2c - ok
16:39:20.0488 0x0c0c AmdK8 - ok
16:39:20.0504 0x0c0c AmdPPM - ok
16:39:20.0504 0x0c0c amdsata - ok
16:39:20.0504 0x0c0c amdsbs - ok
16:39:20.0504 0x0c0c amdxata - ok
16:39:20.0504 0x0c0c AppID - ok
16:39:20.0520 0x0c0c AppIDSvc - ok
16:39:20.0535 0x0c0c Appinfo - ok
16:39:20.0566 0x0c0c [ 4E59668442D1A2479E17F2FB5F819A7B, 0A0F185C9A713B8B3A5E0DA62E489A4D4F6204A13074AD4B56207972A1A783C7 ] AppleKmdfFilter C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys
16:39:20.0598 0x0c0c AppleKmdfFilter - ok
16:39:20.0629 0x0c0c [ 0122ECE34AEEC95212A211C016270937, 09272421CEC30D9F732F734161D9FB3968E5A83BAC1F02F0B9D9B927C878D08A ] AppleLowerFilter C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
16:39:20.0645 0x0c0c AppleLowerFilter - ok
16:39:20.0645 0x0c0c applockerfltr - ok
16:39:20.0660 0x0c0c AppReadiness - ok
16:39:20.0676 0x0c0c AppXSvc - ok
16:39:20.0676 0x0c0c arcsas - ok
16:39:20.0676 0x0c0c AsyncMac - ok
16:39:20.0676 0x0c0c atapi - ok
16:39:20.0691 0x0c0c AudioEndpointBuilder - ok
16:39:20.0691 0x0c0c Audiosrv - ok
16:39:20.0707 0x0c0c autotimesvc - ok
16:39:20.0801 0x0c0c [ DCCD42C793D425157E8C9149D1B0D116, 20D5A32EDF487CB30DE61242BAE32D11844D1C00E2087A24A1882A1C735F3B13 ] AVG Antivirus C:\Program Files\AVG\Antivirus\AVGSvc.exe
16:39:20.0848 0x0c0c AVG Antivirus - ok
16:39:20.0894 0x0c0c [ F032D38C22F9810DE42E3892E841618C, 113B316FC478AF8DDB4876B70F65BFBE4123C38CC93DBA8C2EA6B95A587B6977 ] AVG Tools C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
16:39:20.0910 0x0c0c AVG Tools - ok
16:39:20.0926 0x0c0c [ 19C3332134E4D0C0A2422244BB3736C9, 830DEA61BC77CFCC67C1D0D64C69FBBD0EC5741A499524A6796B92A952879562 ] avgArDisk C:\WINDOWS\system32\drivers\avgArDisk.sys
16:39:20.0973 0x0c0c avgArDisk - ok
16:39:20.0988 0x0c0c [ C8E2C699D46CA12F469BAC64B940473E, 56A8F6E752D7520D6C88BFF62A7F2049509D96F38A3B1EB9FC996AC29A4237CE ] avgArPot C:\WINDOWS\system32\drivers\avgArPot.sys
16:39:21.0004 0x0c0c avgArPot - ok
16:39:21.0207 0x0c0c [ 41302B2A31FA84A12D35064AB0493DAE, 459BB1EC07D886E6C72008DB402C7333FA0E00E64EB59DA626BC2F9601A4B81F ] avgbIDSAgent C:\Program Files\AVG\Antivirus\aswidsagent.exe
16:39:21.0488 0x0c0c avgbIDSAgent - ok
16:39:21.0519 0x0c0c [ A47EB30EED81FC62A47D76E96842BD5C, EBB23F7CD7A2E0654A3A2E42F69F83B442AD0EDE5D3EA454BEF84FEB50C1889B ] avgbidsdriver C:\WINDOWS\system32\drivers\avgbidsdriver.sys
16:39:21.0535 0x0c0c avgbidsdriver - ok
16:39:21.0566 0x0c0c [ D6B4E3BBFFC5B23D6C936ACAC37A496E, 3CA966EA5B65A6AE6FEC36CCEDC5C105F5E243E857C646E3836D068E7645B843 ] avgbidsh C:\WINDOWS\system32\drivers\avgbidsh.sys
16:39:21.0582 0x0c0c avgbidsh - ok
16:39:21.0613 0x0c0c [ 1C825D72AAEC8660C48EAEF06ED992AB, 4E923CDAC4AF7A1DD220DBD51437A062252EF3802E720A5ECDD3B1B218462D04 ] avgbuniv C:\WINDOWS\system32\drivers\avgbuniv.sys
16:39:21.0613 0x0c0c avgbuniv - ok
16:39:21.0629 0x0c0c [ 6F8ECE4248AB344EB018B7DDCAEEACE3, 871191CF999816108047749E67A35225E2BD271C4B482C7F6E412DDA41C0C458 ] avgElam C:\WINDOWS\system32\drivers\avgElam.sys
16:39:21.0644 0x0c0c avgElam - ok
16:39:21.0644 0x0c0c [ CFE5BCDDECBD0DF75DDBB2C82DC970A1, F7C868B77BA218C07DA69A8B548AE8D27C8F19A4F766268F96E0AAE0D7C6E59A ] avgKbd C:\WINDOWS\system32\drivers\avgKbd.sys
16:39:21.0644 0x0c0c avgKbd - ok
16:39:21.0660 0x0c0c [ 32B098162051084A895C4AD5136235C9, A879E64DF5B5DDF9BE0A36265348237187938558732FF786FBA963DEC7DFA52F ] avgMonFlt C:\WINDOWS\system32\drivers\avgMonFlt.sys
16:39:21.0676 0x0c0c avgMonFlt - ok
16:39:21.0707 0x0c0c [ FEF2D46423477D16E57BDE23E709F37E, 169D8441A5D83CD882789C92213BD5D957BA04B6037C2C2018E637EC8A350AD3 ] avgNetHub C:\WINDOWS\system32\drivers\avgNetHub.sys
16:39:21.0723 0x0c0c avgNetHub - ok
16:39:21.0738 0x0c0c [ 89CD5C7A0400C8E94D43482CF539992D, E30D93DD4DB8980D2A5C795341EE7B135DC57316831599A46AD1F63050D0F9CA ] avgRdr C:\WINDOWS\system32\drivers\avgRdr2.sys
16:39:21.0754 0x0c0c avgRdr - ok
16:39:21.0754 0x0c0c [ A7F7429924935867C87C42B7379AFEBA, A308682ED155B31DBDB853737ACA6CB30A9401EF06D82FAB683F19873F9BFEFB ] avgRvrt C:\WINDOWS\system32\drivers\avgRvrt.sys
16:39:21.0769 0x0c0c avgRvrt - ok
16:39:21.0816 0x0c0c [ 519780793872BC6E1B6BC3F8CA78456D, 6DC8B9C260C06F52956156E41E4246646BCF4E983DEBAD0DBAD05C9B2B10CB88 ] avgSnx C:\WINDOWS\system32\drivers\avgSnx.sys
16:39:21.0832 0x0c0c avgSnx - ok
16:39:21.0863 0x0c0c [ 50A81BFA62EC9F3A6680F1BFA9624D7D, 3154941EF863D8BFD92D96FB7FDE0CFE3EC2BC5199F330BBA3D1ED8EAD26D408 ] avgSP C:\WINDOWS\system32\drivers\avgSP.sys
16:39:21.0879 0x0c0c avgSP - ok
16:39:21.0910 0x0c0c [ EDD21DFEA079A79ED17A8E2938D0A442, 04AC009C31AB46BD54C8A37BAD72FFD211AAC0DA27CC573C588E7B0BBE489690 ] avgStm C:\WINDOWS\system32\drivers\avgStm.sys
16:39:21.0926 0x0c0c avgStm - ok
16:39:21.0957 0x0c0c [ 819AE5D0B5B1680623127A81726C57B0, C9DB31D51038CA0B8DBD25BECC512B42DBFE105BE559B61EFBAB1EA250FBC335 ] avgVmm C:\WINDOWS\system32\drivers\avgVmm.sys
16:39:21.0973 0x0c0c avgVmm - ok
16:39:21.0988 0x0c0c [ 75CA8458D560E6F26A7EE0475E650458, CF9C722DE59B6A7EBBA99620E45693F6F9AFFA8BE26A361FB5D6662E539DAC3A ] AvgWscReporter C:\Program Files\AVG\Antivirus\wsc_proxy.exe
16:39:22.0019 0x0c0c AvgWscReporter - ok
16:39:22.0051 0x0c0c AxInstSV - ok
16:39:22.0051 0x0c0c b06bdrv - ok
16:39:22.0082 0x0c0c [ 26E2320D24C66EB72B36EB71EBEF2558, 7D06B6499FE915480DF4DAD658281C8B85F7AD71F49B089A270AE0B45713F2E9 ] bam C:\WINDOWS\system32\drivers\bam.sys
16:39:22.0098 0x0c0c bam - ok
16:39:22.0144 0x0c0c BasicDisplay - ok
16:39:22.0160 0x0c0c BasicRender - ok
16:39:22.0176 0x0c0c BcastDVRUserService - ok
16:39:22.0191 0x0c0c [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
16:39:22.0269 0x0c0c bcmfn2 - ok
16:39:22.0301 0x0c0c [ F0C0C875DEEAEDF63305C1FBA6F602A9, 987832A12933B09E2C7EDD527C1986AC03C4E6A9AEF590687FF945E1F47F8357 ] bcmsmbsp C:\WINDOWS\System32\drivers\bcmsmbsp.sys
16:39:22.0316 0x0c0c bcmsmbsp - ok
16:39:22.0332 0x0c0c BDESVC - ok
16:39:22.0363 0x0c0c [ 4280B427B81EB8C265F3206E2298761E, 121AF03BBE6ECC1622C2540805A30AE9555EB5D5FE25B55939C045ECE7FC37EB ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:39:22.0426 0x0c0c Beep - ok
16:39:22.0457 0x0c0c BFE - ok
16:39:22.0473 0x0c0c bindflt - ok
16:39:22.0488 0x0c0c BITS - ok
16:39:22.0488 0x0c0c BluetoothUserService - ok
16:39:22.0519 0x0c0c bowser - ok
16:39:22.0535 0x0c0c BrokerInfrastructure - ok
16:39:22.0551 0x0c0c BTAGService - ok
16:39:22.0566 0x0c0c [ 7F09708B8C651A0C0E2A2725136BA254, 0442A18BBED4E323265C66561C8F8C171D8E934E9089C12B94D1DFDBB057B737 ] BthA2dp C:\WINDOWS\System32\drivers\BthA2dp.sys
16:39:22.0613 0x0c0c BthA2dp - detected UnsignedFile.Multi.Generic ( 1 )
16:39:23.0176 0x0c0c Detect skipped due to KSN trusted
16:39:23.0176 0x0c0c BthA2dp - ok
16:39:23.0176 0x0c0c BthAvctpSvc - ok
16:39:23.0191 0x0c0c BthEnum - ok
16:39:23.0207 0x0c0c [ 7AE44E94C6B1DF488AA309824DEAD643, 91C72C54142A0D4E5A5F33268850CEB8315AA30C2F0B74A9FFA962887ABAC797 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
16:39:23.0254 0x0c0c BthHFEnum - detected UnsignedFile.Multi.Generic ( 1 )
16:39:23.0707 0x0c0c Detect skipped due to KSN trusted
16:39:23.0707 0x0c0c BthHFEnum - ok
16:39:23.0707 0x0c0c BthLEEnum - ok
16:39:23.0707 0x0c0c BthMini - ok
16:39:23.0738 0x0c0c [ 11D609CC74F0EB1DF6C0171331CDE9A1, 9412DC92F16C0B8A937D6FB1AD83D7169F4EC0F08FAE0E2B244346428CE99EE1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
16:39:23.0769 0x0c0c BTHMODEM - ok
16:39:23.0769 0x0c0c BTHPORT - ok
16:39:23.0801 0x0c0c [ D293AC628357F2F75B8579087F732970, 1E536D8863D695944214D55E9B0B4BFE04F705DB7ECA18A0CF8B37AAF4893B1E ] bthserv C:\WINDOWS\system32\bthserv.dll
16:39:24.0300 0x0c0c bthserv - ok
16:39:24.0300 0x0c0c BTHUSB - ok
16:39:24.0300 0x0c0c bttflt - ok
16:39:24.0316 0x0c0c buttonconverter - ok
16:39:24.0332 0x0c0c [ E7690568D2A5FA3D4E6D28B42358A122, CDBD820B6D383EC0A8151EA4300435C2BAD085EC55DB185C5E16CAF961443888 ] CAD C:\WINDOWS\System32\drivers\CAD.sys
16:39:24.0347 0x0c0c CAD - ok
16:39:24.0347 0x0c0c camsvc - ok
16:39:24.0347 0x0c0c CaptureService - ok
16:39:24.0379 0x0c0c cbdhsvc - ok
16:39:24.0394 0x0c0c cdfs - ok
16:39:24.0394 0x0c0c CDPSvc - ok
16:39:24.0394 0x0c0c CDPUserSvc - ok
16:39:24.0410 0x0c0c cdrom - ok
16:39:24.0425 0x0c0c CertPropSvc - ok
16:39:24.0425 0x0c0c cht4iscsi - ok
16:39:24.0425 0x0c0c cht4vbd - ok
16:39:24.0425 0x0c0c CimFS - ok
16:39:24.0457 0x0c0c [ 115CC1E142CE29C9006D59943108DF47, 564FA08C5BEC6DAF1A83C80C9139A6E1AA7E05D251DB3BA379B57C9FDAE83E1B ] circlass C:\WINDOWS\System32\drivers\circlass.sys
16:39:24.0488 0x0c0c circlass - ok
16:39:24.0504 0x0c0c CldFlt - ok
16:39:24.0504 0x0c0c CLFS - ok
16:39:24.0504 0x0c0c ClipSVC - ok
16:39:24.0504 0x0c0c CmBatt - ok
16:39:24.0519 0x0c0c CNG - ok
16:39:24.0535 0x0c0c [ A46B4D1484227900F7615FE2A569D828, A06B8002E7A708890222C777DDF8B67FED7015C0943C1FC4F9036E9F9DC14494 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
16:39:24.0566 0x0c0c cnghwassist - ok
16:39:24.0582 0x0c0c [ 99392FDADF3CE5EB47403E5A52866E6F, 63CEF51971EB85D9823CE9A95F1ED9907D20525ED8E32230068CC36E9082A8C3 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
16:39:24.0613 0x0c0c CompositeBus - ok
16:39:24.0613 0x0c0c COMSysApp - ok
16:39:24.0613 0x0c0c condrv - ok
16:39:24.0613 0x0c0c ConsentUxUserSvc - ok
16:39:24.0660 0x0c0c CoreMessagingRegistrar - ok
16:39:24.0722 0x0c0c [ 008D3431DFA9F1EC2261BC4C0DFA61C3, AC59496A7CEE596A308DF42643B02A95CE7ABA8952AC887CB0029108A93698C7 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
16:39:25.0691 0x0c0c cphs - ok
16:39:25.0738 0x0c0c CredentialEnrollmentManagerUserSvc - ok
16:39:25.0738 0x0c0c CredentialEnrollmentManagerUserSvc_38c22 - ok
16:39:25.0754 0x0c0c CryptSvc - ok
16:39:25.0785 0x0c0c dam - ok
16:39:25.0785 0x0c0c DcomLaunch - ok
16:39:25.0800 0x0c0c defragsvc - ok
16:39:25.0847 0x0c0c DeviceAssociationBrokerSvc - ok
16:39:25.0894 0x0c0c DeviceAssociationService - ok
16:39:25.0910 0x0c0c DeviceInstall - ok
16:39:25.0910 0x0c0c DevicePickerUserSvc - ok
16:39:25.0925 0x0c0c DevicesFlowUserSvc - ok
16:39:25.0957 0x0c0c [ F8BE99B9EA9B110F7CB3F46BA844C1FF, EABF953864C0AE4FB6426C0B7E92DD81EE4A8852081F9D2EA02B61D4C8DB6188 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
16:39:26.0582 0x0c0c DevQueryBroker - ok
16:39:26.0582 0x0c0c Dfsc - ok
16:39:26.0582 0x0c0c Dhcp - ok
16:39:26.0628 0x0c0c diagnosticshub.standardcollector.service - ok
16:39:26.0628 0x0c0c diagsvc - ok
16:39:26.0628 0x0c0c DiagTrack - ok
16:39:26.0644 0x0c0c disk - ok
16:39:26.0644 0x0c0c DispBrokerDesktopSvc - ok
16:39:26.0660 0x0c0c DisplayEnhancementService - ok
16:39:26.0660 0x0c0c DmEnrollmentSvc - ok
16:39:26.0675 0x0c0c dmvsc - ok
16:39:26.0691 0x0c0c [ 2E8A026D6680C301ADF6D4B301A4CE8B, 2FDB34E2A61457308B0FEC938A2D6351F63D02BB67DC87FE4F2534E0048C8E89 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
16:39:26.0894 0x0c0c dmwappushservice - ok
16:39:26.0910 0x0c0c Dnscache - ok
16:39:26.0925 0x0c0c dot3svc - ok
16:39:26.0957 0x0c0c [ 9E65C33CB7FB50453F7F4407070EAF53, A8707BD19D584DAECA39990A2E791194140AFCA4FCE31F23CC7E931DF8C17361 ] DPS C:\WINDOWS\system32\dps.dll
16:39:27.0082 0x0c0c DPS - ok
16:39:27.0082 0x0c0c drmkaud - ok
16:39:27.0082 0x0c0c DsmSvc - ok
16:39:27.0097 0x0c0c DsSvc - ok
16:39:27.0128 0x0c0c [ 81DF23EC4009D307479D5C169539CD67, 65AEE1E876CBE801A763F14930D15CF2E6A10697620B5903AA04BA30585A5676 ] DusmSvc C:\WINDOWS\System32\dusmsvc.dll
16:39:27.0285 0x0c0c DusmSvc - ok
16:39:27.0300 0x0c0c DXGKrnl - ok
16:39:27.0363 0x0c0c [ FD6A6E753077D76C0FBF403518B3BD42, 2D7D15B6AA611F2A027143AD54E215CC54863B3B41BA312BBE13DF7CB4E4215A ] e1dexpress C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_9b04ae4c30c0d829\e1d68x64.sys
16:39:27.0378 0x0c0c e1dexpress - ok
16:39:27.0394 0x0c0c Eaphost - ok
16:39:27.0394 0x0c0c ebdrv - ok
16:39:27.0472 0x0c0c [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdate C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
16:39:27.0488 0x0c0c edgeupdate - ok
16:39:27.0503 0x0c0c [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdatem C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
16:39:27.0519 0x0c0c edgeupdatem - ok
16:39:27.0535 0x0c0c EFS - ok
16:39:27.0550 0x0c0c EhStorClass - ok
16:39:27.0566 0x0c0c EhStorTcgDrv - ok
16:39:27.0582 0x0c0c embeddedmode - ok
16:39:27.0597 0x0c0c EntAppSvc - ok
16:39:27.0613 0x0c0c [ 0350337887263A518AA03EDB5BA96A04, BF8254C1BCEAD68D8561635330A279C4DBA59F24E96C4A4AA1F3EDCF6403EB76 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
16:39:27.0769 0x0c0c EpsonScanSvc - ok
16:39:27.0769 0x0c0c ErrDev - ok
16:39:27.0769 0x0c0c EventLog - ok
16:39:27.0769 0x0c0c EventSystem - ok
16:39:27.0831 0x0c0c [ 21A1A2A5BCDECCDFEC7116D2E5261977, D3982019036DFC256336BF73917F1E138A8D50AC5B38382C571213FA30D32EC4 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:39:27.0847 0x0c0c EvtEng - ok
16:39:27.0878 0x0c0c [ 0BF32186C3EC11315C33CC29EA8DD86C, 82B43762A5BC9C0AB7B5D1F96DC47B34700924B598070A7CCB30C92EB5EE1599 ] ew_usbccgpfilter C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys
16:39:27.0988 0x0c0c ew_usbccgpfilter - ok
16:39:27.0988 0x0c0c exfat - ok
16:39:27.0988 0x0c0c fastfat - ok
16:39:28.0019 0x0c0c Fax - ok
16:39:28.0019 0x0c0c fdc - ok
16:39:28.0035 0x0c0c [ 0439B82F6034ADA3E71C0C9F169082BD, 0918728669077235B2F2DB7EE22CE819FA570D8A7A497BA5F11E76774EA75099 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
16:39:28.0160 0x0c0c fdPHost - ok
16:39:28.0191 0x0c0c [ AD64C91B3CC71226785DCE688842E5AB, 056E1091468D268E7970045AB329EB3DFF48BB6B22448046A14C309678847B6E ] FDResPub C:\WINDOWS\system32\fdrespub.dll
16:39:28.0238 0x0c0c FDResPub - ok
16:39:28.0253 0x0c0c fhsvc - ok
16:39:28.0285 0x0c0c [ 8E59D944EE4EFAED65A341A71297C4CD, CFFFD7007AB7FB04ECB44D0079BFE8EEB53AECC988135199C388AF425EBCF2AD ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
16:39:28.0347 0x0c0c FileCrypt - ok
16:39:28.0347 0x0c0c FileInfo - ok
16:39:28.0363 0x0c0c Filetrace - ok
16:39:28.0378 0x0c0c flpydisk - ok
16:39:28.0378 0x0c0c FltMgr - ok
16:39:28.0410 0x0c0c FontCache - ok
16:39:28.0425 0x0c0c FrameServer - ok
16:39:28.0441 0x0c0c FsDepends - ok
16:39:28.0441 0x0c0c Fs_Rec - ok
16:39:28.0456 0x0c0c fvevol - ok
16:39:28.0472 0x0c0c [ A1E06E4E8CB863C74DE428D4D6681185, DA46502C009FD4C847A547610DEE2684A5A583467BF76009BD46104AAE2F6B1B ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
16:39:28.0816 0x0c0c gencounter - ok
16:39:28.0863 0x0c0c genericusbfn - ok
16:39:28.0910 0x0c0c [ 058716AC41A50E66810C8663D22839B3, 9E77D6F2F5904100464B7C8DD3C6D5A4A743793D0C83EAF5E7F9E88F0A914659 ] googledrivefs3525 C:\WINDOWS\system32\DRIVERS\googledrivefs3525.sys
16:39:28.0925 0x0c0c googledrivefs3525 - ok
16:39:28.0941 0x0c0c GPIOClx0101 - ok
16:39:28.0941 0x0c0c gpsvc - ok
16:39:28.0972 0x0c0c [ 8C06046B6A8C1ACDAEA15682058FDFB4, 3E0CC301249B7D8D5BEB932F4DFD1EAB8037679EC153772F63B430713903B0AC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
16:39:29.0081 0x0c0c GpuEnergyDrv - ok
16:39:29.0081 0x0c0c GraphicsPerfSvc - ok
16:39:29.0128 0x0c0c [ 59EA38ACBCA05610BFEE326DA3F2D96B, CB7F48F36C649BDB12FD09D8FCB60D99EFBFF44729515FA3CC77F4CDB18D99B7 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:29.0144 0x0c0c gupdate - ok
16:39:29.0144 0x0c0c [ 59EA38ACBCA05610BFEE326DA3F2D96B, CB7F48F36C649BDB12FD09D8FCB60D99EFBFF44729515FA3CC77F4CDB18D99B7 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:29.0144 0x0c0c gupdatem - ok
16:39:29.0159 0x0c0c HdAudAddService - ok
16:39:29.0159 0x0c0c HDAudBus - ok
16:39:29.0175 0x0c0c HidBatt - ok
16:39:29.0175 0x0c0c HidBth - ok
16:39:29.0175 0x0c0c hidi2c - ok
16:39:29.0175 0x0c0c hidinterrupt - ok
16:39:29.0191 0x0c0c [ 6B46E3061EC0523CB46ED28060FCD946, 6089305AF73CC584963865482448CD5CA4252EC9BD3E72AF16D45E4F95C3EBF2 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
16:39:29.0222 0x0c0c HidIr - ok
16:39:29.0238 0x0c0c hidserv - ok
16:39:29.0238 0x0c0c hidspi - ok
16:39:29.0238 0x0c0c HidUsb - ok
16:39:29.0238 0x0c0c HpSAMD - ok
16:39:29.0253 0x0c0c HTTP - ok
16:39:29.0285 0x0c0c [ 849A66D34BC2DAD0044FAC2FEE1AF956, A5F6858AA556D9180C303EA3ED02EB6D6D8EB55A100B3918654281A01198D8E8 ] hvcrash C:\WINDOWS\System32\drivers\hvcrash.sys
16:39:29.0285 0x0c0c hvcrash - ok
16:39:29.0316 0x0c0c [ 855F55BB462B7D8B6BC31A94A592DF3D, 776C772E69CF9D81D8511201813DD79F2106DC7D2547B4FA700432AE9B73C202 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
16:39:29.0800 0x0c0c HvHost - ok
16:39:29.0831 0x0c0c hvservice - ok
16:39:29.0847 0x0c0c [ 8CF9D085951CF0D6DE2AC4105E440DE0, 300198709982026EF999CE5B341EC2BDB23351D8B4BD03C0190EE21F953CBF85 ] HWHandSet C:\WINDOWS\System32\drivers\hw_quusbmdm.sys
16:39:29.0925 0x0c0c HWHandSet - ok
16:39:29.0956 0x0c0c [ 5DC7DFED5FEDD923B874B51D0C6752BB, 69714A8B74EB02282572B34E156051FFC10693B816905CE18A8C6C8CCB95B846 ] HwNClx0101 C:\WINDOWS\system32\Drivers\mshwnclx.sys
16:39:29.0972 0x0c0c HwNClx0101 - ok
16:39:29.0988 0x0c0c hwpolicy - ok
16:39:30.0019 0x0c0c [ C6FCF40CFF3B8380723BD61158AF111E, 5758A0814CA8AA1E7447E1CBDF94352266EDEEE547AB896FCFF97727D8ECDE53 ] hwusb_cdcacm C:\WINDOWS\System32\drivers\hw_cdcacm.sys
16:39:30.0066 0x0c0c hwusb_cdcacm - ok
16:39:30.0081 0x0c0c [ 7920776AB1C59BD6EC70424952CC5FD4, FF4CFCE77613703BA1F5C58AF366CF96E982F6CB5DBCDA30173F957FD1117A74 ] hw_usbdev C:\WINDOWS\System32\drivers\hw_usbdev.sys
16:39:30.0159 0x0c0c hw_usbdev - ok
16:39:30.0206 0x0c0c hyperkbd - ok
16:39:30.0206 0x0c0c HyperVideo - ok
16:39:30.0222 0x0c0c i8042prt - ok
16:39:30.0222 0x0c0c iagpio - ok
16:39:30.0222 0x0c0c iai2c - ok
16:39:30.0222 0x0c0c iaLPSS2i_GPIO2 - ok
16:39:30.0238 0x0c0c iaLPSS2i_GPIO2_BXT_P - ok
16:39:30.0238 0x0c0c iaLPSS2i_GPIO2_CNL - ok
16:39:30.0238 0x0c0c iaLPSS2i_GPIO2_GLK - ok
16:39:30.0253 0x0c0c iaLPSS2i_I2C - ok
16:39:30.0253 0x0c0c iaLPSS2i_I2C_BXT_P - ok
16:39:30.0253 0x0c0c iaLPSS2i_I2C_CNL - ok
16:39:30.0253 0x0c0c iaLPSS2i_I2C_GLK - ok
16:39:30.0269 0x0c0c iaLPSSi_GPIO - ok
16:39:30.0269 0x0c0c iaLPSSi_I2C - ok
16:39:30.0300 0x0c0c [ 350735A5E5B1EB6C733F8D3E01545E3D, 160541B3DB37EF1BC8BCDDAD95FEEDF973DF5D4DC89E5434412C70A43B1D8CE5 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
16:39:30.0363 0x0c0c iaStorA - ok
16:39:30.0363 0x0c0c iaStorAVC - ok
16:39:30.0378 0x0c0c iaStorV - ok
16:39:30.0378 0x0c0c ibbus - ok
16:39:30.0409 0x0c0c [ 4D4E1E92DDCEAD9C26118FFF05677963, DE3C7DB1DC389F04DFA2F02FA8B45E7CFBBDC8EB806E00677848FBA852B1345E ] IBMPMDRV C:\WINDOWS\System32\drivers\ibmpmdrv.sys
16:39:30.0409 0x0c0c IBMPMDRV - ok
16:39:30.0441 0x0c0c [ 8F989C4C0ECD823BCD07FB3D6D04DFC6, 9ED67B9CFCA4D67A2DFAB9890A784C8F3F51EEC32F02FB7327DA77FB64A2DD27 ] IBMPMSVC C:\WINDOWS\System32\ibmpmsvc.exe
16:39:30.0488 0x0c0c IBMPMSVC - ok
16:39:30.0488 0x0c0c ibtsiva - ok
16:39:30.0503 0x0c0c [ 3501750E1D543A5C6A32D1ED5BBAA125, 95D351DEB154BC4B5A4F4D477D945845218736E35C776264BA549471E37D3CF4 ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
16:39:30.0519 0x0c0c ibtusb - ok
16:39:30.0519 0x0c0c icssvc - ok
16:39:30.0722 0x0c0c [ 0B45D9A500A7082278C1F1CB047FBFA9, 697F4163182560C043F5CDFE60C51A8E87D26328AAA474A1F255DEE1BB547D6E ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
16:39:30.0956 0x0c0c igfx - ok
16:39:30.0988 0x0c0c [ 858E6773FF3D746A60A6961333F6837F, 2D584AA2187ACE747BE67FDBFF5F822B3C5195490D7DE3D5C0F0AF93CC1655D5 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
16:39:31.0066 0x0c0c igfxCUIService2.0.0.0 - ok
16:39:31.0066 0x0c0c IKEEXT - ok
16:39:31.0128 0x0c0c [ 9ABD06B3279C3E3D2AE5E59113A3B9FF, CC06E04E5B50E9C27E772D9DE06E4FFEA38AA7B90BADC61491EAF20A91BE3692 ] ImControllerService C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
16:39:31.0144 0x0c0c ImControllerService - ok
16:39:31.0159 0x0c0c IndirectKmd - ok
16:39:31.0175 0x0c0c InstallService - ok
16:39:31.0347 0x0c0c [ 28EC95475FBD1B7D3023E7A408840917, 2460B6D0D74035A2CE049F1D1902B519097F99D3D1CDFC7E2C210B2BC41E2ACA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
16:39:31.0566 0x0c0c IntcAzAudAddService - ok
16:39:31.0581 0x0c0c [ EAE20DB9DC1366B9A1C558C58229AD65, 966D79304A766DD38EAB1B7B71DDE0ECB23323C07F29C8CBB21EA94654F75DF1 ] IntcDAud C:\WINDOWS\System32\drivers\IntcDAud.sys
16:39:31.0597 0x0c0c IntcDAud - ok
16:39:31.0612 0x0c0c [ 2159516F6832CE0ABF237DF5B018EE2E, E7022D7F985BB0460CDBD7CF68538E64BCD349CEEE021AEAD6804095BF0E9B12 ] IntelHSWPcc C:\WINDOWS\system32\drivers\IntelPcc.sys
16:39:31.0612 0x0c0c IntelHSWPcc - ok
16:39:31.0644 0x0c0c intelide - ok
16:39:31.0644 0x0c0c intelpep - ok
16:39:31.0675 0x0c0c [ AECBF5BE2F9A2A50B978E0BF31041A81, A62F436C66DEFEB438A7891857DFB830995714A7E4FE4BDCA6B4EB1606BD2101 ] intelpmax C:\WINDOWS\System32\drivers\intelpmax.sys
16:39:31.0706 0x0c0c intelpmax - ok
16:39:31.0737 0x0c0c intelppm - ok
16:39:31.0737 0x0c0c iorate - ok
16:39:31.0753 0x0c0c IpFilterDriver - ok
16:39:31.0753 0x0c0c iphlpsvc - ok
16:39:31.0753 0x0c0c IPMIDRV - ok
16:39:31.0784 0x0c0c [ F63572DF4295C78B3F7036AEDA878176, B71EB3CC4EC95BC9A3FA217736C6C36C756935714D7E16E34C05D913B829CB9C ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
16:39:31.0816 0x0c0c IPNAT - ok
16:39:31.0831 0x0c0c [ B5B6D1F86E40E785D6650DB923DB6BEA, 7A2D92A2274E0379B5FA6351D18E2F0DD55960BB783EA3528FE9E303E1A4256D ] IPT C:\WINDOWS\System32\drivers\ipt.sys
16:39:31.0847 0x0c0c IPT - ok
16:39:31.0862 0x0c0c [ 77494E26B28465D2A09B9455F8A3B34E, B778D4BC71A5F5CF687175CA53AC342E4740156D4B96E6E96D918BD46C2C1459 ] IpxlatCfgSvc C:\WINDOWS\System32\IpxlatCfg.dll
16:39:31.0987 0x0c0c IpxlatCfgSvc - ok
16:39:32.0019 0x0c0c isapnp - ok
16:39:32.0034 0x0c0c iScsiPrt - ok
16:39:32.0050 0x0c0c ItSas35i - ok
16:39:32.0050 0x0c0c kbdclass - ok
16:39:32.0050 0x0c0c kbdhid - ok
16:39:32.0050 0x0c0c kdnic - ok
16:39:32.0050 0x0c0c KeyIso - ok
16:39:32.0066 0x0c0c KSecDD - ok
16:39:32.0081 0x0c0c KSecPkg - ok
16:39:32.0081 0x0c0c ksthunk - ok
16:39:32.0112 0x0c0c [ DAE67BD7EC6ED569438F5CA38BFBB458, 672CA98525D6DD799A01A3BC3A62AB7B4544D62ECEB3615FAC05BFB97B389D23 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
16:39:32.0800 0x0c0c KtmRm - ok
16:39:32.0862 0x0c0c LanmanServer - ok
16:39:32.0862 0x0c0c LanmanWorkstation - ok
16:39:32.0925 0x0c0c [ 62B77D1B92300F69A86E055F13600180, 45E3DDFF88DC581AD4D83888474BEBBDC28F97583675D24E077DFEFF7CCE7D87 ] LenovoVantageService C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
16:39:32.0956 0x0c0c LenovoVantageService - ok
16:39:32.0972 0x0c0c [ A997488F4EDAAD59C748CF9FB1D9DAC0, A0B145041F984DD4E0A6F8D0E9C8363DA6F2DA7460E140F028C320CEAC03759C ] lfsvc C:\WINDOWS\System32\lfsvc.dll
16:39:33.0097 0x0c0c lfsvc - ok
16:39:33.0097 0x0c0c LicenseManager - ok
16:39:33.0159 0x0c0c [ 78779BD92081CB27967E77561683AFBE, 05EC91E194336D1BB1EE323E70FAC54F6DC0CEF53FD4925F394399531A37A0DD ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
16:39:33.0222 0x0c0c lltdio - ok
16:39:33.0222 0x0c0c lltdsvc - ok
16:39:33.0222 0x0c0c lmhosts - ok
16:39:33.0284 0x0c0c [ 0FFC5F9BEF218AE75BEC171992153142, 19DAC047975809EC2580299E2BEB1017545D275BBD33E4314130FAD7BD97FA05 ] LPlatSvc C:\WINDOWS\System32\LPlatSvc.exe
16:39:33.0315 0x0c0c LPlatSvc - ok
16:39:33.0347 0x0c0c LSI_SAS - ok
16:39:33.0347 0x0c0c LSI_SAS2i - ok
16:39:33.0362 0x0c0c LSI_SAS3i - ok
16:39:33.0362 0x0c0c LSI_SSS - ok
16:39:33.0378 0x0c0c LSM - ok
16:39:33.0378 0x0c0c luafv - ok
16:39:33.0394 0x0c0c LxpSvc - ok
16:39:33.0409 0x0c0c [ AE03D8F1B7863268EAED2FE0105ED75F, F5172A1A3E24FC5271FCB0118861EA0EC33AA8ABB01AE9CAD50E2F032B92486C ] MapsBroker C:\WINDOWS\System32\moshost.dll
16:39:33.0456 0x0c0c MapsBroker - ok
16:39:33.0456 0x0c0c mausbhost - ok
16:39:33.0456 0x0c0c mausbip - ok
16:39:33.0487 0x0c0c MbbCx - ok
16:39:33.0487 0x0c0c megasas - ok
16:39:33.0487 0x0c0c megasas2i - ok
16:39:33.0487 0x0c0c megasas35i - ok
16:39:33.0503 0x0c0c megasr - ok
16:39:33.0534 0x0c0c [ F1E754DEEB3369BCCE2228D5C10DE101, ECC894FCF4C3F2364883BA55242C432E9E416D93E71B67985DF24ECB39F9BAC4 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
16:39:33.0550 0x0c0c MEIx64 - ok
16:39:33.0565 0x0c0c MessagingService - ok
16:39:33.0612 0x0c0c Microsoft SharePoint Workspace Audit Service - ok
16:39:33.0690 0x0c0c MicrosoftEdgeElevationService - ok
16:39:33.0722 0x0c0c [ B74FFC6301B3312A9F59E04E487BC72A, 76F71824E80D10EB71BEDE5EE3A64CAD7CAC3DDFBB6670D1537E6B75FF0217E9 ] Microsoft_Bluetooth_AvrcpTransport C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
16:39:33.0753 0x0c0c Microsoft_Bluetooth_AvrcpTransport - ok
16:39:33.0769 0x0c0c MixedRealityOpenXRSvc - ok
16:39:33.0769 0x0c0c mlx4_bus - ok
16:39:33.0769 0x0c0c MMCSS - ok
16:39:33.0784 0x0c0c Modem - ok
16:39:33.0800 0x0c0c monitor - ok
16:39:33.0800 0x0c0c mouclass - ok
16:39:33.0800 0x0c0c mouhid - ok
16:39:33.0800 0x0c0c mountmgr - ok
16:39:33.0800 0x0c0c mpsdrv - ok
16:39:33.0815 0x0c0c mpssvc - ok
16:39:33.0831 0x0c0c MRxDAV - ok
16:39:33.0847 0x0c0c mrxsmb - ok
16:39:33.0847 0x0c0c mrxsmb20 - ok
16:39:33.0878 0x0c0c [ E587396A4C8151ABBF13A96C4465DE31, A3AA5D51E34657479CFCDC3DBB7821B7255F7CB57D5686B7F709A7953AD537EB ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
16:39:33.0972 0x0c0c MsBridge - ok
16:39:34.0003 0x0c0c [ 2EF846AC66E181BE820B513DBC15B5D2, EDFE71025C352D0DABEC7B9506C5945BB0EC11F8DB540DB8CB1116C2EA1648A8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:39:34.0112 0x0c0c MSDTC - ok
16:39:34.0112 0x0c0c Msfs - ok
16:39:34.0159 0x0c0c [ 6092FD060EC4132A799BDAD61845DDB7, B45F9D3A71FC8A73AED3C5B8CF6F14A25EBDD3D4D47C9F39FFCD75C7D22F4A9E ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
16:39:34.0175 0x0c0c msgpiowin32 - ok
16:39:34.0175 0x0c0c mshidkmdf - ok
16:39:34.0222 0x0c0c [ 9E90FE6DF363D2427A5C773120E7B27D, 1FDB7E28CCAF757603C4B754E1AC9C470E5E60E85DE067375902F108F5E34608 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
16:39:34.0268 0x0c0c mshidumdf - ok
16:39:34.0284 0x0c0c msisadrv - ok
16:39:34.0300 0x0c0c MSiSCSI - ok
16:39:34.0315 0x0c0c msiserver - ok
16:39:34.0315 0x0c0c MSKSSRV - ok
16:39:34.0331 0x0c0c [ 9FB5040C8CEAE4C32B7884ECBBCAFDAF, 0EC3E53C5B1B202440DE22A5BF7E1EBE9AF5BBB6BA69DB9D018A6D8EC97B477E ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
16:39:34.0425 0x0c0c MsLldp - ok
16:39:34.0425 0x0c0c MSPCLOCK - ok
16:39:34.0425 0x0c0c MSPQM - ok
16:39:34.0440 0x0c0c MsQuic - ok
16:39:34.0440 0x0c0c MsRPC - ok
16:39:34.0440 0x0c0c mssmbios - ok
16:39:34.0456 0x0c0c MSTEE - ok
16:39:34.0456 0x0c0c MTConfig - ok
16:39:34.0456 0x0c0c Mup - ok
16:39:34.0456 0x0c0c mvumis - ok
16:39:34.0534 0x0c0c [ B3BDA3044B2C643B28143275FA731C6B, 1F050015B84DBB43106057DBCD25A86E281ECD8098B9C757A27735614B718534 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:39:34.0534 0x0c0c MyWiFiDHCPDNS - ok
16:39:34.0565 0x0c0c NativeWifiP - ok
16:39:34.0597 0x0c0c NaturalAuthentication - ok
16:39:34.0628 0x0c0c [ D47A20839608B8213065D7AFC8C42195, 7B0187BE9705ED2F925616C13B3744BAC0A9C96B21BE503D96BC9EE7EE125B33 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
16:39:34.0893 0x0c0c NcaSvc - ok
16:39:34.0940 0x0c0c NcbService - ok
16:39:34.0956 0x0c0c [ 8C938E851CDF2CE30BBEA14555B61820, F853F526C811893BD40B1124BAEC543099381E7BF091729B6A6665DF3CE10B94 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
16:39:35.0018 0x0c0c NcdAutoSetup - ok
16:39:35.0034 0x0c0c ndfltr - ok
16:39:35.0034 0x0c0c NDIS - ok
16:39:35.0065 0x0c0c [ 6BEC0929C7A7BF2A7C44F585ECC7DAEB, 5F6395268CBD26A4B90960479040C114B2C8A3F24C188C2D5F62D6AB43A637D1 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
16:39:35.0081 0x0c0c NdisCap - ok
16:39:35.0097 0x0c0c NdisImPlatform - ok
16:39:35.0097 0x0c0c NdisTapi - ok
16:39:35.0097 0x0c0c Ndisuio - ok
16:39:35.0112 0x0c0c NdisVirtualBus - ok
16:39:35.0112 0x0c0c NdisWan - ok
16:39:35.0112 0x0c0c ndiswanlegacy - ok
16:39:35.0128 0x0c0c [ 33CDAEDC7CBE8339A8324CEC2461BFB4, DAAEACDB4506D2BDDED61957D92FB4983E11D9CE6E7B25119B4CBFB431C945F4 ] NDKPing C:\WINDOWS\system32\drivers\NDKPing.sys
16:39:35.0143 0x0c0c NDKPing - ok
16:39:35.0143 0x0c0c ndproxy - ok
16:39:35.0190 0x0c0c [ 77621E74FD79B267071A0D12C643A48A, 8228B7D1237A0FFABCCC150B299EA494C8F0CB4CCB51AB0DBFF08CBAA9EFC4BB ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
16:39:35.0222 0x0c0c Ndu - ok
16:39:35.0237 0x0c0c NetAdapterCx - ok
16:39:35.0253 0x0c0c NetBIOS - ok
16:39:35.0253 0x0c0c NetBT - ok
16:39:35.0253 0x0c0c Netlogon - ok
16:39:35.0253 0x0c0c Netman - ok
16:39:35.0268 0x0c0c netprofm - ok
16:39:35.0268 0x0c0c NetSetupSvc - ok
16:39:35.0362 0x0c0c [ B9D455C60292DF5FCB064834CA5802AA, 75DCE4E5FA08CCEAF4D3D30FE8E26903FCDD14CC852E820F63B40F374C706DBD ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:35.0503 0x0c0c NetTcpPortSharing - ok
16:39:35.0518 0x0c0c netvsc - ok
16:39:35.0612 0x0c0c [ 87EA78E543A3F78CB7D928C5ED9FA122, 1C24E9EA2DC3D168212A31C51BE420517784BE9CDF61228AE57BF933DC09AE3D ] NETwNb64 C:\WINDOWS\System32\drivers\Netwbw02.sys
16:39:35.0737 0x0c0c NETwNb64 - ok
16:39:35.0753 0x0c0c NgcCtnrSvc - ok
16:39:35.0893 0x0c0c NgcSvc - ok
16:39:35.0909 0x0c0c NlaSvc - ok
16:39:35.0909 0x0c0c Npfs - ok
16:39:35.0925 0x0c0c npsvctrig - ok
16:39:35.0925 0x0c0c nsi - ok
16:39:35.0925 0x0c0c nsiproxy - ok
16:39:35.0925 0x0c0c Ntfs - ok
16:39:35.0940 0x0c0c Null - ok
16:39:35.0940 0x0c0c nvdimm - ok
16:39:35.0940 0x0c0c nvraid - ok
16:39:35.0940 0x0c0c nvstor - ok
16:39:35.0987 0x0c0c [ 2DC49F990DDC302C9608BA0A97FEF58B, 0C950D16F7C6B19851FCFC8B8805BE78824DDFD6D7AEA1EEA865C965824001B2 ] NW1900 C:\WINDOWS\System32\drivers\NW1900.sys
16:39:35.0987 0x0c0c NW1900 - ok
16:39:36.0003 0x0c0c [ D12FA6055E4C22C8AF8CE1F2760D2CAC, 1791EC3B535F4D4984361079BC56FE34DB631ECD454BBA5134B3F117F3C25FAB ] NWLowRider C:\WINDOWS\System32\drivers\NWLowRider.sys
16:39:36.0003 0x0c0c NWLowRider - ok
16:39:36.0034 0x0c0c [ A0A870F8CB2C853D599D081A0984012F, D005D7CA6057CB53E878BCF4E1B632577C167F8B98BF91294FE1DCADEAE37916 ] NWVoltron C:\WINDOWS\System32\drivers\NWVoltron.sys
16:39:36.0034 0x0c0c NWVoltron - ok
16:39:36.0050 0x0c0c OneSyncSvc - ok
16:39:36.0096 0x0c0c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:36.0112 0x0c0c ose - ok
16:39:36.0378 0x0c0c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:39:36.0534 0x0c0c osppsvc - ok
16:39:36.0550 0x0c0c p2pimsvc - ok
16:39:36.0581 0x0c0c [ DA97CD5815EC123BC88382C08D465B9E, 46F5EA2E3D590FB10E14BC811612B6EF87C805B359A652D2C6BFE4840D5D6AA2 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
16:39:36.0987 0x0c0c p2psvc - ok
16:39:36.0987 0x0c0c Parport - ok
16:39:37.0018 0x0c0c partmgr - ok
16:39:37.0018 0x0c0c PcaSvc - ok
16:39:37.0034 0x0c0c pci - ok
16:39:37.0034 0x0c0c pciide - ok
16:39:37.0034 0x0c0c pcmcia - ok
16:39:37.0050 0x0c0c pcw - ok
16:39:37.0050 0x0c0c pdc - ok
16:39:37.0112 0x0c0c [ 1FABA74CEA705ECB2CDA5398F3477212, 07D8952C60A8D89F249985206746B132596909E8BABC3A0C5B6E33A22FFD65CF ] PDF24 C:\Program Files\PDF24\pdf24.exe
16:39:37.0143 0x0c0c PDF24 - ok
16:39:37.0159 0x0c0c PEAUTH - ok
16:39:37.0175 0x0c0c perceptionsimulation - ok
16:39:37.0190 0x0c0c percsas2i - ok
16:39:37.0190 0x0c0c percsas3i - ok
16:39:37.0253 0x0c0c [ 2FC7CFCEDBF7E038351C7CEB1036D2E1, 41D7DA706F0CF613DF768B6795CD09C5C1035F9F101051FB58F5042EB4352DB6 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
16:39:37.0909 0x0c0c PerfHost - ok
16:39:37.0924 0x0c0c PhoneSvc - ok
16:39:37.0940 0x0c0c PimIndexMaintenanceSvc - ok
16:39:37.0940 0x0c0c PktMon - ok
16:39:38.0003 0x0c0c [ 9E431A5D697432DD6F4DB48C9A185104, 44C16E194258C9143A45F4022F9C5DE229E217D6FF7F944F105FE631BE9EF4A7 ] pla C:\WINDOWS\system32\pla.dll
16:39:38.0268 0x0c0c pla - ok
16:39:38.0284 0x0c0c PlugPlay - ok
16:39:38.0299 0x0c0c [ D257B3A5E243E04867D1ABD2DA13B6F8, 163EF53B0AAFBAD09309E5A1FA2E16B6EEE508496CCD9F3B18B2EAF0B0F5E11B ] PMDRVS C:\WINDOWS\system32\drivers\pmdrvs.sys
16:39:38.0315 0x0c0c PMDRVS - ok
16:39:38.0315 0x0c0c pmem - ok
16:39:38.0331 0x0c0c [ 2769F200292C0F941A10BD60C33EA4A6, B8345C32585C45E6248D7194B1071F2B8617718E7C9B270AAF44C132D029DB4C ] PNPMEM C:\WINDOWS\System32\drivers\pnpmem.sys
16:39:38.0362 0x0c0c PNPMEM - ok
16:39:38.0393 0x0c0c [ 6AAAC8AD69AEFBE5FE04738B687EE85E, 83427082298E2FC021D5D39A43DB4A5783D95213F2CA8D3A997DB6C815BD9CB2 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
16:39:38.0518 0x0c0c PNRPAutoReg - ok
16:39:38.0518 0x0c0c PNRPsvc - ok
16:39:38.0534 0x0c0c PolicyAgent - ok
16:39:38.0565 0x0c0c portcfg - ok
16:39:38.0565 0x0c0c Power - ok
16:39:38.0565 0x0c0c PptpMiniport - ok
16:39:38.0721 0x0c0c [ 127682EFCBC718AE83C591CF12EDBE9E, EDA3BBCA39385ECFC53D6726E2E0311F86033F2E29BB2744A92339947D2498BD ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:39:38.0924 0x0c0c PrintNotify - ok
16:39:38.0940 0x0c0c PrintWorkflowUserSvc - ok
16:39:38.0971 0x0c0c Processor - ok
16:39:38.0971 0x0c0c ProfSvc - ok
16:39:38.0987 0x0c0c Psched - ok
16:39:38.0987 0x0c0c PushToInstall - ok
16:39:39.0018 0x0c0c [ 2F3808790D517E5E5E6ABF7177875C02, BE1A79A6498697EB86FC29638324A853197B49BC06AE3EB1130793F710926998 ] QWAVE C:\WINDOWS\system32\qwave.dll
16:39:39.0143 0x0c0c QWAVE - ok
16:39:39.0174 0x0c0c [ CE51A9A997D2830C6C64A36D7F8D8879, 706D683CAF92C259C121222446D34ED43F6E8872407C3615E2ED118ACD24D21D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
16:39:39.0190 0x0c0c QWAVEdrv - ok
16:39:39.0190 0x0c0c Ramdisk - ok
16:39:39.0206 0x0c0c RasAcd - ok
16:39:39.0221 0x0c0c RasAgileVpn - ok
16:39:39.0221 0x0c0c RasAuto - ok
16:39:39.0221 0x0c0c Rasl2tp - ok
16:39:39.0237 0x0c0c RasMan - ok
16:39:39.0237 0x0c0c RasPppoe - ok
16:39:39.0237 0x0c0c RasSstp - ok
16:39:39.0237 0x0c0c rdbss - ok
16:39:39.0268 0x0c0c [ B7BAD23CA994EFF8EA11261626326004, 056495FB4A54984CE9D28D7B45550990D4A4B0736669F0F69138BEF51A695EFA ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
16:39:39.0284 0x0c0c rdpbus - ok
16:39:39.0299 0x0c0c RDPDR - ok
16:39:39.0315 0x0c0c RdpVideoMiniport - ok
16:39:39.0331 0x0c0c [ B4A6F3BFB5A07DAF4E18C14A6337A226, F906865E349390D24A3DCBC563154BBB9F307B97361832BE93BC9D44A9F3B486 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
16:39:39.0346 0x0c0c rdyboost - ok
16:39:39.0362 0x0c0c ReFS - ok
16:39:39.0362 0x0c0c ReFSv1 - ok
16:39:39.0393 0x0c0c [ 3E53D61A9E0C41D3370197FF4D2D38C3, 21C49489A64931EEB3E1CF8E3F02AD4B9A20B4B21FAE91CFD24EDB574F33801D ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:39:39.0409 0x0c0c RegSrvc - ok
16:39:39.0440 0x0c0c RemoteAccess - ok
16:39:39.0487 0x0c0c [ 58B3C0A2B0C130838588EF519ADCE495, 60360DD8EA1802C8F95EB93531FF9666BE1148253E6A1BD706D4CA98955C0F6E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:39:39.0659 0x0c0c RemoteRegistry - ok
16:39:39.0659 0x0c0c RetailDemo - ok
16:39:39.0706 0x0c0c [ D2EE9CCE0187C616E50D61EB30ECA262, 825C918D22FC8DBF3EE9BDB41D121A0AC3CCBFFBA147E2B26F0197552E0675DE ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
16:39:39.0721 0x0c0c RFCOMM - ok
16:39:39.0752 0x0c0c [ 4DD0EFE49F0C020DAFEAE6F5F231362C, DF04978AF6CD34C8251B3DDE381CD77518684DCB1D2B16BD2DAFEE63AC9D5858 ] rhproxy C:\WINDOWS\System32\drivers\rhproxy.sys
16:39:39.0768 0x0c0c rhproxy - ok
16:39:39.0768 0x0c0c RmSvc - ok
16:39:39.0784 0x0c0c RpcEptMapper - ok
16:39:39.0815 0x0c0c [ D45676C47616B9ABBFAEC97DD3B240A8, E13985D667F66B7A0082356F23270F61A57B8C2DD211B1E09D66D7970D7B4D6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:39:39.0909 0x0c0c RpcLocator - ok
16:39:39.0909 0x0c0c RpcSs - ok
16:39:39.0956 0x0c0c [ EABD30C39742A79913B595A5B6F809D4, 9067160F566220A2B21FEEE181729A796A3F3EECF75FFB75815BE5CCC7BBA64F ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
16:39:39.0971 0x0c0c rspndr - ok
16:39:40.0018 0x0c0c [ 88C3A100D2F37B9D122023EA1FBE7D9A, 504190ACD4585D717FA3204FFA11FC8CB69B70440A19E0C83984F3257B3734EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:39:40.0018 0x0c0c RtkAudioService - ok
16:39:40.0065 0x0c0c [ 739880D90D6EDE2EDCF7E030665A2D4F, DC8B7EEE04AF59BEEF171011D9433559476FED67EED87FE165AF31144D236C65 ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
16:39:40.0096 0x0c0c RTSPER - ok
16:39:40.0112 0x0c0c [ 5914CC0C1E99A3C1711BDB1E224526D1, 54BB8636F27282B396D487B3FEA8BD73F2F6FE6DA4DE8D718EE498F75A6A5DCE ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
16:39:40.0112 0x0c0c s3cap - ok
16:39:40.0127 0x0c0c SamSs - ok
16:39:40.0159 0x0c0c sbp2port - ok
16:39:40.0159 0x0c0c SCardSvr - ok
16:39:40.0159 0x0c0c ScDeviceEnum - ok
16:39:40.0159 0x0c0c scfilter - ok
16:39:40.0174 0x0c0c Schedule - ok
16:39:40.0174 0x0c0c scmbus - ok
16:39:40.0174 0x0c0c SCPolicySvc - ok
16:39:40.0190 0x0c0c sdbus - ok
16:39:40.0206 0x0c0c [ 3200667DB433F0A2032FAF4DC02E2089, 5E940CA63AD21CEA08C334AC61D985BAFDBA7DCB2D388F355B5C72EFA3E23E0A ] SDFRd C:\WINDOWS\System32\drivers\SDFRd.sys
16:39:40.0221 0x0c0c SDFRd - ok
16:39:40.0237 0x0c0c SDRSVC - ok
16:39:40.0237 0x0c0c sdstor - ok
16:39:40.0252 0x0c0c [ 016706A76857F914C99D2472B1E79BF9, 39A114EB591E243E0429DA7279413F046626DE7B52E057DDBCD26A0A1BF327FB ] seclogon C:\WINDOWS\system32\seclogon.dll
16:39:40.0409 0x0c0c seclogon - ok
16:39:40.0424 0x0c0c SecurityHealthService - ok
16:39:40.0440 0x0c0c SEMgrSvc - ok
16:39:40.0456 0x0c0c [ 1EA7972A4C7163FF1D3EFE9988404D4E, 56A94B1617815C1E8A79D832B0F0CBA683C3080105CC4C87DBB9B8EAB4CD2690 ] SENS C:\WINDOWS\System32\sens.dll
16:39:40.0487 0x0c0c SENS - ok
16:39:40.0487 0x0c0c SensorDataService - ok
16:39:40.0502 0x0c0c SensorService - ok
16:39:40.0518 0x0c0c [ 0BCFFAD6F3B180DD60C941B01768F733, A0B73C1BF636F14504B69606999287B6FE148C958A4F6E31E9022FF129A048E0 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
16:39:40.0565 0x0c0c SensrSvc - ok
16:39:40.0565 0x0c0c SerCx - ok
16:39:40.0565 0x0c0c SerCx2 - ok
16:39:40.0581 0x0c0c Serenum - ok
16:39:40.0581 0x0c0c Serial - ok
16:39:40.0581 0x0c0c sermouse - ok
16:39:40.0596 0x0c0c SessionEnv - ok
16:39:40.0612 0x0c0c sfloppy - ok
16:39:40.0627 0x0c0c [ C05648C2BE6176BE557D9C7F02916388, C65D8FEDDCD9A52B04F42C64DAD2A499BF51246D36042E8DC09DD04C4C0B7BEE ] SgrmAgent C:\WINDOWS\system32\drivers\SgrmAgent.sys
16:39:40.0643 0x0c0c SgrmAgent - ok
16:39:40.0643 0x0c0c SgrmBroker - ok
16:39:40.0659 0x0c0c SharedAccess - ok
16:39:40.0674 0x0c0c SharedRealitySvc - ok
16:39:40.0690 0x0c0c [ BE44F2B19C4F61FED874C7FE26DF92AA, 07888C7575A1D7D46AE375B1CE6C13665CCEE0F0672EA8FDE71B955B5BC0EA70 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:39:40.0956 0x0c0c ShellHWDetection - ok
16:39:41.0002 0x0c0c [ D1AC677E7066D3278356C875628B16D4, FBB0E872FBF4EF179204787AC1C4D8008A407FD8E91B8CCA3FCDAC691D7593BC ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx64.sys
16:39:41.0018 0x0c0c Shockprf - ok
16:39:41.0018 0x0c0c shpamsvc - ok
16:39:41.0018 0x0c0c SiSRaid2 - ok
16:39:41.0018 0x0c0c SiSRaid4 - ok
16:39:41.0049 0x0c0c [ BCE703FE67976C57B789F19A77C4C7D1, 6D249386924AA443B3237BF71D9EFDB8C6D2CEE6E40823519694554224FB1538 ] SMARTMouseFilterx64 C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys
16:39:41.0112 0x0c0c SMARTMouseFilterx64 - ok
16:39:41.0112 0x0c0c SmartSAMD - ok
16:39:41.0127 0x0c0c [ C02C2D6EBC48A52C0C2922BD86CCEEDE, 07FB67B4EFEF315E071671884FFCCE5B39B486C8901BF9C8D62AEBF3CACF6937 ] SMARTVHidMiniVistaAmd64 C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys
16:39:41.0190 0x0c0c SMARTVHidMiniVistaAmd64 - ok
16:39:41.0221 0x0c0c [ CB4765B055D922E3A8F9C0C47CD82AA7, 3C830E82D46E8C835FEF3E7E5CD8EE1252F3A0B72CCF7FA50D185F764B31E602 ] SmbDrv C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
16:39:41.0237 0x0c0c SmbDrv - ok
16:39:41.0252 0x0c0c [ 38F010FA1E511C28E5A4FF511085F4C1, C8766723B0710F6CD85F0C17D235210160A7D846F284874CBAE076467B6ED011 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
16:39:41.0268 0x0c0c SmbDrvI - ok
16:39:41.0299 0x0c0c [ 94A36F00D894E4558D0243D4D9844323, E3BEB854587049DE54E0E3ACD8F739AACBEAA43113D825542424A2A7B3FA18DD ] SMIDriverGen C:\WINDOWS\system32\DRIVERS\smi.sys
16:39:41.0299 0x0c0c SMIDriverGen - ok
16:39:41.0299 0x0c0c smphost - ok
16:39:41.0315 0x0c0c SmsRouter - ok
16:39:41.0346 0x0c0c [ 1971BBC71602B928CF9257759E3C05E8, 9D665698FF26ED333AD385B4B7A6C0F2B6806371D278E281FA4188002A5317E8 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
16:39:41.0377 0x0c0c SNMPTRAP - ok
16:39:41.0424 0x0c0c [ 27B7D9E872939EBB34C30343F991893D, 879AFDC8C50487ED0D3CB58C70A206E185F94BE75C25C31C387F3F08740771F9 ] spaceparser C:\WINDOWS\system32\drivers\spaceparser.sys
16:39:41.0455 0x0c0c spaceparser - ok
16:39:41.0455 0x0c0c spaceport - ok
16:39:41.0502 0x0c0c [ AB3BDEC793187CEDF1229AC98BB7DEDF, D2EA0C5FC534C89310207AA26A8816B30FEEF3F2708A067D8BB93D3CFF9C3936 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
16:39:41.0502 0x0c0c SpatialGraphFilter - ok
16:39:41.0518 0x0c0c SpbCx - ok
16:39:41.0534 0x0c0c spectrum - ok
16:39:41.0534 0x0c0c Spooler - ok
16:39:41.0549 0x0c0c sppsvc - ok
16:39:41.0549 0x0c0c srv2 - ok
16:39:41.0565 0x0c0c srvnet - ok
16:39:41.0580 0x0c0c SSDPSRV - ok
16:39:41.0612 0x0c0c ssh-agent - ok
16:39:41.0627 0x0c0c SstpSvc - ok
16:39:41.0627 0x0c0c StateRepository - ok
16:39:41.0752 0x0c0c [ 58E7B7ADAA4680E5FB09D1477071EF42, 706613A017C5650AEEED94C77BF61B3FA2C0D2874AE15A7F3D7B9EC5534F5EA2 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\steamservice.exe
16:39:41.0877 0x0c0c Steam Client Service - ok
16:39:41.0893 0x0c0c stexstor - ok
16:39:41.0924 0x0c0c stisvc - ok
16:39:41.0940 0x0c0c storahci - ok
16:39:41.0971 0x0c0c storflt - ok
16:39:41.0971 0x0c0c stornvme - ok
16:39:41.0971 0x0c0c storqosflt - ok
16:39:41.0971 0x0c0c StorSvc - ok
16:39:41.0987 0x0c0c storufs - ok
16:39:42.0002 0x0c0c storvsc - ok
16:39:42.0049 0x0c0c [ 2AA42DECBBC92848B2C72B0A8EF3C4A2, D716C8C611FF2FBC7B5B9CE319823DB459C0B1AD2D98898CD4A9B3BA1F5E0619 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
16:39:42.0049 0x0c0c SUService - ok
16:39:42.0049 0x0c0c svsvc - ok
16:39:42.0080 0x0c0c swenum - ok
16:39:42.0096 0x0c0c swprv - ok
16:39:42.0112 0x0c0c Synth3dVsc - ok
16:39:42.0159 0x0c0c [ 5286F9B8FCFD0FC43A3836F55BC3F3AD, 5DAAEEE6C10D372F6E3C3ED3075A85DE785368B223D2F720BE39FFDE0562117A ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:39:42.0190 0x0c0c SynTP - ok
16:39:42.0221 0x0c0c [ DB9E3F6217CBAAE2F749D3E90A57A545, FB43B3A7353EFE558CE283CFBE6DB055109BCE6D5208F75184882752F9888AAC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
16:39:42.0237 0x0c0c SynTPEnhService - ok
16:39:42.0284 0x0c0c SysMain - ok
16:39:42.0315 0x0c0c SystemEventsBroker - ok
16:39:42.0330 0x0c0c TabletInputService - ok
16:39:42.0330 0x0c0c TapiSrv - ok
16:39:42.0346 0x0c0c Tcpip - ok
16:39:42.0346 0x0c0c Tcpip6 - ok
16:39:42.0377 0x0c0c [ 57BE670CF1D93717B628271B404D658A, EDD4C58EDAB985C87D6101D9CA5620146EE2BB8A1B899C635DD4CD36541DD46E ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
16:39:42.0393 0x0c0c tcpipreg - ok
16:39:42.0424 0x0c0c tdx - ok
16:39:42.0424 0x0c0c Telemetry - ok
16:39:42.0455 0x0c0c [ C225B94F2B27AC97C3E66C0550AEA249, 6F88375DD12A648B77BB6EB4BE527FF6678EE76A2059DB5B4CC971CDB31D0DB8 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
16:39:42.0455 0x0c0c terminpt - ok
16:39:42.0487 0x0c0c TermService - ok
16:39:42.0502 0x0c0c [ 8EC4197962A0349DFFBDC11586099DB8, 8DD5348A4983C376F63E6B209227D4D02300555F8C80A0E0DB2EA16074ABC334 ] Themes C:\WINDOWS\system32\themeservice.dll
16:39:42.0799 0x0c0c Themes - ok
16:39:42.0799 0x0c0c TieringEngineService - ok
16:39:42.0799 0x0c0c TimeBrokerSvc - ok
16:39:42.0799 0x0c0c TokenBroker - ok
16:39:42.0830 0x0c0c [ D43EB8666214C14AB97080D4B11F5CAF, 3EF108E16627FFD7E4578E7A6DEE23D076C9A11524EF8FCCCC45A6B930CFBEE1 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM64.sys
16:39:42.0830 0x0c0c TPDIGIMN - ok
16:39:42.0877 0x0c0c [ EAB5AF16EE4D864A548C367D15BFABAF, 7BC3C22933F997BCC98696B7618466DCCA3C64F1A03CBC700E3DA8B8415F4C5E ] TPHKLOAD C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe
16:39:42.0924 0x0c0c TPHKLOAD - ok
16:39:42.0924 0x0c0c TPM - ok
16:39:42.0940 0x0c0c [ 78A238084E9DCE6DEEC24AC9A3C5BFB1, 12069823B0B852DAB7A2E8609EACBDF18F28005113A812D474314C994534E7B8 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwr64v.sys
16:39:42.0955 0x0c0c TPPWRIF - ok
16:39:42.0987 0x0c0c [ 62636F77E0C51D59F043D9197C897AD4, F121E79E0A15ED6E362D7DEF72F9C1D2D5CC50BBEC3541DFAB91691BC3AFB191 ] TrkWks C:\WINDOWS\System32\trkwks.dll
16:39:43.0049 0x0c0c TrkWks - ok
16:39:43.0065 0x0c0c TroubleshootingSvc - ok
16:39:43.0096 0x0c0c TrustedInstaller - ok
16:39:43.0127 0x0c0c [ F613A8618CC19DD96D1E0C81C5DCB7D1, AD6DE675AC033BE6BF75FF6303EAED4B5C672689D3AEC6DB94816D60E19B7030 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
16:39:43.0143 0x0c0c TsUsbFlt - ok
16:39:43.0158 0x0c0c TsUsbGD - ok
16:39:43.0174 0x0c0c [ 6244FD1056BF170E38245B4B9042BFDF, C32908B3C5800CD52EF9BDD26C77B8162831CFD19DBF1D399941B17FB909AD94 ] tunnel C:\WINDOWS\system32\drivers\tunnel.sys
16:39:43.0205 0x0c0c tunnel - ok
16:39:43.0205 0x0c0c tzautoupdate - ok
16:39:43.0221 0x0c0c UASPStor - ok
16:39:43.0221 0x0c0c UcmCx0101 - ok
16:39:43.0252 0x0c0c [ 229B33B8499F4F2AAB1F3B590423611F, E70A2D9EEEF0C6894A0DB7990CFF6ECE3B8F389FD30B7B1949FCBDD3300B6148 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
16:39:43.0268 0x0c0c UcmTcpciCx0101 - ok
16:39:43.0299 0x0c0c [ 7FDC3A6FD8547468CE554C8821640103, 3626760AEE42EE36E047DA6899A81E0646DFBA344A234270EAE5D635F049BE37 ] UcmUcsiAcpiClient C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys
16:39:43.0330 0x0c0c UcmUcsiAcpiClient - ok
16:39:43.0330 0x0c0c UcmUcsiCx0101 - ok
16:39:43.0346 0x0c0c Ucx01000 - ok
16:39:43.0346 0x0c0c UdeCx - ok
16:39:43.0346 0x0c0c udfs - ok
16:39:43.0362 0x0c0c UdkUserSvc - ok
16:39:43.0362 0x0c0c UEFI - ok
16:39:43.0377 0x0c0c Ufx01000 - ok
16:39:43.0393 0x0c0c UfxChipidea - ok
16:39:43.0393 0x0c0c ufxsynopsys - ok
16:39:43.0471 0x0c0c [ 3CE7ADECE2CDAD638CFC04A685D132D3, CFC126A7F129D8D24511B500411FDDB07D0608F5DE838424CDF6C35AEBAF7ABE ] uhssvc C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
16:39:43.0487 0x0c0c uhssvc - ok
16:39:43.0487 0x0c0c umbus - ok
16:39:43.0487 0x0c0c UmPass - ok
16:39:43.0502 0x0c0c UmRdpService - ok
16:39:43.0518 0x0c0c UnistoreSvc - ok
16:39:43.0518 0x0c0c upnphost - ok
16:39:43.0533 0x0c0c [ 5C33B91675BE0C9693358C1AAA723D20, A5BB54ABBB0F7B13ACCA0997F567A81395688C6D68EB87F67F688737DC16918F ] UrsChipidea C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
16:39:43.0549 0x0c0c UrsChipidea - ok
16:39:43.0565 0x0c0c [ ADFAB87405AE22290E24D0E8E6141AF1, BC0982BEFE4CABEA1E260C8A3266EA18A4CA158A07D1C5176890A04CC3B6A84A ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
16:39:43.0580 0x0c0c UrsCx01000 - ok
16:39:43.0612 0x0c0c [ BBDE7BF496327115DD744E7D4105C7BC, 5A8CC47603A1C9D58A30A5E897F1BCDC56199B08317B9FF319D469D6DD6CAAF0 ] UrsSynopsys C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys
16:39:43.0627 0x0c0c UrsSynopsys - ok
16:39:43.0643 0x0c0c usbaudio - ok
16:39:43.0674 0x0c0c [ FB9F25ACEBCBAEABFE30CACCB17D4EE6, 7D38FA294DA179E5535E3E481746F07E2AE47CE57192C2D1C5B780B583FD9C6D ] usbaudio2 C:\WINDOWS\System32\drivers\usbaudio2.sys
16:39:43.0690 0x0c0c usbaudio2 - ok
16:39:43.0690 0x0c0c usbccgp - ok
16:39:43.0721 0x0c0c [ 11561FC5BAA2DEB5AC8B179B591A882E, 2AD595BF4ABC146D8F533981848FF8271E983038566937BEB48A6A8F09BC60FB ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
16:39:43.0752 0x0c0c usbcir - ok
16:39:43.0752 0x0c0c usbehci - ok
16:39:43.0752 0x0c0c usbhub - ok
16:39:43.0768 0x0c0c USBHUB3 - ok
16:39:43.0768 0x0c0c usbohci - ok
16:39:43.0783 0x0c0c usbprint - ok
16:39:43.0799 0x0c0c [ 4D073745FA6C40483A3EF02225D20B19, 3FE72BE1BD429697DB8142A582455CD3341DE798D32EA780ACFA01904437A0D7 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:39:43.0830 0x0c0c usbscan - ok
16:39:43.0830 0x0c0c usbser - ok
16:39:43.0830 0x0c0c USBSTOR - ok
16:39:43.0830 0x0c0c usbuhci - ok
16:39:43.0846 0x0c0c usbvideo - ok
16:39:43.0846 0x0c0c USBXHCI - ok
16:39:43.0846 0x0c0c UserDataSvc - ok
16:39:43.0862 0x0c0c UserManager - ok
16:39:43.0877 0x0c0c UsoSvc - ok
16:39:43.0893 0x0c0c VacSvc - ok
16:39:43.0924 0x0c0c [ 580C1E4BBDB0163DB40A6F06BD6036C8, B4767BDAB1C589663F55DDF74993A132BC8A77E4F2D1B227ACBC59AE7B3326E2 ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
16:39:44.0049 0x0c0c valWBFPolicyService - ok
16:39:44.0080 0x0c0c [ 61C571043A09ACF399934EC8B66F6CB5, A954603A35499C7EACC20DF71A4F40A15DBD6C504AA8598CC2178C16FC62F6BF ] valWbioSyncSvc C:\WINDOWS\system32\valWbioSyncSvc.exe
16:39:44.0096 0x0c0c valWbioSyncSvc - ok
16:39:44.0112 0x0c0c VaultSvc - ok
16:39:44.0112 0x0c0c vdrvroot - ok
16:39:44.0127 0x0c0c vds - ok
16:39:44.0143 0x0c0c VerifierExt - ok
16:39:44.0143 0x0c0c vhdmp - ok
16:39:44.0143 0x0c0c vhf - ok
16:39:44.0143 0x0c0c Vid - ok
16:39:44.0174 0x0c0c [ B37F0BF662BB504F0A9C247F24C281AD, 6281D573D9AD9AA204778C3823737726E882B17657B23CF5458C012FF7990E52 ] VirtualRender C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys
16:39:44.0268 0x0c0c VirtualRender - ok
16:39:44.0268 0x0c0c vmbus - ok
16:39:44.0283 0x0c0c VMBusHID - ok
16:39:44.0299 0x0c0c [ E5BB075B6B5A1DA3C3F48CA5DFF54E77, E13E8F9523F51F976084561C9D0A843CAF550FA233521FF13FFE1C5634CA6472 ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
16:39:44.0315 0x0c0c vmgid - ok
16:39:44.0315 0x0c0c vmicguestinterface - ok
16:39:44.0330 0x0c0c vmicheartbeat - ok
16:39:44.0330 0x0c0c vmickvpexchange - ok
16:39:44.0330 0x0c0c vmicrdv - ok
16:39:44.0330 0x0c0c vmicshutdown - ok
16:39:44.0346 0x0c0c vmictimesync - ok
16:39:44.0346 0x0c0c vmicvmsession - ok
16:39:44.0346 0x0c0c vmicvss - ok
16:39:44.0362 0x0c0c volmgr - ok
16:39:44.0362 0x0c0c volmgrx - ok
16:39:44.0377 0x0c0c volsnap - ok
16:39:44.0377 0x0c0c volume - ok
16:39:44.0408 0x0c0c [ A37A7788DABE4FF6E33FE50D7A33D8E8, 9E99D9D27BA3DFA6F89C77B9AD91BE495F15E4F612BB63B209157DFA13BCD7E0 ] vpci C:\WINDOWS\system32\drivers\vpci.sys
16:39:44.0424 0x0c0c vpci - ok
16:39:44.0424 0x0c0c vsmraid - ok
16:39:44.0440 0x0c0c VSS - ok
16:39:44.0440 0x0c0c VSTXRAID - ok
16:39:44.0455 0x0c0c vwifibus - ok
16:39:44.0455 0x0c0c vwififlt - ok
16:39:44.0455 0x0c0c vwifimp - ok
16:39:44.0471 0x0c0c W32Time - ok
16:39:44.0486 0x0c0c WaaSMedicSvc - ok
16:39:44.0486 0x0c0c WacomPen - ok
16:39:44.0502 0x0c0c WalletService - ok
16:39:44.0502 0x0c0c wanarp - ok
16:39:44.0502 0x0c0c wanarpv6 - ok
16:39:44.0533 0x0c0c [ 8449398F11D49864117105679B539816, 8FD3B9C72066D6A983D062DE72EEF9769339EACBF4E0D303B9E12343C9D5DE6C ] WarpJITSvc C:\WINDOWS\System32\Windows.WARP.JITService.dll
16:39:45.0205 0x0c0c WarpJITSvc - ok
16:39:45.0236 0x0c0c wbengine - ok
16:39:45.0252 0x0c0c WbioSrvc - ok
16:39:45.0252 0x0c0c wcifs - ok
16:39:45.0252 0x0c0c Wcmsvc - ok
16:39:45.0268 0x0c0c wcncsvc - ok
16:39:45.0268 0x0c0c wcnfs - ok
16:39:45.0283 0x0c0c [ 5925250BDDB94B0A5FA0E7FEED36C520, 0845344F7BFAA94AF90920A5346078E6261EEA3A1A77795DDA5B70B38609348B ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
16:39:45.0299 0x0c0c WdBoot - ok
16:39:45.0315 0x0c0c Wdf01000 - ok
16:39:45.0346 0x0c0c [ C150CD7072592B0BCBB7DACFFC6904CD, 0F4D31410401CC564A5D1FCEF5ED2898DAFB7418C1B39D746E88451CC3518ACA ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
16:39:45.0377 0x0c0c WdFilter - ok
16:39:45.0393 0x0c0c [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
16:39:45.0424 0x0c0c WdiServiceHost - ok
16:39:45.0440 0x0c0c [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
16:39:45.0455 0x0c0c WdiSystemHost - ok
16:39:45.0471 0x0c0c wdiwifi - ok
16:39:45.0486 0x0c0c [ A6C92A5F2982EBB8788E0690C19048C4, 85C54A99DD43DC1FAC7FD2A31288CEC7501F795DE8FA86857790F4CCD5AF7C18 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
16:39:45.0486 0x0c0c WdmCompanionFilter - ok
16:39:45.0518 0x0c0c [ C5552A3A54408AB9A0DC341E21F5EF67, 67838896B7E04EBBE2AA089F09913789A5E8C4B7E7436397135F1F68BB86F03A ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
16:39:45.0533 0x0c0c WdNisDrv - ok
16:39:45.0565 0x0c0c WdNisSvc - ok
16:39:45.0580 0x0c0c WebClient - ok
16:39:45.0580 0x0c0c Wecsvc - ok
16:39:45.0596 0x0c0c [ CBA85827716DE89106F8E4AD7430620C, EF2FEAD68FE003DAC52BC2098962F397DF80B7DCD79A8F45012A050C7C0E2DB1 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
16:39:45.0611 0x0c0c WEPHOSTSVC - ok
16:39:45.0643 0x0c0c wercplsupport - ok
16:39:45.0643 0x0c0c WerSvc - ok
16:39:45.0643 0x0c0c WFDSConMgrSvc - ok
16:39:45.0658 0x0c0c WFPLWFS - ok
16:39:45.0658 0x0c0c WiaRpc - ok
16:39:45.0658 0x0c0c WIMMount - ok
16:39:45.0658 0x0c0c WinDefend - ok
16:39:45.0690 0x0c0c [ B434A84F46C70F4E67B70ED70F024B7F, 64EEB8093BA2590E83D83C5AF7C2A025B88AF5681143BCA83671104266FEEA99 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
16:39:45.0721 0x0c0c WindowsTrustedRT - ok
16:39:45.0752 0x0c0c [ 982774B74EE1419D641CEB66E394A4BA, 090C4CE6B76B3904B5AE73E4F1EEBCE619194C358874D7584537012F954C54BE ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
16:39:45.0752 0x0c0c WindowsTrustedRTProxy - ok
16:39:45.0768 0x0c0c WinHttpAutoProxySvc - ok
16:39:45.0768 0x0c0c WinMad - ok
16:39:45.0783 0x0c0c Winmgmt - ok
16:39:45.0783 0x0c0c WinNat - ok
16:39:45.0799 0x0c0c WinRM - ok
16:39:45.0815 0x0c0c [ 91D3DC62C6EDDB6554CE14C0E0B4290F, 6F8F89B350FC6BC0D23A50C593F02514854AB7D6CD234D8C8AD4B5DDDD586BA0 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
16:39:45.0846 0x0c0c WINUSB - ok
16:39:45.0846 0x0c0c WinVerbs - ok
16:39:45.0861 0x0c0c wisvc - ok
16:39:45.0877 0x0c0c WlanSvc - ok
16:39:45.0877 0x0c0c wlidsvc - ok
16:39:45.0893 0x0c0c wlpasvc - ok
16:39:45.0893 0x0c0c WManSvc - ok
16:39:45.0893 0x0c0c WmiAcpi - ok
16:39:45.0893 0x0c0c wmiApSrv - ok
16:39:45.0924 0x0c0c WMPNetworkSvc - ok
16:39:45.0924 0x0c0c Wof - ok
16:39:45.0940 0x0c0c workfolderssvc - ok
16:39:45.0971 0x0c0c WpcMonSvc - ok
16:39:45.0971 0x0c0c WPDBusEnum - ok
16:39:46.0002 0x0c0c [ 024924C9E79F51560B9133EEAB866BBF, F4D464BC02C7B96EF72AA9229A99A1AD32F56390F97972C33525EF0D85304261 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
16:39:46.0018 0x0c0c WpdUpFltr - ok
16:39:46.0018 0x0c0c WpnService - ok
16:39:46.0018 0x0c0c WpnUserService - ok
16:39:46.0018 0x0c0c ws2ifsl - ok
16:39:46.0111 0x0c0c [ B94CB55612DB205B75014B7CFC084DC6, 441BABD94D992E83D254D6C914F57F470D7B8B6ACFA7F6BC260AA26B75A8EA18 ] WsAppService C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe
16:39:46.0127 0x0c0c WsAppService - ok
16:39:46.0174 0x0c0c wscsvc - ok
16:39:46.0174 0x0c0c WSearch - ok
16:39:46.0174 0x0c0c wuauserv - ok
16:39:46.0205 0x0c0c [ 7FC0072ECE3F5F860990EF4E10D3F8F4, 15444A3E540EAD214A674FF0EB99CD42899D6A1139E59D69DE1C2B6BA364A9E0 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
16:39:46.0268 0x0c0c WudfPf - ok
16:39:46.0299 0x0c0c [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
16:39:46.0330 0x0c0c WUDFRd - ok
16:39:46.0346 0x0c0c [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:39:46.0361 0x0c0c WUDFWpdFs - ok
16:39:46.0377 0x0c0c [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:39:46.0408 0x0c0c WUDFWpdMtp - ok
16:39:46.0424 0x0c0c WwanSvc - ok
16:39:46.0424 0x0c0c XblAuthManager - ok
16:39:46.0424 0x0c0c XblGameSave - ok
16:39:46.0439 0x0c0c xboxgip - ok
16:39:46.0439 0x0c0c XboxGipSvc - ok
16:39:46.0455 0x0c0c XboxNetApiSvc - ok
16:39:46.0455 0x0c0c xinputhid - ok
16:39:46.0627 0x0c0c [ 092C26E1609FA800321B89690FA5CA39, 5473C424412D0904E41D448DFD0D58D70564AAD570D113D31085688DF115CB78 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:39:46.0752 0x0c0c ZeroConfigService - ok
16:39:46.0752 0x0c0c ================ Scan global ===============================
16:39:46.0799 0x0c0c [ Global ] - ok
16:39:46.0799 0x0c0c ================ Scan MBR ==================================
16:39:46.0814 0x0c0c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:39:46.0908 0x0c0c \Device\Harddisk0\DR0 - ok
16:39:46.0908 0x0c0c ================ Scan VBR ==================================
16:39:46.0939 0x0c0c [ 3F2E593247565022B4E74F3C2961A5AD ] \Device\Harddisk0\DR0\Partition1
16:39:46.0939 0x0c0c \Device\Harddisk0\DR0\Partition1 - ok
16:39:46.0955 0x0c0c [ A31A07303B2A927C5EFD7A96A54CCDD4 ] \Device\Harddisk0\DR0\Partition2
16:39:46.0955 0x0c0c \Device\Harddisk0\DR0\Partition2 - ok
16:39:46.0955 0x0c0c [ 548FFF8CD3643B30FDD1D369DD53A631 ] \Device\Harddisk0\DR0\Partition3
16:39:46.0955 0x0c0c \Device\Harddisk0\DR0\Partition3 - ok
16:39:46.0955 0x0c0c [ E09178F37CA2FE637A31A17E1F1D6092 ] \Device\Harddisk0\DR0\Partition4
16:39:46.0971 0x0c0c \Device\Harddisk0\DR0\Partition4 - ok
16:39:46.0971 0x0c0c [ 44EA2705CB521174C93DC6393C039D48 ] \Device\Harddisk0\DR0\Partition5
16:39:46.0986 0x0c0c \Device\Harddisk0\DR0\Partition5 - ok
16:39:46.0986 0x0c0c [ FADC8C6032A55EBC745B57BFAF653D60 ] \Device\Harddisk0\DR0\Partition6
16:39:46.0986 0x0c0c \Device\Harddisk0\DR0\Partition6 - ok
16:39:46.0986 0x0c0c ================ Scan active images ========================
16:39:46.0986 0x0c0c ================ Scan generic autorun ======================
16:39:47.0033 0x0c0c [ 783C99AFD4C2AE6950FA5694389D2CFA, 570B37A7A3FFDAFCCECCC33CBC1968FEB857B73CA3CB4DFFEDC2E67E9ABD0878 ] C:\WINDOWS\system32\SecurityHealthSystray.exe
16:39:47.0080 0x0c0c SecurityHealth - ok
16:39:47.0127 0x0c0c [ 1FABA74CEA705ECB2CDA5398F3477212, 07D8952C60A8D89F249985206746B132596909E8BABC3A0C5B6E33A22FFD65CF ] C:\Program Files\PDF24\pdf24.exe
16:39:47.0158 0x0c0c PDF24 - ok
16:39:47.0205 0x0c0c [ E66724F3B2E3AE7882A4B4A398E911A3, ABC91EC2EC25068D2A884ACB7B89930184B0E85144AED044EC53FCF1875F0A25 ] C:\Program Files\AVG\Antivirus\AvLaunch.exe
16:39:47.0221 0x0c0c AVGUI.exe - ok
16:39:47.0221 0x0c0c WindowsDefender - ok
16:39:47.0252 0x0c0c [ 03C21928B3B0C76D36EF663C7C3832A3, 7773C44CF15111E49E3A5815388FC14E39C1BFEF217DA35EEBCF7502A4992B96 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
16:39:47.0252 0x0c0c Adobe CCXProcess - ok
16:39:47.0252 0x0c0c {A55E6E49-BC4A-4BD3-8785-D19F9FB87474} - ok
16:39:47.0299 0x0c0c OneDriveSetup - ok
16:39:47.0361 0x0c0c GoogleDriveFS - ok
16:39:47.0361 0x0c0c OneDriveSetup - ok
16:39:47.0361 0x0c0c GoogleDriveFS - ok
16:39:47.0533 0x0c0c [ 28A21AFB4BDC543B4B0309BB78B8BA4A, 672AEB85A07EC1A25DBCF48B64D3BDE24DD0691C2BB27ED74A536776F63B5D27 ] C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
16:39:47.0643 0x0c0c Opera GX Browser Assistant - ok
16:39:47.0721 0x0c0c [ 6C8960319F05FB5E1513E3BF95BA1719, B23EFD13439CF0A9FD5F64E3C0C0FCB419E879078BDCC52DA02BC5C2A1EEC342 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE
16:39:47.0736 0x0c0c EPLTarget\P0000000000000001 - ok
16:39:48.0174 0x0c0c [ 10FBAA7454807A54DA780CCD50FA9D11, 13FD99C0B22984D2601714A4F9D6E82E908371072758EE289416F209410F03C9 ] C:\Users\b-rch\AppData\Roaming\Spotify\Spotify.exe
16:39:48.0799 0x0c0c Spotify - ok
16:39:48.0814 0x0c0c GoogleDriveFS - ok
16:39:48.0814 0x0c0c Waiting for KSN requests completion. In queue: 187
16:39:50.0408 0x0c0c AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x60100 ( disabled : updated )
16:39:50.0408 0x0c0c AV detected via SS2: AVG Antivirus, C:\Program Files\AVG\Antivirus\wsc_proxy.exe ( 21.4.6162.0 ), 0x41000 ( enabled : updated )
16:39:50.0408 0x0c0c AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( ), 0x60010 ( disabled : outofdate )
16:39:50.0470 0x0c0c Win FW state via NFP2: enabled ( trusted )
16:39:50.0877 0x0c0c ============================================================
16:39:50.0877 0x0c0c Scan finished
16:39:50.0877 0x0c0c ============================================================
16:39:50.0877 0x085c Detected object count: 0
16:39:50.0877 0x085c Actual detected object count: 0
Y de dejo además el reporte del Rkill que se generó en mi escritorio, por si acaso.
RKILL
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2021 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/25/2021 04:35:36 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Home Single Language
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
Te comento que en Modo Seguro, la PC me anda de maravilla, sin embargo he notado en los reinicios que he hecho, que incluso en modo seguro, el Explorador de Windows se cuelga apenas inicia en modo seguro, me sale la ventana que me dice que el proceso no responde y le doy a “Terminar Proceso”; luego de ello la pantalla parpadea y luego inicia el explorador de Windows de manera normal. Me pareció un poco raro por eso te lo comento. Gracias por la ayuda!
1 me gusta
OK.
OK.
EN BUSCA / ELIMINACIÓN DE MALWARE
(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).
Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.
Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.
Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas y discos duros externos si también tienes.
Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:
0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.
Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.
1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.
- Realizas un Análisis Personalizado, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:
1. Analizar objetos en memoria
2. Analizar configuracion de inicio y registro
3. Analizar dentro de los archivos
- Pulsar en “Eliminar Seleccionados” para enviar las infecciones a la cuarentena y Reinicias el ordenador.
- Para acceder posteriormente al informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el informe en tu próxima respuesta.
2) Descarga Adwcleaner en el escritorio.
- Desactiva tu antivirus
Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado. - Ejecuta Adwcleaner.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
- Pulsar en el botón Analizar Ahora, y espera a que se termine el análisis. Inmediatamente pulsa sobre el botón Iniciar Reparación.
- Espera a que termine y sigue las instrucciones que te aparezcan. Si te pidiera Reiniciar, pues reinicias el ordenador pulsando en Aceptar.
- Si no encuentra nada, pulsa en Omitir Reparación.
- El log lo encontrarás en la pestaña Informes, volviendo a abrir el programa, si es necesario o en la siguiente ubicación: C:\AdwCleaner\Logs\AdwCleaner[C0].txt.
- Para más información aquí te dejo su manual: Manual de Adwcleaner.
- Activa de nuevo tu antivirus y cualquier programa de seguridad que tengas activado.
3) Utiliza nuevamente CCleaner tal como te dije en el punto 0.
Pegas los reportes de Malwarebytes y AdwCleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:
Salu2.
1 me gusta
Buenas @Marr0n aqui te dejo los reportes solicitados
MALWAREBYTES ANTIMALWARE
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 30/11/21
Hora del análisis: 16:24
Archivo de registro: e0c6c5fc-5223-11ec-ad0a-54ee751a2b76.json
-Información del software-
Versión: 4.4.11.149
Versión de los componentes: 1.0.1513
Versión del paquete de actualización: 1.0.47932
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 19042.1348)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-C692K8O\b-rch
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 529679
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 2 hr, 9 min, 26 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 4
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\PENAL ESPECIAL\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\POSTULACION\ONPE\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
Generic.Malware/Suspicious, C:\USERS\B-RCH\DOCUMENTS\ANITA\VARIOS\POSTULACION\STREAMERDATA\STREAMER.EXE, En cuarentena, 0, 392686, 1.0.47932, , shuriken, , 040CD888E971F2872D6D5DAFD52E6194, 77C2372364B6DD56BC787FDA46E6F4240AAA0353EAD1E3071224D454038A545E
RiskWare.KMS, C:\USERS\B-RCH\DOWNLOADS\KMSAUTO.NET.2016.V1.5.3.PORTABLE-RATIBORUS.ZIP, En cuarentena, 901, 632069, 1.0.47932, , ame, , AA9AF9E42B046B88C64590BDC7B0C02D, C1058F703E65DD2295320154125EBE63797B5CC9EE20545349E7EF3F5B51BB5C
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)ADWCLEANER
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-01-2021
# Duration: 00:00:10
# OS: Windows 10 Home Single Language
# Scanned: 32011
# Detected: 14
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E}
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\b-rch\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR
Preinstalled.LenovoServiceBridge Folder C:\Users\b-rch\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
AdwCleaner[S00].txt - [2817 octets] - [30/06/2021 16:46:31]
AdwCleaner[S01].txt - [2878 octets] - [01/12/2021 11:02:38]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########Sobre mi problema, he notado que la PC sigue lenta como cuando empezamos, pero esta vez es por muchísmimo menos tiempo (unos 4 a 5 minutos) a comparación de la hora y pico que tomaba,es una mejoría grande pero aun tengo el problema de arranque, sin embargo en comparación, está muchísimo mejor la verdad 
1 me gusta
Vamos por el buen camino.
EN BUSCA / ELIMINACIÓN DE MALWARE
Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:
Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, USB, etc).
0) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.
1) Descarga Kasperky Virus Removal Tool Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y lo realizas tal y como se indica en su manual. En este caso no da reporte alguno, cuando finalice, presionas en la pestaña Report tal y como se indica en su manual y haces una captura de pantalla y la subes.
PRÓXIMA RESPUESTA
Pegas los reportes de Eset Online Scaner y Kasperky Virus Removal Tool (captura de pantalla) y comentas como va el PC.
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:
Salu2.
2 Me gusta
Hola Marr0n! Nuevamente disculpa la demora, pero como vas a poder ver, los analisis duraron más de un dia. Te dejo los reportes
Eset Online Scanner
07/12/2021 15:05:57
Archivos analizados: 415882
Archivos detectados: 0
Archivos desinfectados: 0
Tiempo total de análisis: 03:34:11
Estado del análisis: FinalizadoKarpersky
Las unidades G: y H: son unidades virtuales de Google Drive, supongo que por eso muestran un error.
Te comento lo que sucedió. Mientras realizaba el escaneo en ESET Online, ví que se detectaron 3 amenazas; pero como estaba tomando mucho tiempo, lo dejé allí y me fui a hacer otras cosas. Cuando regresé luego de algunas horas, me di con la sorpresa que ESET Online se había cerrado y no estaba realizando ya ningún análisis. Luego, he vuelto a iniciar el ESET y ya no detectó nada y terminó más rápido.
Mi PC ya está muchísimo mejor que antes, igual sufre un poco para iniciar pero luego ya la tengo en buenas condiciones, nada que ver con lo que estaba antes
1 me gusta
Hola buenas @Brayand_Chacaltana
Tranquilo no pasa nada, perdonado estas.
Ok, correcto así es.
OK. Hubiese sido interesante de todas formas ver que es lo que había detectado.
OK bien me alegro.
Vamos a hacer alguna cosilla más, más que nada para descartar que no quede infección alguna y también a ver si le podemos dar un poco más de “forma física a la máquina y va de este modo un poco más rápido”.
0) Descarga, instala y ejecuta ZHP Cleaner siguiendo su manual, lo descargas de aquí, instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.
Pegas el reporte de ZHP Cleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post, siempre que te haya hecho alguna, si no, no
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:
Salu2.
1 me gusta
Dejo el reporte solicitado
~ ZHPCleaner v2021.12.12.343 by Nicolas Coolman (2021/12/12)
~ Run by b-rch (Administrator) (14/12/2021 11:41:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\b-rch\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\b-rch\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 19042)
---\\ Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Hosts carpeta (1)
~ El archivo hosts es legítimo (21)
---\\ Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Explorador ( Archivos, Carpetas ) (5)
MOVIDO carpeta: C:\Users\b-rch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk [Bad : C:\Users\b-rch\AppData\Local\Discord\app-0.0.309\Discord.exe](.Discord Inc..) =>.SUP.Discord
MOVIDO carpeta: C:\Users\b-rch\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore] =>SUP.Optional.SweetLabs
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib] =>SUP.Optional.SweetLabs
MOVIDO archivo: C:\Users\b-rch\AppData\Local\MSfree Inc =>HackTool.WinActivator
---\\ Registro ( Claves, Valores, Datos) (8)
BORRADOS clave*: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox [AdditionalScan 573] =>.SUP.FirefoxRestriction
BORRADOS clave*: HKEY_USERS\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Discord [] =>.SUP.Discord
BORRADOS clave*: HKEY_USERS\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol] =>.SUP.Discord
BORRADOS clave**: HKCU\Software\Discord [] =>.SUP.Discord
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.] =>.SUP.Discord
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_RASAPI32 [] =>Toolbar.Agent
BORRADOS clave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_RASMANCS [] =>Toolbar.Agent
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
---\\ Resumen de elementos en su estación de trabajo (7)
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/ =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>SUP.Optional.SweetLabs
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.FirefoxRestriction
https://nicolascoolman.eu/2017/09/23/barres-doutils-de-navigateur-toolbars/ =>Toolbar.Agent
https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask
---\\ Limpieza adicional. (33)
~ Clave de registro Tracing borrados (33)
~ Quitar los antiguos informes de ZHPCleaner. (0)
---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Internet Explorer OK
~ Opera Stable OK
---\\ STATISTIQUES
~ Items escaneado : 1147
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17
---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas
~ End of clean in 00h00mn29s
---\\ Reporte (2)
ZHPCleaner-[S]-14122021-11_36_15.txt
ZHPCleaner-[R]-14122021-11_42_15.txt
Luego de hacer el análisis, he notado una mejoría en mi sistema, ahora se comporta como lo hacia hace algunos años, creo que esta mejor aun que antes
1 me gusta
Primero de todo disculpa que haya tardado en responder @Brayand_Chacaltana. Pues últimamente voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.
OK. 
perfecto. Vamos a mirar que todo este OK y que no quede ningún resto de nada que no deba de quedar.
Desactivas tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).
Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). ¿Cómo saber si mi Windows es de 32 o 64 bits.?
Farbar Recovery Scan Tool
-
Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).
-
Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.
-
En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.
-
Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.
Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.
PRÓXIMA RESPUESTA
Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).
NOTA IMPORTANTE
Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:
- No realices pasos/acciones que NOSOTROS no te hayamos indicado.
- No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
- No instales NADA (programas/software/complementos/extensiones del navegador…).
- No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
- No realices por tu cuenta otros procedimientos.
- Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.
Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:
Salu2.
P.D.: Si tardo en responder que no te extrañe, voy con muy poco tiempo y es normal. Pero seguiremos el caso hasta el final.
Que tla @Marr0n te dejo los reportes solicitados
FRST.txt
Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 11-12-2021
Ejecutado por b-rch (administrador) sobre DESKTOP-C692K8O (LENOVO 20BFA16500) (21-12-2021 15:09:10)
Ejecutado desde C:\Users\b-rch\Desktop
Perfiles cargados: b-rch
Plataforma: Microsoft Windows 10 Home Single Language Versión 20H2 19042.1415 (X64) Idioma: Español (México)
Navegador predeterminado: Opera
Modo de Inicio: Normal
==================== Procesos (Lista blanca) =================
(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <5>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <6>
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\b-rch\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch\AppData\Local\Programs\Opera GX\81.0.4196.61\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch\AppData\Local\Programs\Opera GX\opera.exe <19>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUPE.EXE
(ShareX Team) [Archivo no firmado] C:\Program Files\ShareX\ShareX.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe
==================== Registro (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> )
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [Spotify] => C:\Users\b-rch\AppData\Roaming\Spotify\Spotify.exe [18654336 2021-10-20] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\EPSON L3110 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBUPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\WINDOWS\system32\NxPrinterMonitor13.dll [359936 2021-06-01] (Nitro Software, Inc. -> Nitro Software, Inc.)
Startup: C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-04-01]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [Archivo no firmado]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
==================== Tareas programadas (Lista blanca) ============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
Task: {0B5A0E7F-4C64-49E0-8FCD-88C0BB0DC2BC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2250469887-891261404-2791495626-1001 => C:\Users\b-rch\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-10-30] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0C22436A-2214-4B44-B7C7-6712D512DD47} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f52c04f-4063-46ed-8191-03eb1dddc90d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {10A8A50E-E861-4CFA-80DD-DDE66158BDD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {1204267D-C2A4-4C46-9B97-09542D26EC7C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5002680 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {3116161E-A4E1-4547-BD67-7ECB6B44850C} - System32\Tasks\Opera GX scheduled Autoupdate 1617329887 => C:\Users\b-rch\AppData\Local\Programs\Opera GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software)
Task: {4654BBEC-47F8-4776-8C68-62D3B9726589} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {47F3E8A2-D681-4E68-9695-B9B425E3487C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d7c97629-3d28-441d-962f-901346f301e3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {4FC2FCA8-CE8B-41E4-A6B4-2B2EFA4FFA41} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {55A87FC2-3123-4E07-8637-449B9DCED9F9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\890e49d9-c62f-49ba-8bce-3a10df75111b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
Task: {5A654764-E629-437C-82AA-F8CC8DC98D97} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-07-05] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {618689A3-6B5C-4691-BB40-A14D60C6F7FE} - System32\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {69929424-F93D-4500-B917-098689E9B662} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {786DBA86-7BE1-4DE6-97C5-4080286D339A} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {8129F606-F265-41F7-9E70-78DA3B26FFAD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {904EE1F4-848D-4E32-B3EC-F6B979DEE05B} - System32\Tasks\Lenovo Active Protection System => C:\Windows\System32\TpShocks.exe [582616 2017-10-05] (Lenovo -> Lenovo.)
Task: {91964718-9B60-4D6B-AC0F-68570CCC212B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {92FBAB39-E50E-4DA2-A35B-0CD9FCB24336} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1618239358 => C:\Users\b-rch\AppData\Local\Programs\Opera GX\launcher.exe [2201808 2021-11-24] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\b-rch\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {9C739FA9-2A6C-4793-86AB-C611293262FD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {A31023D8-9B26-41C7-88A8-1B61CB39C9F9} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {B4829376-2EF8-4AD0-9041-01E96082D965} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BAE5D1F1-5BDB-4984-83C5-48AA75D7A9C4} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {C2CFCCCA-69D7-4AE5-B462-CB3DE2EBDE8B} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {CCDE35FF-C3E0-4B44-954A-7F2DEEF7A803} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {DAABC766-6585-40AD-B632-A7D1BB61360C} - System32\Tasks\CCleanerSkipUAC - b-rch => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB01C101-4ED1-4065-B11D-58F9673BDE04} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {F2275DF2-CAD1-4C9E-85D7-AE04EC78CD41} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {F88A8A10-972A-47CB-8B7D-0C719DEDCCBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-02] (Google LLC -> Google LLC)
Task: {FD3E18C5-2296-4A8A-8BD1-8782366B711B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE:/EXE:{FAEF8794-4DBD-4311-9FBF-16140C05B3C3} /F:UpdateWORKGROUP\DESKTOP-C692K8O$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Lista blanca) ====================
(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)
Tcpip\Parameters: [DhcpNameServer] 192.168.183.198
Tcpip\..\Interfaces\{37363d65-1651-4834-85bd-b4547191c05e}: [DhcpNameServer] 192.168.183.198
Edge:
=======
Edge Profile: C:\Users\b-rch\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-14]
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2250469887-891261404-2791495626-1001) Opera GXStable - "C:\Users\b-rch\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Servicios (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [485816 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [485816 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8517744 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-07-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-30] (Malwarebytes Inc -> Malwarebytes)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Controladores (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35848 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [222232 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [368240 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [252000 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99424 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2021-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41496 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [185360 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [539128 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107992 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83056 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852880 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [544248 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [214512 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317840 2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Archivo no firmado]
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-30] (Malwarebytes Inc -> Malwarebytes)
S3 NW1900; C:\WINDOWS\System32\drivers\NW1900.sys [130232 2015-07-16] (NextWindow -> SMART Technologies)
S3 NWLowRider; C:\WINDOWS\System32\drivers\NWLowRider.sys [25456 2015-07-16] (SMART Technologies ULC -> )
S3 NWVoltron; C:\WINDOWS\System32\drivers\NWVoltron.sys [27832 2015-07-16] (NextWindow -> )
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [10240 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath
==================== NetSvcs (Lista blanca) ===================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
==================== Un mes (creado) (Lista blanca) =========
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2021-12-21 15:09 - 2021-12-21 15:11 - 000026456 _____ C:\Users\b-rch\Desktop\FRST.txt
2021-12-21 15:04 - 2021-12-21 15:05 - 002311168 _____ (Farbar) C:\Users\b-rch\Desktop\FRST64.exe
2021-12-16 10:58 - 2021-12-16 10:58 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-15 19:44 - 2021-12-15 19:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-15 19:44 - 2021-12-15 19:44 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-15 19:42 - 2021-12-15 19:42 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-15 19:42 - 2021-12-15 19:42 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
2021-12-15 12:08 - 2021-12-15 12:08 - 000050831 _____ C:\Users\b-rch\Downloads\constancia (36).pdf
2021-12-15 10:16 - 2021-12-15 10:17 - 000043883 _____ C:\Users\b-rch\Downloads\liquidacion pago V-1578673.pdf
2021-12-14 11:42 - 2021-12-14 11:42 - 000011238 _____ C:\Users\b-rch\Desktop\ZHPCleaner (R).html
2021-12-14 11:42 - 2021-12-14 11:42 - 000004320 _____ C:\Users\b-rch\Desktop\ZHPCleaner (R).txt
2021-12-14 11:36 - 2021-12-14 11:36 - 000011509 _____ C:\Users\b-rch\Desktop\ZHPCleaner (S).html
2021-12-14 11:36 - 2021-12-14 11:36 - 000004551 _____ C:\Users\b-rch\Desktop\ZHPCleaner (S).txt
2021-12-14 11:18 - 2021-12-14 11:42 - 000000000 ____D C:\Users\b-rch\AppData\Roaming\ZHP
2021-12-14 11:18 - 2021-12-14 11:18 - 000000875 _____ C:\Users\b-rch\Desktop\ZHPCleaner.lnk
2021-12-14 11:18 - 2021-12-14 11:18 - 000000000 ____D C:\Users\b-rch\AppData\Local\ZHP
2021-12-14 11:17 - 2021-12-14 11:17 - 003291800 _____ (Nicolas Coolman) C:\Users\b-rch\Desktop\ZHPCleaner.exe
2021-12-13 16:07 - 2021-12-13 16:07 - 000030063 _____ C:\Users\b-rch\Downloads\Hoja_Envio_205402-2021.pdf
2021-12-13 14:31 - 2021-12-13 14:31 - 000220144 _____ C:\Users\b-rch\Downloads\DE YBARRA MURGUIA 01-45966.pdf
2021-12-13 14:31 - 2021-12-13 14:31 - 000220144 _____ C:\Users\b-rch\Downloads\DE YBARRA MURGUIA 01-45966 (1).pdf
2021-12-13 13:58 - 2021-12-13 13:58 - 000203450 _____ C:\Users\b-rch\Downloads\Exp. 03323-2021-0-0401-JR-LA-04 - Consolidado - 184672-2021.pdf
2021-12-13 12:42 - 2021-12-13 12:42 - 000112898 _____ C:\Users\b-rch\Downloads\res_2014006120124250000072946.pdf
2021-12-13 12:42 - 2021-12-13 12:42 - 000091448 _____ C:\Users\b-rch\Downloads\res_2014006120124252000258413.pdf
2021-12-13 12:37 - 2021-12-13 12:37 - 000092036 _____ C:\Users\b-rch\Downloads\res_2014006120123726000486751.pdf
2021-12-13 12:37 - 2021-12-13 12:37 - 000091378 _____ C:\Users\b-rch\Downloads\res_2014006120123713000545950.pdf
2021-12-13 12:35 - 2021-12-13 12:35 - 000076472 _____ C:\Users\b-rch\Downloads\res_20140061294123518000991977.pdf
2021-12-13 10:45 - 2021-12-13 10:45 - 000050187 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.43.12 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000081810 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.41.59 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000067412 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.42.49 PM.jpeg
2021-12-13 10:44 - 2021-12-13 10:44 - 000064192 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-10 at 9.42.18 PM.jpeg
2021-12-13 10:35 - 2021-12-13 10:35 - 000215193 _____ C:\Users\b-rch\Downloads\88062-2021.pdf
2021-12-10 17:19 - 2021-12-10 17:19 - 003497476 _____ C:\Users\b-rch\Documents\QR vacuna.psd
2021-12-10 12:09 - 2021-12-10 12:09 - 001772006 _____ C:\Users\b-rch\Downloads\RJ 78-2020-ANA.pdf
2021-12-10 10:36 - 2021-12-10 10:36 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-10 10:19 - 2021-12-10 10:19 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-12-10 10:19 - 2021-12-10 10:19 - 000214512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-12-09 13:02 - 2021-12-09 13:02 - 000096801 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-09 at 1.02.02 PM.jpeg
2021-12-09 13:02 - 2021-12-09 13:02 - 000078216 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-12-09 at 1.02.33 PM.jpeg
2021-12-09 12:53 - 2021-12-09 12:53 - 000442570 _____ C:\Users\b-rch\Downloads\X5B722_CONSORCIO VALLE LA CONVENCION R Y L MAQUINARIAS S.A.C..pdf
2021-12-09 12:53 - 2021-12-09 12:53 - 000217478 _____ C:\Users\b-rch\Downloads\X5B-722.pdf
2021-12-07 17:07 - 2021-12-07 17:08 - 000000000 ____D C:\KVRT2020_Data
2021-12-07 15:42 - 2021-12-07 15:49 - 110543872 _____ (AO Kaspersky Lab) C:\Users\b-rch\Desktop\KVRT.exe
2021-12-07 15:28 - 2021-12-07 15:28 - 000452333 _____ C:\Users\b-rch\Downloads\v8i610_TIVE.pdf
2021-12-07 15:05 - 2021-12-07 15:05 - 000000340 _____ C:\Users\b-rch\Documents\reporte.txt
2021-12-07 10:46 - 2021-12-07 10:46 - 000192147 _____ C:\Users\b-rch\Downloads\DC-EECC-NOV-2021.pdf
2021-12-06 16:34 - 2021-12-07 11:24 - 000001378 _____ C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-12-06 16:34 - 2021-12-07 11:23 - 000001272 _____ C:\Users\b-rch\Desktop\ESET Online Scanner.lnk
2021-12-06 16:33 - 2021-12-06 16:33 - 000000000 ____D C:\Users\b-rch\AppData\Local\ESET
2021-12-06 16:27 - 2021-12-06 16:30 - 013311448 _____ (ESET) C:\Users\b-rch\Desktop\esetonlinescanner.exe
2021-12-02 15:22 - 2021-12-02 15:22 - 000129780 _____ C:\Users\b-rch\Downloads\Exp. 00171-2021-0-0401-JR-DC-01 - Consolidado - 41614-2021.pdf
2021-12-02 15:16 - 2021-12-02 15:16 - 000191708 _____ C:\Users\b-rch\Downloads\Exp. 00937-2021-30-2301-JR-PE-06 - Consolidado - 15761-2021.pdf
2021-12-02 15:16 - 2021-12-02 15:16 - 000081378 _____ C:\Users\b-rch\Downloads\Exp. 00937-2021-30-2301-JR-PE-06 - Consolidado - 15099-2021.pdf
2021-12-01 11:19 - 2021-12-01 11:19 - 000004496 _____ C:\Users\b-rch\Documents\cc_20211201_111908.reg
2021-12-01 10:56 - 2021-12-01 10:56 - 008540344 _____ (Malwarebytes) C:\Users\b-rch\Desktop\adwcleaner_8.3.1.exe
2021-11-30 19:02 - 2021-11-30 19:02 - 000002529 _____ C:\Users\b-rch\Desktop\reporte.txt
2021-11-30 16:20 - 2021-11-30 16:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-30 16:20 - 2021-11-30 16:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-30 16:20 - 2021-11-30 16:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-30 16:18 - 2021-11-30 16:16 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-11-30 16:18 - 2021-11-30 16:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-11-30 16:14 - 2021-11-30 16:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-30 16:13 - 2021-11-30 16:13 - 002101944 _____ (Malwarebytes) C:\Users\b-rch\Downloads\MBSetup (1).exe
2021-11-30 16:11 - 2021-11-30 16:11 - 000144890 _____ C:\Users\b-rch\Documents\cc_20211130_161132.reg
2021-11-30 16:06 - 2021-12-16 17:01 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-11-30 16:06 - 2021-12-16 17:01 - 000002252 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - b-rch
2021-11-30 16:06 - 2021-11-30 16:06 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-11-30 16:05 - 2021-12-21 11:51 - 000000000 ____D C:\Program Files\CCleaner
2021-11-30 11:59 - 2021-11-30 11:59 - 000050882 _____ C:\Users\b-rch\Downloads\constancia (35).pdf
2021-11-30 11:59 - 2021-11-30 11:59 - 000050858 _____ C:\Users\b-rch\Downloads\constancia (34).pdf
2021-11-30 11:15 - 2021-11-30 11:17 - 036501456 _____ (Piriform Software Ltd) C:\Users\b-rch\Downloads\ccsetup587.exe
2021-11-29 16:48 - 2021-11-29 16:48 - 000275615 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-11-29 at 4.47.44 PM.jpeg
2021-11-29 16:48 - 2021-11-29 16:48 - 000273122 _____ C:\Users\b-rch\Downloads\WhatsApp Image 2021-11-29 at 4.47.56 PM.jpeg
2021-11-29 15:53 - 2021-11-29 15:53 - 000184279 _____ C:\Users\b-rch\Downloads\documento (3).pdf
2021-11-26 11:12 - 2021-11-26 11:37 - 000007072 _____ C:\TDSSKiller.3.1.0.28_26.11.2021_11.12.37_log.txt
2021-11-25 16:38 - 2021-11-25 16:51 - 000137678 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.38.49_log.txt
2021-11-25 16:35 - 2021-11-25 16:36 - 000007260 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.35.55_log.txt
2021-11-25 16:35 - 2021-11-25 16:35 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-24751.exe
2021-11-25 16:34 - 2021-11-25 16:34 - 000000562 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.34.48_log.txt
2021-11-25 16:30 - 2021-11-25 16:30 - 000007192 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.30.21_log.txt
2021-11-25 16:26 - 2021-11-25 16:27 - 000007260 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.26.07_log.txt
2021-11-25 16:25 - 2021-11-25 16:26 - 000000562 _____ C:\TDSSKiller.3.1.0.28_25.11.2021_16.25.58_log.txt
2021-11-25 16:25 - 2021-11-25 16:25 - 005054744 _____ (AO Kaspersky Lab) C:\Users\b-rch\Desktop\tdsskiller.exe
2021-11-25 16:23 - 2021-11-25 16:23 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-22462.exe
2021-11-25 14:55 - 2021-11-30 16:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-25 14:55 - 2021-11-25 14:55 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\554565E3.sys
2021-11-25 14:54 - 2021-11-25 15:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-11-25 14:54 - 2021-11-25 15:18 - 000000000 ____D C:\Users\b-rch\Desktop\mbar
2021-11-25 14:52 - 2021-11-25 14:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\b-rch\Desktop\mbar-1.10.3.1001.exe
2021-11-25 14:48 - 2021-11-25 16:35 - 000001434 _____ C:\Users\b-rch\Desktop\Rkill.txt
2021-11-25 14:48 - 2021-11-25 14:48 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\b-rch\Downloads\iExplore64-3701.exe
2021-11-25 11:20 - 2021-11-25 11:20 - 000083608 _____ C:\Users\b-rch\Downloads\res_2013043060112010000497703.pdf
2021-11-24 17:18 - 2021-11-24 17:18 - 000494032 _____ C:\Users\b-rch\Downloads\Directiva 01-2008-SNCP-CNC - Tolerancias Catastrales y Registrales (2).pdf
2021-11-24 16:06 - 2021-11-24 16:06 - 000215870 _____ C:\Users\b-rch\Downloads\83519-2021.pdf
2021-11-23 11:15 - 2021-11-23 11:15 - 000021184 _____ C:\Users\b-rch\Downloads\ticket-949748-24.pdf
2021-11-22 17:41 - 2021-11-22 17:42 - 000094446 _____ C:\Users\b-rch\Downloads\e4aa1ebb-9c0f-4dcf-869a-62c89f387876.pdf
2021-11-22 12:27 - 2021-11-22 12:27 - 000035656 _____ C:\Users\b-rch\Downloads\pdf-95-disolucion-y-liquidacion_compress.pdf
==================== Un mes (modificado) ==================
(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)
2021-12-21 15:10 - 2021-07-01 11:21 - 000000000 ____D C:\FRST
2021-12-21 15:06 - 2021-04-02 03:08 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-21 15:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-21 12:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-21 12:54 - 2021-04-28 12:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-21 11:28 - 2021-04-01 22:27 - 000000000 ____D C:\WINDOWS\TempInst
2021-12-21 11:24 - 2021-04-06 16:59 - 000006931 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-12-21 11:19 - 2021-07-05 10:44 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-12-20 15:11 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-20 14:46 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-20 13:23 - 2021-04-01 18:07 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-17 10:27 - 2021-09-25 12:52 - 000000000 ___RD C:\Users\b-rch\Mi unidad ([email protected])
2021-12-17 10:04 - 2021-04-01 19:56 - 000000000 __SHD C:\Users\b-rch\IntelGraphicsProfiles
2021-12-17 10:04 - 2021-04-01 17:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-12-16 17:01 - 2021-06-30 12:53 - 000003314 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73c591b73e056
2021-12-16 17:01 - 2021-04-28 13:28 - 000003784 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1618239358
2021-12-16 17:01 - 2021-04-28 13:28 - 000003532 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1617329887
2021-12-16 17:01 - 2021-04-28 13:28 - 000003508 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-16 17:01 - 2021-04-28 13:28 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}
2021-12-16 17:01 - 2021-04-28 13:28 - 000003486 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-16 17:01 - 2021-04-28 13:28 - 000003284 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-16 17:01 - 2021-04-28 13:28 - 000003262 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-16 17:01 - 2021-04-28 13:28 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2021-12-16 17:01 - 2021-04-28 13:28 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-12-16 17:01 - 2021-04-28 13:28 - 000002274 _____ C:\WINDOWS\system32\Tasks\DolbySelectorTask
2021-12-16 17:01 - 2021-04-28 13:28 - 000001878 _____ C:\WINDOWS\system32\Tasks\Lenovo Active Protection System
2021-12-16 17:01 - 2021-04-28 13:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-12-16 17:01 - 2021-04-12 11:33 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3110 Series Update {FAEF8794-4DBD-4311-9FBF-16140C05B3C3}.job
2021-12-16 11:10 - 2021-04-28 13:11 - 001683676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-16 11:10 - 2019-12-07 10:03 - 000751292 _____ C:\WINDOWS\system32\perfh00A.dat
2021-12-16 11:10 - 2019-12-07 10:03 - 000147478 _____ C:\WINDOWS\system32\perfc00A.dat
2021-12-16 11:10 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-16 11:04 - 2021-07-05 10:41 - 000000000 ____D C:\ProgramData\AVG
2021-12-16 11:03 - 2021-04-28 13:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-16 11:03 - 2021-04-28 12:54 - 000453080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-16 11:03 - 2021-04-01 17:56 - 000000000 ____D C:\ProgramData\Synaptics
2021-12-16 11:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-16 11:02 - 2021-04-28 12:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-16 11:02 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-16 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-15 18:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-15 15:15 - 2021-04-03 01:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-15 15:04 - 2021-04-03 01:36 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 11:02 - 2021-07-05 12:59 - 000000000 ____D C:\Users\b-rch\AppData\LocalLow\IGDump
2021-12-15 09:59 - 2021-08-25 09:11 - 000000000 ____D C:\Users\b-rch\AppData\Local\CrashDumps
2021-12-13 10:25 - 2021-04-26 12:10 - 000000000 ____D C:\Users\b-rch\Desktop\Escaneos
2021-12-10 17:52 - 2021-04-28 13:01 - 000000000 ____D C:\Users\b-rch
2021-12-10 17:20 - 2021-04-01 21:47 - 000000000 ____D C:\Users\b-rch\Documents\ShareX
2021-12-10 17:02 - 2021-04-02 11:39 - 000000000 ____D C:\Users\b-rch\AppData\Local\Adobe
2021-12-10 10:19 - 2021-07-05 10:44 - 000852880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000544248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000539128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000368240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000317840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000252000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000222232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000185360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000107992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000099424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000083056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000041496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-12-10 10:19 - 2021-07-05 10:44 - 000035848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-12-10 10:19 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-06 17:06 - 2021-06-01 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2021-12-06 17:05 - 2021-06-01 16:36 - 000000000 ____D C:\Program Files (x86)\AIMP
2021-11-30 16:10 - 2021-06-17 17:17 - 000000000 ____D C:\Users\b-rch\AppData\Roaming\FileZilla
2021-11-30 16:10 - 2021-04-29 10:17 - 000000000 ____D C:\WINDOWS\Minidump
2021-11-30 16:10 - 2021-04-27 10:14 - 000000000 ___DC C:\WINDOWS\Panther
2021-11-29 12:41 - 2021-04-01 21:18 - 000001434 _____ C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera GX.lnk
2021-11-26 11:20 - 2021-04-01 19:57 - 000000000 ____D C:\ProgramData\Packages
2021-11-25 16:37 - 2021-11-17 17:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
==================== Archivos en la raíz de algunos directorios ========
2021-04-02 21:20 - 2021-07-05 12:56 - 000007613 _____ () C:\Users\b-rch\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(No existe una corrección automática para los archivos que no pasan la verificación.)
==================== Final de FRST.txt ========================
1 me gusta
Adittion.txt
Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 11-12-2021
Ejecutado por b-rch (21-12-2021 15:13:07)
Ejecutado desde C:\Users\b-rch\Desktop
Microsoft Windows 10 Home Single Language Versión 20H2 19042.1415 (X64) (2021-04-28 18:29:07)
Modo de Inicio: Normal
==========================================================
==================== Cuentas: =============================
(Si una entrada es incluida en el fixlist, será eliminada.)
Administrador (S-1-5-21-2250469887-891261404-2791495626-500 - Administrator - Disabled)
b-rch (S-1-5-21-2250469887-891261404-2791495626-1001 - Administrator - Enabled) => C:\Users\b-rch
DefaultAccount (S-1-5-21-2250469887-891261404-2791495626-503 - Limited - Disabled)
Invitado (S-1-5-21-2250469887-891261404-2791495626-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2250469887-891261404-2791495626-504 - Limited - Disabled)
==================== Centro de Seguridad ========================
(Si una entrada es incluida en el fixlist, será eliminada.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
==================== Programas instalados ======================
(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.10.3213 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
cdrtfe 1.5.8 (HKLM-x32\...\cdrtools Frontend_is1) (Version: - Oliver Valencia)
Comprobación de estado de PC Windows (HKLM\...\{75741B4B-FC87-494A-A380-0EBA06DB89F9}) (Version: 3.2.2110.14001 - Microsoft Corporation)
CrystalDiskInfo 8.12.2 Shizuku Edition (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.2 - Crystal Dew World)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON L3110 Series Printer Uninstall (HKLM\...\EPSON L3110 Series) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
File Converter (64 bit) (HKLM\...\{43774DE9-8122-46C4-BD03-F59CA4410E82}) (Version: 1.2.3 - Adrien Allard)
FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.8 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0131 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.10.26.0 - Lenovo Group Ltd.)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Nitro Pro (HKLM\...\{CDDE4E45-DFDD-4F97-BE66-64B5E77C999D}) (Version: 13.42.3.855 - Nitro)
Opera GX Stable 81.0.4196.61 (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Opera GX 81.0.4196.61) (Version: 81.0.4196.61 - Opera Software)
PDF24 Creator (HKLM\...\{0DF7C4E4-3941-42FD-8707-6EBD5B8032A8}) (Version: 10.0.12 - geek software GmbH)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.6.1 - ShareX Team)
Software Intel® PROSet/Wireless (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\Spotify) (Version: 1.1.70.610.g4585142b - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wondershare Recoverit(Build 8.0.4.12) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 8.0.4.12 - Wondershare Software Co.,Ltd.)
yEd Graph Editor 3.21.1 (HKLM\...\3309-7404-0599-8908) (Version: 3.21.1 - yWorks GmbH)
Packages:
=========
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-17] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-15] (Microsoft Studios) [MS Ad]
==================== Personalizado CLSID (Lista blanca): ==============
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
CustomCLSID: HKU\S-1-5-21-2250469887-891261404-2791495626-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Users\b-rch\AppData\Local\SumatraPDF\PdfPreview.dll () [Archivo no firmado]
CustomCLSID: HKU\S-1-5-21-2250469887-891261404-2791495626-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Users\b-rch\AppData\Local\SumatraPDF\PdfFilter.dll () [Archivo no firmado]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-01] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FileConverterExtension] -> {af9b72b5-f4e4-44b0-a3d9-b55b748efe90} => C:\Program Files\File Converter\FileConverterExtension.DLL [2017-04-28] () [Archivo no firmado] [El archivo está en uso]
ContextMenuHandlers1: [Nitro.Pro.ShellExtension.Shim] -> {211B6F25-950C-49CD-AB86-A448EF85686A} => C:\Program Files\Common Files\Nitro\Nitro.Pro.ShellExtension.Shim.dll [2021-06-01] (Nitro Software, Inc. -> Nitro Software, Inc.)
ContextMenuHandlers1-x32: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE2}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE2} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers1: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE3}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE3} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx64.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-01] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-25] (Adobe Inc. -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-12-10] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE2}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE2} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
ContextMenuHandlers6: [{23ADD0C0-5A56-11D7-B55C-00E07D907FE3}] -> {23ADD0C0-5A56-11D7-B55C-00E07D907FE3} => C:\Program Files (x86)\cdrtfe\cdrtfeShlEx64.dll [2016-02-25] (Open Source Developer, Oliver VALENCIA -> )
==================== Codecs (Lista blanca) ====================
==================== Accesos directos & WMI ========================
(Las entradas pueden ser listadas para ser restauradas o eliminadas.)
Shortcut: C:\Users\b-rch\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
==================== Módulos cargados (Lista blanca) =============
2021-04-01 21:46 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [Archivo no firmado] C:\Program Files\7-Zip\7-zip.dll
2020-05-30 16:04 - 2020-05-30 16:04 - 001638912 _____ (Robert Simpson, et al.) [Archivo no firmado] C:\ProgramData\Lenovo\Vantage\Addins\GenericTelemetryAddin\1.0.0.34\x64\SQLite.Interop.dll
==================== Alternate Data Streams (Lista blanca) ========
==================== Modo Seguro (Lista blanca) ==================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Asociación (Lista blanca) =================
==================== Internet Explorer (Lista blanca) ==========
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts contenido: =========================
(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)
2021-04-01 15:36 - 2021-04-01 15:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Otras Áreas ===========================
(Actualmente no existe una corrección automática para esta sección.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\b-rch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall de Windows está habilitado.
==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==
(Si una entrada es incluida en el fixlist, será eliminada.)
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Reglas de firewall (Lista blanca) ================
(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)
FirewallRules: [UDP Query User{A5DB219A-8F30-4C1E-98C3-3476399BEEEC}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{3813B550-A441-46AD-B96C-DFED9D2614FA}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B97DFC3A-3F54-4948-AFF0-C9B7FB28656F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{1CC887F9-58FD-46CB-B6C0-E6E086F3A55F}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FC1646B3-5F78-48C3-80C6-ADC9CDD2B5F8}C:\users\b-rch\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F45D078-2CD5-483B-A26F-42B41D5CDA8B}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{9DA2677F-CD88-4A17-A099-3B160FDC875C}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{D9003989-3272-4117-BE9E-A8864721BF54}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{1176E688-74A1-4E27-99F7-B551D2455BA9}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{3B97435E-4503-4473-8916-CF3758E1D514}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{8F0E7CEE-3828-43A0-9DF9-7EE410C0F866}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{9A979637-FCAA-4E50-9AA3-1F9B393FB4D6}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{3538CDCF-7767-4445-A5AF-D63BE5A835C7}C:\users\b-rch\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\b-rch\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{19A3751E-4715-4D21-8136-272861EBE5EE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{644AFBB7-C522-4770-8AA5-237EC72E2F06}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [TCP Query User{6749E76F-E48B-43C7-8665-B53FB1141BE6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{23167D2E-D0DB-4252-8C55-C016DAFEB219}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7B4A9DE2-BEF4-447E-8F49-3E64AC356A24}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{3BCE562D-21CE-412C-9062-2C0072DA6303}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{D6CDB8FF-DD92-40EB-BFBF-8E91F9D33159}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2BADAC4E-C637-4B51-8F6B-CF0E660FDC4E}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{83AA3F8B-C4E4-4569-AD89-B53D9FD0524B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C58219BC-2F1A-4586-B4AF-A6FF45E4F38B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72D21D17-A879-4B3C-8F6F-ECA946421DED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36DD587C-B98D-45D4-9F27-3C03E4A814C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Puntos de Restauración =========================
17-12-2021 12:57:51 Punto de control programado
20-12-2021 15:08:23 Eliminación del paquete de idioma
==================== Dispositivos defectuosos en el Administrador de dispositivos ============
==================== Errores del registro de eventos: ========================
Errores de aplicación:
==================
Error: (12/21/2021 12:14:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (12/21/2021 11:20:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ShellExperienceHost.exe (versión 10.0.19041.1320) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.
Id. de proceso: 1a30
Hora de Inicio: 01d7f36acf184889
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Id. de informe: a8d21cf3-00de-4501-8a95-360c352ae95c
Nombre completo del paquete con errores: Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy
Id. de la aplicación relativa al paquete con errores: App
Tipo de bloqueo: Quiesce
Error: (12/21/2021 11:17:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.
Id. de proceso: 30d8
Hora de Inicio: 01d7f35777514060
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Id. de informe: 2bd76e71-369f-44fe-b026-f89018f9987f
Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Id. de la aplicación relativa al paquete con errores: App
Tipo de bloqueo: Quiesce
Error: (12/21/2021 11:17:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.
Id. de proceso: 2974
Hora de Inicio: 01d7f68624b2dee9
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Id. de informe:
Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Id. de la aplicación relativa al paquete con errores: App
Tipo de bloqueo: Activation
Error: (12/17/2021 12:57:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (D:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)
Error: (12/17/2021 12:57:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: El optimizador de almacenamiento no pudo completar volver a optimizar en (C:) debido a: El hardware del volumen no admite la operación solicitada. (0x8900002A)
Error: (12/17/2021 12:05:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.
Operación:
Ejecutando operación asincrónica
Contexto:
Estado actual: DoSnapshotSet
Error: (12/16/2021 05:01:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa StartMenuExperienceHost.exe (versión 0.0.0.0) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.
Id. de proceso: 1e34
Hora de Inicio: 01d7f29711c1636f
Hora de finalización: 4294967295
Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Id. de informe: 02d61b21-3021-4d7a-8b0b-d0bc9adc21ca
Nombre completo del paquete con errores: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Id. de la aplicación relativa al paquete con errores: App
Tipo de bloqueo: Quiesce
Errores del sistema:
=============
Error: (12/21/2021 12:58:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/21/2021 12:28:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/21/2021 12:25:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/21/2021 11:24:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio LenovoVantageService ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
Error: (12/21/2021 11:24:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio LenovoVantageService se terminó de manera inesperada. Esto ha sucedido 2 veces.
Error: (12/21/2021 11:15:47 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C692K8O)
Description: El servidor microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido.
Error: (12/20/2021 03:15:24 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (12/20/2021 12:12:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
CodeIntegrity:
===============
Date: 2021-12-21 12:14:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-12-21 11:15:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-12-16 14:45:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-12-16 12:04:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Información de la memoria ===========================
BIOS: LENOVO GMET90WW (2.38 ) 04/13/2020
Placa base: LENOVO 20BFA16500
Procesador: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz
Porcentaje de memoria en uso: 82%
RAM física total: 3973.7 MB
RAM física disponible: 685.78 MB
Virtual total: 6661.7 MB
Virtual disponible: 2311.97 MB
==================== Unidades ================================
Drive c: () (Fixed) (Total:113.08 GB) (Free:44.47 GB) NTFS
Drive d: () (Fixed) (Total:351.56 GB) (Free:350.7 GB) NTFS
Drive g: ([email protected] - ...) (Fixed) (Total:15 GB) (Free:7.2 GB) FAT32
Drive h: ([email protected] - ...) (Fixed) (Total:15 GB) (Free:10.24 GB) FAT32
\\?\Volume{43b6f830-8aaa-4a88-a139-2ff2e2bbc978}\ (Recuperación) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{e78112c0-7acc-491d-80fe-63fe023bbf8b}\ () (Fixed) (Total:0.56 GB) (Free:0.03 GB) NTFS
\\?\Volume{41109329-dfaa-43ab-be58-97ebccf14ffa}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Tabla de particiones ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 958FF0C5)
Partition: GPT.
==================== Final de Addition.txt =======================
1 me gusta
Hola, buenas @Brayand_Chacaltana disculpa que haya tardado en responder. Pues estoy teniendo unos días muy ajetreados, con bastante poco tiempo.
PREGUNTAS
¿Qué antivirus utilizas actualmente en tu ordenador? Pues he detectado que tienes instalados o hay rastro de los siguientes: Avast, AVG y Windows Defender. Pero por lo que veo actualmente parece ser que utilizas él: AVG. ¿Correcto? El Avast y Windows Defender no los vas a usar nunca más. ¿Correcto?
DESINSTALACIÓN PROGRAMAS
Para los programas en que te diga: puedes quitarlos. Hazlo así:
Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.
Quitas todos los programas que encuentre Revo con los nombres de: Wondershare
Pues serían los siguientes:
Wondershare Recoverit(Build 8.0.4.12) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 8.0.4.12 - Wondershare Software Co.,Ltd.)
O bien:
Wondershare (Todos los que sean **Wondershare** + **Lo que sea de Nombre**).Estos deben de quedar completamente desinstalados.
Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:
-
Reinicias el ordenador en Modo Normal.
-
Descargas DelFix en tu escritorio.
-
Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)
-
Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.
-
Presionas en Run.
Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.
Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe
- Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
U1 avgbdisk; no ImagePath
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
ENDLo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.
Finalmente (OJO, en MODO NORMAL):
-
Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).
-
Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.
-
Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.
-
Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.
Muy Importante Coloca el reporte que te he pedido como se muestra en la siguiente imagen:
Salu2.
Como estás @Marr0n espero que hayas pasado unas bonitas fiestas
Realmente, estoy pensando en desinstalar AVG y cambiarlo por Karpesrky Cloud Free, lo que me sucede con AVG es que ralentiza el inicio de mi PC con todos los servicios que inicia, en cambio he leido que Karspersky Cloud Free anda mucho mejor (y no me pide cada 3 dias que instale el AVG Browser hahah).
Aun no lo he hecho porque estamos en medio de un análisis y reparación, por lo que no quería cambiar de antivirus en medio proceso.
He desinstalado todos los programas que me has pedido.
Aquí tienes el registro solicitado
Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 27-12-2021
Ejecutado por b-rch (28-12-2021 15:19:17) Run:2
Ejecutado desde C:\Users\b-rch\Desktop
Perfiles cargados: b-rch
Modo de Inicio: Normal
==============================================
fixlist contenido:
*****************
START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\...\MountPoints2: {477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} - "F:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {58EDB5DF-5E93-4033-9BD8-06B6ECB68D05} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (Ningún archivo)
U1 avgbdisk; no ImagePath
2021-12-15 15:19 - 2021-12-15 15:19 - 000000000 ___HD C:\$WinREAgent
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => ""="Driver"
File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************
SystemRestore: On => completado
El punto de restauración fue creado correctamente.
Procesos cerrados correctamente.
HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{477cbcfe-e1ec-11eb-8cf9-54ee751a2b76} => eliminado correctamente
HKLM\SOFTWARE\Policies\Mozilla => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58EDB5DF-5E93-4033-9BD8-06B6ECB68D05}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58EDB5DF-5E93-4033-9BD8-06B6ECB68D05}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\DolbySelectorTask => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DolbySelectorTask" => eliminado correctamente
HKLM\System\CurrentControlSet\Services\avgbdisk => no pudo ser eliminado, clave podría estar protegida
C:\$WinREAgent => movido correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\47914962.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\82697353.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\47914962.sys => eliminado correctamente
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\82697353.sys => eliminado correctamente
========================= File: C:\WINDOWS\system32\DrtmAuthTxt.wim;C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat;C:\Program Files\Google\Drive File Stream\launch.bat ========================
C:\WINDOWS\system32\DrtmAuthTxt.wim
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-IsolatedUserMode-Package~31bf3856ad364e35~amd64~~10.0.19041.1415.cat
El archivo está firmado digitalmente
MD5: E8EBBAF8F40AC2C871A2E11E87A47679
Fecha de creación y modificación: 2021-12-15 19:44 - 2021-12-15 19:44
Tamaño: 000011979
Atributos: ----A
Nombre de la compañía: Microsoft Windows ->
Interno Nombre:
Original Nombre:
Producto:
Descripción:
Archivo Versión:
Producto Versión:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/7c5eb6feb55f8f0f6e198e670e400315dcd12e3f84605909d49811292406da8f/detection/f-7c5eb6feb55f8f0f6e198e670e400315dcd12e3f84605909d49811292406da8f-1639780481
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Archivo no firmado
MD5: 5C5A797761421CF9B72087F3BC8A5259
Fecha de creación y modificación: 2021-04-01 17:56 - 2021-12-28 11:13
Tamaño: 000000180
Atributos: ----A
Nombre de la compañía: Microsoft Windows ->
Interno Nombre:
Original Nombre:
Producto:
Descripción:
Archivo Versión:
Producto Versión:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e/detection/f-3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e-1640179356
C:\Program Files\Google\Drive File Stream\launch.bat
Archivo no firmado
MD5: BAE0B80B54C4791BEDBFB44B5C064F17
Fecha de creación y modificación: 2021-09-23 15:22 - 1980-01-01 00:00
Tamaño: 000001544
Atributos: ----A
Nombre de la compañía: Microsoft Windows ->
Interno Nombre:
Original Nombre:
Producto:
Descripción:
Archivo Versión:
Producto Versión:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/57b8ad14ae6a2e4c830c13fe799353242a7a288d516c734c894988d707963c3c/detection/f-57b8ad14ae6a2e4c830c13fe799353242a7a288d516c734c894988d707963c3c-1639253560
====== Final de File: ======
VirusTotal: C:\WINDOWS\system32\DrtmAuthTxt.wim => (3) Error
VirusTotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => (3) Error
VirusTotal: C:\Program Files\Google\Drive File Stream\launch.bat => (3) Error
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= Final de CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de rea local* 2 mientras los medios
est‚n desconectados.
Adaptador de Ethernet Ethernet:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de rea local* 1:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Conexi¢n de rea local* 2:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de LAN inal mbrica Wi-Fi:
Sufijo DNS espec¡fico para la conexi¢n. . :
V¡nculo: direcci¢n IPv6 local. . . : fe80::e9c1:cbeb:af8a:78d5%7
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.183.64
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 192.168.183.198
========= Final de CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
{FCAE872C-9A27-4765-B86E-BAD74DB024E5} canceled.
Unable to cancel {BE323520-4592-4639-BA81-9FD5446E65A5}.
1 out of 2 jobs canceled.
========= Final de CMD: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= Final de CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= Final de CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= Final de CMD: =========
========= netsh int ipv4 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= Final de CMD: =========
========= netsh int ipv6 reset =========
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= Final de CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-2250469887-891261404-2791495626-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
========= Final de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152550032 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6224094 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18584 B
NetworkService => 18584 B
b-rch => 54692897 B
RecycleBin => 11022970 B
EmptyTemp: => 214.1 MB datos temporales eliminados.
================================
Resultado de los archivos programados para mover (Modo de Inicio: Normal) (Fecha y Hora: 28-12-2021 15:26:35)
Resultado de las claves programadas para eliminar después de reiniciar:
HKLM\System\CurrentControlSet\Services\avgbdisk => no pudo ser eliminado, clave podría estar protegida
==== Final Fixlog 15:26:35 ====La PC sigue andando muy bien, siempre el inicio es lento (quiero comprarle una SSD para mejorar eso), pero sigue sin pegarse como lo hacía hace unas semanas
Quedo atento a la siguiente respuesta
1 me gusta
Hola buenas @Brayand_Chacaltana.
Muchas gracias e igualmente @Brayand_Chacaltana.
Todo eso que dices es verdad y quería enfocarlo un poco más adelante, pero te me has avanzado. Jejeje…
Ok. muy bien visto.
Perfecto.
Perfecto. Si con un SSD mejoraría mucho. Notarás el cambio de un HDD a un SSD. Seguro que irá mucho más rápido.
, vamos a seguir.
Salu2.
Hola, buenas @Brayand_Chacaltana.
DESINSTALACIÓN PROGRAMAS
Para los programas en que te diga: puedes quitarlos. Hazlo así:
Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.
Quitas todos los programas que encuentre Revo con los nombres de: AVG
Pues serían los siguientes:
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.10.3213 - AVG Technologies)
O bien:
AVG (Todos los que sean **AVG** + **Lo que sea de Nombre**).Estos deben de quedar completamente desinstalados.
Seguidamente, volveremos a ejecutar FRST, para ello:
Salu2.
1 me gusta
Cómo estas @Marr0n espero que muy bien
Primero que nada, te quiero dar las gracias por todo la ayuda brindada hasta el momento. Todas las semanas que me estuviste apoyando, me han permitido trabajar en esta PC viejita. De verdad muchas gracias!
Ahora, ya no requiero continuar con la ayuda, dado que el día de hoy finalmente pude juntar el dinero que necesitaba y me estoy comprando una SSD para esta computadora, lo que va a implicar que la tenga que formatear por completo.
Nuevamente muchísimas gracias por toda la ayuda! Solo queria saber tu opinión respecto al altivirus que debería instalarle a la PC luego de formateada. ¿Te parece una buena opción Karsperky Cloud Free? ¿Tu cual me recomiendas?
Un abrazo enorme amigo.
1 me gusta
Primero de todo disculpa que haya tardado en responder @Brayand_Chacaltana. Pues últimamente voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.
De nada. Muchas gracias a ti por tus buenas palabras, por confiar en este foro y también en mi persona.
Bueno no tiene porque. Pues te comento… puedes tener tu antiguo disco duro mecánico HDD, conectas en esa misma PC el SSD y clonas el contenido del HDD al SSD. Si quieres puedo darte indicaciones de como hacerlo. No hace falta FORMATEAR PARA NADA. ¿Quién o de donde has sacado eso?
De nada.
Primero me comentas acerca de lo que te digo de clonar el disco y si aún lo conservas o si bien ya has realizado una instalación limpia de todo el sistema. En función de lo que me digas. Encaramos/enfocamos el problema de una u otra forma.
Muchas gracias e igualmente @Brayand_Chacaltana.
Salu2.
1 me gusta